Jump to content

PC Tech Hotline


Recommended Posts

Windows XP


 


Machine has IE, Chrome and Firefox installed


 


I have the PC Tech Hotline Green Box in every program I open, is on my Task Bar and Shortcut on my Desktop


 


I followed some of the other threads for this problem and I have done the following:


 


Malware Bytes Scan


ADW Cleaner 


Junk Tool Remover


Rogue Killer


Hitman Pro


Malware Bytes Anti Root


ESET Online Scan


Boot Scan with AVAST


 


The Optimize My PC problem was taken care of by the above programs but the PC Tech Hotline remains.  What log should I post first? Hopefully I can figure out how to get the logs.


 

Link to post
Share on other sites

Welcome to the forum.

Please run a Quick Scan with Malwarebytes

For Malwarebytes ver: 1.75

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

For Malwarebytes 2.0, please run a Threat Scan

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log

Then......

Download DDS from one of the links below and save it to your desktop:

http://download.bleepingcomputer.com/sUBs/dds.scr

http://download.bleepingcomputer.com/sUBs/dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 or Win 8 right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

When done, DDS will open two (2) logs: DDS.txt and Attach.txt

Save both reports to your desktop

Please Copy & Paste the contents of the following logs in your next reply

You can ignore the note about zipping the Attach.txt file

(please don't put logs in code or quotes and use the default font)

Don't forget to RogueKiller below

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.04.30.02

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 7.0.5730.13

Home User :: HOME-95B40C9070 [administrator]

 

4/29/2014 10:54:17 PM

mbam-log-2014-04-29 (22-54-17).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 228514

Time elapsed: 8 minute(s), 15 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)
Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 11/14/2008 2:52:53 PM

System Uptime: 4/28/2014 4:08:05 PM (31 hours ago)

.

Motherboard: ASUSTeK Computer INC. |  | P5B

Processor: Intel® Pentium® Dual  CPU  E2140  @ 1.60GHz | Socket 775 | 1604/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 233 GiB total, 131.036 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: SM Bus Controller

Device ID: PCI\VEN_8086&DEV_283E&SUBSYS_81EC1043&REV_02\3&11583659&0&FB

Manufacturer: 

Name: SM Bus Controller

PNP Device ID: PCI\VEN_8086&DEV_283E&SUBSYS_81EC1043&REV_02\3&11583659&0&FB

Service: 

.

==== System Restore Points ===================

.

RP1808: 1/30/2014 3:25:24 PM - System Checkpoint

RP1809: 1/31/2014 4:25:24 PM - System Checkpoint

RP1810: 2/1/2014 4:37:25 PM - System Checkpoint

RP1811: 2/2/2014 8:00:24 AM - avast! antivirus system restore point

RP1812: 2/3/2014 8:37:29 AM - System Checkpoint

RP1813: 2/4/2014 9:37:28 AM - System Checkpoint

RP1814: 2/5/2014 10:37:29 AM - System Checkpoint

RP1815: 2/6/2014 11:36:28 AM - System Checkpoint

RP1816: 2/7/2014 12:24:27 PM - System Checkpoint

RP1817: 2/8/2014 12:27:06 PM - System Checkpoint

RP1818: 2/9/2014 1:36:29 PM - System Checkpoint

RP1819: 2/10/2014 7:37:41 PM - System Checkpoint

RP1820: 2/11/2014 5:57:01 PM - Software Distribution Service 3.0

RP1821: 2/11/2014 6:48:07 PM - Installed Java 7 Update 51

RP1822: 2/12/2014 7:48:47 PM - System Checkpoint

RP1823: 2/13/2014 8:37:13 PM - System Checkpoint

RP1824: 2/14/2014 8:58:21 PM - System Checkpoint

RP1825: 2/15/2014 9:51:56 PM - System Checkpoint

RP1826: 2/16/2014 11:21:07 PM - System Checkpoint

RP1827: 2/17/2014 11:48:47 PM - System Checkpoint

RP1828: 2/19/2014 12:48:48 AM - System Checkpoint

RP1829: 2/20/2014 1:48:48 AM - System Checkpoint

RP1830: 2/21/2014 2:36:46 AM - System Checkpoint

RP1831: 2/22/2014 2:45:08 AM - System Checkpoint

RP1832: 2/23/2014 2:47:48 AM - System Checkpoint

RP1833: 2/24/2014 3:47:48 AM - System Checkpoint

RP1834: 2/25/2014 3:50:36 AM - System Checkpoint

RP1835: 2/26/2014 4:50:37 AM - System Checkpoint

RP1836: 2/27/2014 5:50:37 AM - System Checkpoint

RP1837: 2/28/2014 6:50:37 AM - System Checkpoint

RP1838: 3/1/2014 7:50:37 AM - System Checkpoint

RP1839: 3/2/2014 7:56:49 AM - System Checkpoint

RP1840: 3/3/2014 8:38:35 AM - System Checkpoint

RP1841: 3/4/2014 9:38:37 AM - System Checkpoint

RP1842: 3/5/2014 10:49:37 AM - System Checkpoint

RP1843: 3/6/2014 11:37:35 AM - System Checkpoint

RP1844: 3/7/2014 11:49:37 AM - System Checkpoint

RP1845: 3/8/2014 12:17:13 PM - System Checkpoint

RP1846: 3/9/2014 1:49:38 PM - System Checkpoint

RP1847: 3/10/2014 2:49:38 PM - System Checkpoint

RP1848: 3/11/2014 3:37:36 PM - System Checkpoint

RP1849: 3/12/2014 4:49:38 PM - System Checkpoint

RP1850: 3/13/2014 5:37:36 PM - System Checkpoint

RP1851: 3/13/2014 10:57:29 PM - Software Distribution Service 3.0

RP1852: 3/14/2014 11:27:54 PM - System Checkpoint

RP1853: 3/16/2014 12:50:50 AM - System Checkpoint

RP1854: 3/17/2014 1:26:56 AM - System Checkpoint

RP1855: 3/18/2014 2:26:56 AM - System Checkpoint

RP1856: 3/18/2014 7:30:13 AM - Software Distribution Service 3.0

RP1857: 3/19/2014 8:26:57 AM - System Checkpoint

RP1858: 3/20/2014 9:26:57 AM - System Checkpoint

RP1859: 3/21/2014 10:26:57 AM - System Checkpoint

RP1860: 3/22/2014 11:26:57 AM - System Checkpoint

RP1861: 3/23/2014 12:25:53 PM - System Checkpoint

RP1862: 3/24/2014 1:25:53 PM - System Checkpoint

RP1863: 3/25/2014 2:25:54 PM - System Checkpoint

RP1864: 3/26/2014 3:13:52 PM - System Checkpoint

RP1865: 3/27/2014 3:25:52 PM - System Checkpoint

RP1866: 3/28/2014 4:25:54 PM - System Checkpoint

RP1867: 3/29/2014 5:14:58 PM - System Checkpoint

RP1868: 3/30/2014 5:27:06 PM - System Checkpoint

RP1869: 3/31/2014 4:15:21 PM - avast! antivirus system restore point

RP1870: 4/1/2014 5:14:20 PM - System Checkpoint

RP1871: 4/2/2014 5:18:16 PM - System Checkpoint

RP1872: 4/3/2014 6:15:26 PM - System Checkpoint

RP1873: 4/4/2014 6:26:23 PM - System Checkpoint

RP1874: 4/5/2014 6:40:08 PM - System Checkpoint

RP1875: 4/6/2014 8:09:50 PM - System Checkpoint

RP1876: 4/7/2014 8:14:21 PM - System Checkpoint

RP1877: 4/8/2014 8:26:22 PM - System Checkpoint

RP1878: 4/9/2014 9:38:19 PM - System Checkpoint

RP1879: 4/10/2014 3:00:31 AM - Software Distribution Service 3.0

RP1880: 4/11/2014 3:39:41 AM - System Checkpoint

RP1881: 4/12/2014 4:27:39 AM - System Checkpoint

RP1882: 4/13/2014 4:39:39 AM - System Checkpoint

RP1883: 4/14/2014 5:39:22 AM - System Checkpoint

RP1884: 4/15/2014 6:39:41 AM - System Checkpoint

RP1885: 4/15/2014 11:12:14 PM - Removed Evernote v. 5.0.3

RP1886: 4/16/2014 11:39:41 PM - System Checkpoint

RP1887: 4/18/2014 12:27:40 AM - System Checkpoint

RP1888: 4/19/2014 12:38:42 AM - System Checkpoint

RP1889: 4/20/2014 1:26:40 AM - System Checkpoint

RP1890: 4/21/2014 1:38:42 AM - System Checkpoint

RP1891: 4/22/2014 2:26:40 AM - System Checkpoint

RP1892: 4/23/2014 2:51:56 AM - System Checkpoint

RP1893: 4/23/2014 8:10:53 AM - avast! antivirus system restore point

RP1894: 4/24/2014 8:15:21 AM - System Checkpoint

RP1895: 4/25/2014 9:10:25 AM - System Checkpoint

RP1896: 4/26/2014 10:10:25 AM - System Checkpoint

RP1897: 4/27/2014 11:10:25 AM - System Checkpoint

RP1898: 4/28/2014 11:22:27 AM - System Checkpoint

RP1899: 4/29/2014 12:24:47 PM - System Checkpoint

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 13 Plugin

Adobe Reader XI (11.0.06)

aioprnt

aioscnnr

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI - Software Uninstall Utility

ATI AVIVO Codecs

ATI Catalyst Control Center

ATI Display Driver

ATI HYDRAVISION

ATI Parental Control & Encoder

ATI Problem Report Wizard

avast! Free Antivirus

Bonjour

C4USelfUpdater

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization Czech

Catalyst Control Center Localization Danish

Catalyst Control Center Localization Dutch

Catalyst Control Center Localization Finnish

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Greek

Catalyst Control Center Localization Hungarian

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Norwegian

Catalyst Control Center Localization Polish

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Russian

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Swedish

Catalyst Control Center Localization Thai

Catalyst Control Center Localization Turkish

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

center

CinemaForge

ClientTools

Defraggler

Dropbox

DVD Flick 1.3.0.7

e-Sword

ESET Online Scanner v3

essentials

Evernote v. 5.3.1

Facebook Plug-In

FlipShare

Google Chrome

Google Update Helper

Google+ Auto Backup

HitmanPro 3.7

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB954550-v5)

hp photosmart printer series (Remove only)

Image Resizer Powertoy for Windows XP

ImgBurn

InstallVC90Support

iTunes

Java 7 Update 51

Java Auto Updater

Java 6 Update 16

Java 6 Update 39

Kodak AIO Printer

KODAK AiO Software

Malwarebytes Anti-Malware version 1.75.0.1300

Media Player Codec Pack 3.9.6

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2833941)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Software Update for Web Folders  (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual Basic PowerPacks 1.2

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 28.0 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser

ocr

PC Tech Hotline

Picasa 3

PreReq

PrintProjects

QuickTime

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2878236) 32-Bit Edition 

Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2878237) 32-Bit Edition 

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB2482017)

Security Update for Windows Internet Explorer 7 (KB2497640)

Security Update for Windows Internet Explorer 7 (KB2530548)

Security Update for Windows Internet Explorer 7 (KB2544521)

Security Update for Windows Internet Explorer 7 (KB2559049)

Security Update for Windows Internet Explorer 7 (KB2586448)

Security Update for Windows Internet Explorer 7 (KB2618444)

Security Update for Windows Internet Explorer 7 (KB2647516)

Security Update for Windows Internet Explorer 7 (KB2675157)

Security Update for Windows Internet Explorer 7 (KB2699988)

Security Update for Windows Internet Explorer 7 (KB2722913)

Security Update for Windows Internet Explorer 7 (KB2744842)

Security Update for Windows Internet Explorer 7 (KB2761465)

Security Update for Windows Internet Explorer 7 (KB2792100)

Security Update for Windows Internet Explorer 7 (KB2797052)

Security Update for Windows Internet Explorer 7 (KB2799329)

Security Update for Windows Internet Explorer 7 (KB2809289)

Security Update for Windows Internet Explorer 7 (KB2817183)

Security Update for Windows Internet Explorer 7 (KB2829530)

Security Update for Windows Internet Explorer 7 (KB2838727)

Security Update for Windows Internet Explorer 7 (KB2846071)

Security Update for Windows Internet Explorer 7 (KB2862772)

Security Update for Windows Internet Explorer 7 (KB2870699)

Security Update for Windows Internet Explorer 7 (KB2879017)

Security Update for Windows Internet Explorer 7 (KB2888505)

Security Update for Windows Internet Explorer 7 (KB2898785)

Security Update for Windows Internet Explorer 7 (KB2909921)

Security Update for Windows Internet Explorer 7 (KB2925418)

Security Update for Windows Internet Explorer 7 (KB2936068)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows XP (KB923789)

Skins

SoundMAX

Spelling Dictionaries Support For Adobe Reader 9

Spotify

TaxACT 2008

TaxACT 2008 North Carolina

TaxACT 2009

TaxACT 2009 North Carolina

TaxACT 2010

TaxACT 2010 North Carolina

TaxACT 2011 - 1040 Edition

TaxACT 2011 North Carolina

TaxACT 2012 - 1040 Edition

TaxACT 2012 North Carolina

TaxACT 2013 - 1040 Edition

TaxACT 2013 North Carolina

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

version 1.0.5.8

WebFldrs XP

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player Firefox Plugin

Windows Search 4.0

Windows XP Service Pack 3

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

4/29/2014 5:07:31 PM, error: Dhcp [1002]  - The IP address lease 192.168.2.2 for the Network Card with network address 0018F3748661 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

4/28/2014 6:17:16 PM, error: System Error [1003]  - Error code 40000080, parameter1 8aaf4918, parameter2 8a42a760, parameter3 805511e8, parameter4 00000001.

4/24/2014 9:23:16 PM, error: Service Control Manager [7024]  - The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error 0 (0x0).

4/24/2014 9:17:08 PM, error: atapi [9]  - The device, \Device\Ide\IdePort1, did not respond within the timeout period.

4/24/2014 5:09:04 AM, error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

4/24/2014 5:09:04 AM, error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

4/24/2014 4:31:32 AM, error: Service Control Manager [7034]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).

4/24/2014 4:31:32 AM, error: Service Control Manager [7034]  - The PCTechHotlineService service terminated unexpectedly.  It has done this 1 time(s).

4/24/2014 4:31:32 AM, error: Service Control Manager [7034]  - The McciCMService service terminated unexpectedly.  It has done this 1 time(s).

4/24/2014 4:31:32 AM, error: Service Control Manager [7034]  - The Kodak AiO Status Monitor Service service terminated unexpectedly.  It has done this 1 time(s).

4/24/2014 4:31:32 AM, error: Service Control Manager [7034]  - The Kodak AiO Network Discovery Service service terminated unexpectedly.  It has done this 1 time(s).

4/24/2014 4:31:32 AM, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).

4/24/2014 4:31:32 AM, error: Service Control Manager [7034]  - The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

4/24/2014 4:31:32 AM, error: Service Control Manager [7034]  - The FlipShare Service service terminated unexpectedly.  It has done this 1 time(s).

4/24/2014 4:31:32 AM, error: Service Control Manager [7034]  - The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).

4/24/2014 4:31:32 AM, error: Service Control Manager [7034]  - The Ati HotKey Poller service terminated unexpectedly.  It has done this 1 time(s).

4/24/2014 4:31:32 AM, error: Service Control Manager [7034]  - The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).

4/24/2014 4:31:32 AM, error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

4/24/2014 4:31:32 AM, error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

4/23/2014 9:23:02 PM, error: Service Control Manager [7000]  - The Update BrowseFox service failed to start due to the following error:  The system cannot find the path specified.

4/23/2014 10:13:24 PM, error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

.

==== End Of File ===========================
Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 7.0.6000.21376  BrowserJavaVersion: 10.51.2

Run by Home User at 23:04:19 on 2014-04-29

Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3007.2025 [GMT -4:00]

.

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ================

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe

C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\PCTechHotline\PCTechHotlineSvc.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\hphmon03.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Home User\Application Data\Dropbox\bin\Dropbox.exe

C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.


BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - c:\program files\evernote\evernote\EvernoteIE.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

uRun: [GoogleChromeAutoLaunch_837EAB815E7C58C51C00FF55757775AE] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

mRun: [HPHmon03] c:\windows\system32\hphmon03.exe

mRun: [Conime] c:\windows\system32\conime.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

mRun: [EKStatusMonitor] c:\program files\kodak\aio\statusmonitor\EKStatusMonitor.exe

mRun: [AvastUI.exe] "c:\program files\alwil software\avast5\AvastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRunOnce: [20131224] c:\program files\alwil software\avast5\setup\emupdate\30eb3285-593c-486a-845d-3d12d2d90f87.exe /check

dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"

StartupFolder: c:\docume~1\homeus~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\home user\application data\dropbox\bin\Dropbox.exe

StartupFolder: c:\docume~1\homeus~1\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Clip Image - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=4

IE: Clip selection - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=3

IE: Clip this page - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=1

IE: Clip URL - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=0

IE: New Note - c:\program files\evernote\evernote\\evernoteieres\NewNote.html

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\\evernoteieres\AddNote.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe







TCP: NameServer = 192.168.2.1

TCP: Interfaces\{3C604B8A-06D7-4BA6-B459-3C967B2D1FE6} : DHCPNameServer = 68.87.64.146 68.87.75.194 68.87.71.226

TCP: Interfaces\{DFD3CFD1-A9FA-4F6F-9127-B151F1F91A84} : DHCPNameServer = 192.168.2.1

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.131\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\home user\application data\mozilla\firefox\profiles\njlz5hts.default-1378665154078\

FF - plugin: c:\documents and settings\home user\application data\facebook\npfbplugin_1_0_1.dll

FF - plugin: c:\documents and settings\home user\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll

FF - plugin: c:\windows\system32\npmirage.dll

FF - plugin: c:\windows\system32\npptools.dll

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-6 49944]

R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-6 180632]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-13 776976]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2008-12-2 411552]

R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-4-23 24184]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [2013-3-6 67824]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-12 50344]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-11-14 38144]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2013-3-15 395640]

R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\kodak\aio\statusmonitor\EKPrinterSDK.exe [2013-1-15 780152]

R2 PCTechHotlineSvc;PCTechHotlineService;c:\program files\pctechhotline\PCTechHotlineSvc.exe [2014-4-22 701800]

S3 cpuz130;cpuz130;\??\c:\docume~1\homeus~1\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\homeus~1\locals~1\temp\cpuz130\cpuz_x32.sys [?]

S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2008-12-26 18864]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\androidusb.sys --> c:\windows\system32\drivers\ANDROIDUSB.sys [?]

S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-10-21 332928]

S3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys --> c:\windows\system32\drivers\vad.sys [?]

S3 ZD1211BU(SMC);802.11g Wireless USB2.0 Adapter Driver(SMC);c:\windows\system32\drivers\ZD1211BU.sys [2006-8-24 477696]

.

=============== File Associations ===============

.

ShellExec: regsvr32.exe: RegDLL=regsvr32 %1

ShellExec: regsvr32.exe: UnRegDLL=regsvr32 /u %1

.

=============== Created Last 30 ================

.

2014-04-25 22:15:48 -------- d-----w- c:\documents and settings\home user\application data\QuickScan

2014-04-25 02:10:47 -------- d-----w- C:\_OTL

2014-04-25 01:45:13 -------- d-----w- C:\FRST

2014-04-25 01:14:08 -------- d-----w- c:\program files\HitmanPro

2014-04-24 02:41:15 -------- d-sha-r- C:\cmdcons

2014-04-24 02:39:36 208896 ----a-w- c:\windows\MBR.exe

2014-04-24 02:39:35 98816 ----a-w- c:\windows\sed.exe

2014-04-24 02:39:35 256000 ----a-w- c:\windows\PEV.exe

2014-04-24 01:44:02 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)

2014-04-24 01:43:28 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-04-24 00:51:35 536576 ----a-w- c:\windows\system32\sqlite3.dll

2014-04-23 12:13:06 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys

2014-04-23 12:12:58 43152 ----a-w- c:\windows\avastSS.scr

2014-04-23 02:12:48 -------- d-----w- c:\documents and settings\home user\application data\PC Tech Hotline

2014-04-23 02:12:42 -------- d-----w- c:\program files\PCTechHotline

2014-04-11 19:53:18 -------- d-----w- c:\documents and settings\home user\application data\SimplifiedIT

2014-04-09 15:25:40 -------- d-----w- c:\documents and settings\home user\application data\DropboxMaster

.

==================== Find3M  ====================

.

2014-04-28 22:46:36 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-04-28 22:46:36 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-04-23 12:13:00 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2014-04-23 12:13:00 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys

2014-04-23 12:13:00 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2014-04-23 12:13:00 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2014-02-26 01:59:05 13312 ------w- c:\windows\system32\xp_eos.exe

2014-02-25 22:53:54 841216 ----a-w- c:\windows\system32\wininet.dll

2014-02-25 22:53:53 78336 ----a-w- c:\windows\system32\ieencode.dll

2014-02-25 22:53:53 1830912 ------w- c:\windows\system32\inetcpl.cpl

2014-02-25 22:53:53 17408 ----a-w- c:\windows\system32\corpol.dll

2014-02-07 02:01:37 1879040 ----a-w- c:\windows\system32\win32k.sys

2014-02-05 08:55:04 562688 ----a-w- c:\windows\system32\qedit.dll

.

============= FINISH: 23:10:05.01 ===============
Link to post
Share on other sites

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software





 

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Home User [Admin rights]

Mode : Scan -- Date : 04/29/2014 23:18:37

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 3 ¤¤¤

[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Browser Addons : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [LOADED] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD2500AAJB-22WGA0 +++++

--- User ---

[MBR] 4085a901f8925baa711a90b86730dfe2

[bSP] 239ccb56643935c172434817028e6ddd : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 MB

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) KODAK      SD/MMC card USB Device +++++

Error reading User MBR! ([0x15] The device is not ready. )

User = LL1 ... OK!

Error reading LL2 MBR! ([0x32] The request is not supported. )

 

Finished : << RKreport[0]_S_04292014_231837.txt >>
Link to post
Share on other sites

Please uninstall PC Tech Hotline from your add/remove programs.

You can download and install Revo Uninstaller Free to aid in the process if needed:

Please download and install Revo Uninstaller Free
http://www.revouninstaller.com/start_freeware_download.html

Double click Revo Uninstaller to run it.
From the list of programs double click on The Program to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
When the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
When prompted click on Yes and then on next.
Put a check on any folders that are found and select delete
When prompted select yes then on next
Once done click Finish.

----------------------------------------------

Then...............

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.
(use correct version for your system.....Which system am I using?)
FRST <----for 32 bit systems
FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg

MrC

Link to post
Share on other sites

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

OTL logfile created on: 4/30/2014 8:55:07 PM - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Home User\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.94 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 64.74% Memory free

4.78 Gb Paging File | 3.80 Gb Available in Paging File | 79.48% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 131.01 Gb Free Space | 56.26% Space Free | Partition Type: NTFS

 

Computer Name: HOME-95B40C9070 | User Name: Home User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/04/30 20:54:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home User\Desktop\OTL.exe

PRC - [2014/04/23 20:33:15 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

PRC - [2014/04/23 08:12:45 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2014/04/23 08:12:44 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2014/04/18 14:50:52 | 033,604,728 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Home User\Application Data\Dropbox\bin\Dropbox.exe

PRC - [2014/04/14 15:11:32 | 001,107,296 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

PRC - [2014/02/13 00:37:54 | 000,701,800 | ---- | M] (Crawler, LLC) -- C:\Program Files\PCTechHotline\PCTechHotlineSvc.exe

PRC - [2013/12/18 22:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe

PRC - [2013/07/02 09:16:32 | 000,507,264 | ---- | M] (Oracle Corporation) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe

PRC - [2013/03/15 15:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe

PRC - [2013/01/15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe

PRC - [2012/10/08 11:05:40 | 002,804,224 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

PRC - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/01/13 02:46:57 | 000,311,296 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon03.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2014/04/30 19:44:29 | 002,252,800 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\14043002\algo.dll

MOD - [2014/04/30 07:28:13 | 000,041,984 | ---- | M] () -- c:\Documents and Settings\Home User\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxfcgxk.dll

MOD - [2014/04/23 20:33:13 | 000,390,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\ppgooglenaclpluginchrome.dll

MOD - [2014/04/23 20:33:12 | 013,692,232 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll

MOD - [2014/04/23 20:33:10 | 004,081,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\pdf.dll

MOD - [2014/04/23 20:33:03 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll

MOD - [2014/04/23 20:33:01 | 000,065,352 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll

MOD - [2014/04/14 14:17:38 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll

MOD - [2014/04/14 14:17:14 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll

MOD - [2014/02/11 19:10:35 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\fd639d8d8def70deaf3b26cd073577f3\System.Runtime.Remoting.ni.dll

MOD - [2014/02/11 19:05:28 | 000,292,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\be98ad4fe7bc49ae3528d64de497cc63\Inkjet.Automation.ni.dll

MOD - [2014/02/11 19:05:25 | 000,236,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\d5dd97c2af851e919898c6ca83ad7e65\Inkjet.Localization.ni.dll

MOD - [2014/02/11 19:05:25 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\3d118e1588632791362775a153d8ab5c\Inkjet.DeviceSettings.ni.dll

MOD - [2014/02/11 19:05:19 | 000,294,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\c042572ea4e6d46fc642adcb27f13046\Inkjet.Utilities.ni.dll

MOD - [2014/02/11 19:05:18 | 000,862,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\eb90f6103bb23b0f009b1c2c813758df\Inkjet.Hardware.ni.dll

MOD - [2014/02/11 19:05:17 | 000,181,248 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\7abb679759d4de1961b76ccd18552c84\Inkjet.Statistics.ni.dll

MOD - [2014/02/11 19:05:14 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\2537d3461f34250aa9ef60ee874c160f\Inkjet.Diagnostics.ni.dll

MOD - [2014/02/11 19:05:14 | 000,081,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\50f9a4af4f66b36e0e43d7ca1a173e9c\Inkjet.Configuration.ni.dll

MOD - [2014/02/11 19:04:42 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll

MOD - [2014/02/11 19:03:08 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll

MOD - [2014/02/11 19:03:01 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll

MOD - [2014/02/11 19:02:44 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll

MOD - [2014/02/11 19:01:02 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll

MOD - [2014/02/11 19:00:51 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll

MOD - [2014/01/02 23:42:50 | 003,610,624 | ---- | M] () -- C:\Documents and Settings\Home User\Application Data\Dropbox\bin\wxmsw28uh_vc.dll

MOD - [2013/10/21 05:30:48 | 019,336,120 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\libcef.dll

MOD - [2013/10/18 19:55:02 | 025,100,288 | ---- | M] () -- C:\Documents and Settings\Home User\Application Data\Dropbox\bin\libcef.dll

MOD - [2013/01/28 14:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2013/01/28 14:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

MOD - [2010/09/17 21:13:36 | 002,826,240 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\Core.dll

MOD - [2010/09/17 21:07:18 | 000,733,184 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\qca2.dll

MOD - [2010/08/03 16:47:12 | 008,351,744 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtGui4.dll

MOD - [2010/08/03 16:47:12 | 002,244,608 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtCore4.dll

MOD - [2010/08/03 16:47:12 | 000,978,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll

MOD - [2010/08/03 16:47:12 | 000,364,544 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtXml4.dll

MOD - [2010/08/03 16:47:12 | 000,204,800 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtSql4.dll

MOD - [2010/05/19 16:55:36 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\mkunicode.dll

MOD - [2009/01/10 18:15:44 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\mmfinfo.dll

MOD - [2008/09/16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

 

 

========== Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2014/04/28 18:46:37 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/04/23 08:12:44 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2014/04/07 10:57:01 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2014/02/13 00:37:54 | 000,701,800 | ---- | M] (Crawler, LLC) [Auto | Running] -- C:\Program Files\PCTechHotline\PCTechHotlineSvc.exe -- (PCTechHotlineSvc)

SRV - [2013/12/18 22:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2013/03/15 15:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)

SRV - [2013/01/15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)

SRV - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)

SRV - [2006/01/13 02:46:57 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hphipm09.exe -- (Pml Driver)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\vad.sys -- (VAD_DEV)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.SYS -- (PCTINDIS5)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pctnullport.sys -- (Nmea)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ANDROIDUSB.sys -- (HTCAND32)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\HOMEUS~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\HOMEUS~1\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2014/04/23 08:13:00 | 000,776,976 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2014/04/23 08:13:00 | 000,411,552 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)

DRV - [2014/04/23 08:13:00 | 000,180,632 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)

DRV - [2014/04/23 08:13:00 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmonflt.sys -- (aswMonFlt)

DRV - [2014/04/23 08:13:00 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2014/04/23 08:13:00 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2014/04/23 08:13:00 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)

DRV - [2014/04/23 08:13:00 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)

DRV - [2010/06/08 16:36:10 | 000,203,008 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWNC5E00.sys -- (SWNC5E00)

DRV - [2010/06/08 16:36:10 | 000,157,440 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmx00.sys -- (swmx00)

DRV - [2010/06/08 16:36:06 | 000,037,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt)

DRV - [2010/06/08 16:35:46 | 000,229,376 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)

DRV - [2009/12/16 15:13:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2009/12/16 15:13:34 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2008/08/21 05:52:42 | 003,299,840 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2008/06/27 02:39:42 | 000,332,928 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)

DRV - [2007/07/20 19:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV - [2006/08/24 06:44:14 | 000,477,696 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(SMC)

DRV - [2006/07/26 21:49:10 | 000,083,712 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2006/03/17 14:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)

DRV - [2006/01/13 02:46:58 | 000,050,211 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphs2k09.sys -- (Dot4Storage HPH09)

DRV - [2006/01/13 02:46:58 | 000,018,864 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphius09.sys -- (Dot4Usb HPH09)

DRV - [2006/01/13 02:46:58 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphipr09.sys -- (Dot4Print HPH09)

DRV - [2006/01/13 02:46:57 | 000,050,800 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphid409.sys -- (Dot4 HPH09)

DRV - [2005/12/21 22:22:20 | 000,005,685 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)

DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-1275210071-329068152-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com

IE - HKU\S-1-5-21-1275210071-329068152-839522115-1004\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-1275210071-329068152-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-1275210071-329068152-839522115-1004\..\SearchScopes\{960169CD-648B-4BE4-B037-B750F145B68E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKU\S-1-5-21-1275210071-329068152-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1275210071-329068152-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@xmlauthor.com/downloads: C:\WINDOWS\system32\npmirage.dll (XMLAuthor Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Home User\Application Data\Facebook\npfbplugin_1_0_1.dll ( )

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Home User\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2014/04/23 08:13:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/04/07 10:56:52 | 000,000,000 | ---D | M]

 

[2008/11/14 16:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home User\Application Data\Mozilla\Extensions

[2014/03/20 16:39:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home User\Application Data\Mozilla\Firefox\Profiles\njlz5hts.default-1378665154078\extensions

[2014/04/07 10:56:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2014/04/07 10:56:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2014/04/07 10:56:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2014/04/07 10:56:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

[2014/04/07 10:56:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}

[2014/04/07 10:56:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions

[2014/04/07 10:57:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2014/04/07 10:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions

[2014/04/07 10:56:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},


CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.131\pdf.dll

CHR - plugin: Microsoft® Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Home User\Application Data\Facebook\npfbplugin_1_0_1.dll

CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Home User\Application Data\Facebook\npfbplugin_1_0_3.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll

CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll

CHR - plugin: XMLAuthor Inc. npmirage (Enabled) = C:\WINDOWS\system32\npmirage.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: Google Docs = C:\Documents and Settings\Home User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Documents and Settings\Home User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Documents and Settings\Home User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Documents and Settings\Home User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Google Wallet = C:\Documents and Settings\Home User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: Bitdefender QuickScan = C:\Documents and Settings\Home User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.141_0\

CHR - Extension: Gmail = C:\Documents and Settings\Home User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

 

O1 HOSTS File: ([2014/04/23 22:51:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)

O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)

O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)

O4 - HKLM..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard)

O4 - HKU\S-1-5-21-1275210071-329068152-839522115-1004..\Run: [GoogleChromeAutoLaunch_837EAB815E7C58C51C00FF55757775AE] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)

O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)

O4 - Startup: C:\Documents and Settings\Home User\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Home User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Documents and Settings\Home User\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1275210071-329068152-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1275210071-329068152-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1275210071-329068152-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1275210071-329068152-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Clip Image - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found

O8 - Extra context menu item: Clip selection - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found

O8 - Extra context menu item: Clip this page - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found

O8 - Extra context menu item: Clip URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found

O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html ()

O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()

O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1369345573234 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 10.51.2)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 10.51.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C604B8A-06D7-4BA6-B459-3C967B2D1FE6}: DhcpNameServer = 68.87.64.146 68.87.75.194 68.87.71.226

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFD3CFD1-A9FA-4F6F-9127-B151F1F91A84}: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Home User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Home User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/11/14 15:51:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/04/30 20:54:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home User\Desktop\OTL.exe

[2014/04/30 07:38:28 | 001,052,160 | ---- | C] (Farbar) -- C:\Documents and Settings\Home User\Desktop\FRST.exe

[2014/04/30 07:36:24 | 000,409,600 | ---- | C] (Farbar) -- C:\Documents and Settings\Home User\Desktop\FSS.exe

[2014/04/30 07:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Start Menu\Programs\Revo Uninstaller

[2014/04/30 07:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Desktop\Revo Uninstaller

[2014/04/30 07:30:42 | 002,623,656 | ---- | C] (VS Revo Group Ltd.) -- C:\Documents and Settings\Home User\Desktop\revosetup.exe

[2014/04/29 23:14:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Desktop\RK_Quarantine

[2014/04/29 23:03:43 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Home User\Desktop\dds.scr

[2014/04/25 18:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Application Data\QuickScan

[2014/04/24 22:56:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Home User\Recent

[2014/04/24 22:56:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2014/04/24 22:10:47 | 000,000,000 | ---D | C] -- C:\_OTL

[2014/04/24 21:45:13 | 000,000,000 | ---D | C] -- C:\FRST

[2014/04/24 21:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro

[2014/04/23 22:41:15 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2014/04/23 22:39:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2014/04/23 22:39:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2014/04/23 22:39:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2014/04/23 22:39:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2014/04/23 22:37:49 | 000,000,000 | ---D | C] -- C:\Qoobox

[2014/04/23 22:37:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Home User\Start Menu\Programs\Administrative Tools

[2014/04/23 22:37:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2014/04/23 21:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)

[2014/04/23 21:43:28 | 000,052,312 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys

[2014/04/23 21:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Desktop\mbar

[2014/04/23 20:51:35 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\System32\sqlite3.dll

[2014/04/23 08:12:58 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2014/04/22 22:12:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Application Data\PC Tech Hotline

[2014/04/22 22:12:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tech Hotline

[2014/04/22 22:12:42 | 000,000,000 | ---D | C] -- C:\Program Files\PCTechHotline

[2014/04/15 23:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Evernote

[2014/04/11 15:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Desktop\Picture Keeper

[2014/04/11 15:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Application Data\SimplifiedIT

[2014/04/09 11:25:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Application Data\DropboxMaster

[2014/04/07 10:56:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2009/02/09 20:41:25 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Home User\Application Data\pcouffin.sys

[2 C:\Documents and Settings\Home User\Desktop\*.tmp files -> C:\Documents and Settings\Home User\Desktop\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2014/04/30 20:54:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home User\Desktop\OTL.exe

[2014/04/30 20:46:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2014/04/30 20:34:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2014/04/30 20:29:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18UA.job

[2014/04/30 20:29:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18Core.job

[2014/04/30 20:13:00 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2014/04/30 09:34:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2014/04/30 07:38:28 | 001,052,160 | ---- | M] (Farbar) -- C:\Documents and Settings\Home User\Desktop\FRST.exe

[2014/04/30 07:36:24 | 000,409,600 | ---- | M] (Farbar) -- C:\Documents and Settings\Home User\Desktop\FSS.exe

[2014/04/30 07:31:30 | 000,000,677 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\Revo Uninstaller.lnk

[2014/04/30 07:30:43 | 002,623,656 | ---- | M] (VS Revo Group Ltd.) -- C:\Documents and Settings\Home User\Desktop\revosetup.exe

[2014/04/30 07:26:42 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job

[2014/04/30 07:24:12 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2014/04/30 07:24:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2014/04/30 07:24:05 | 000,044,964 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap

[2014/04/29 23:13:08 | 003,972,608 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\RogueKiller.exe

[2014/04/29 23:03:46 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Home User\Desktop\dds.scr

[2014/04/28 20:33:20 | 000,001,788 | -H-- | M] () -- C:\Documents and Settings\Home User\My Documents\Default.rdp

[2014/04/28 16:08:35 | 232,763,392 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP

[2014/04/26 13:34:41 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2014/04/25 10:46:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2014/04/24 22:14:06 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys

[2014/04/24 21:19:42 | 000,002,996 | ---- | M] () -- C:\WINDOWS\System32\.crusader

[2014/04/24 21:14:08 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk

[2014/04/23 23:37:03 | 000,001,040 | ---- | M] () -- C:\Documents and Settings\Home User\Start Menu\Programs\Startup\Dropbox.lnk

[2014/04/23 22:51:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2014/04/23 22:41:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2014/04/23 21:21:47 | 000,354,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2014/04/23 08:13:18 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2014/04/23 08:13:00 | 000,776,976 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2014/04/23 08:13:00 | 000,411,552 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys

[2014/04/23 08:13:00 | 000,180,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys

[2014/04/23 08:13:00 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmonflt.sys

[2014/04/23 08:13:00 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2014/04/23 08:13:00 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2014/04/23 08:13:00 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys

[2014/04/23 08:13:00 | 000,024,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswHwid.sys

[2014/04/23 08:12:58 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2014/04/23 08:12:57 | 000,271,264 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2014/04/22 22:12:43 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Home User\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Tech Hotline.lnk

[2014/04/22 22:12:43 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tech Hotline.lnk

[2014/04/11 21:13:09 | 000,001,062 | ---- | M] () -- C:\WINDOWS\System32\msxkwn.vxp

[2014/04/11 19:09:18 | 000,000,049 | ---- | M] () -- C:\WINDOWS\TaxACT13.ini

[2014/04/08 15:00:11 | 000,000,224 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job

[2 C:\Documents and Settings\Home User\Desktop\*.tmp files -> C:\Documents and Settings\Home User\Desktop\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2014/04/30 07:31:30 | 000,000,677 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\Revo Uninstaller.lnk

[2014/04/29 23:13:04 | 003,972,608 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\RogueKiller.exe

[2014/04/24 21:19:42 | 000,002,996 | ---- | C] () -- C:\WINDOWS\System32\.crusader

[2014/04/24 21:14:08 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk

[2014/04/23 22:41:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2014/04/23 22:41:22 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2014/04/23 22:39:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2014/04/23 22:39:35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2014/04/23 22:39:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2014/04/23 22:39:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2014/04/23 22:39:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2014/04/23 08:13:06 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys

[2014/04/22 22:12:43 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Home User\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Tech Hotline.lnk

[2014/04/22 22:12:43 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tech Hotline.lnk

[2014/03/23 17:14:02 | 000,000,049 | ---- | C] () -- C:\WINDOWS\TaxACT13.ini

[2013/03/06 07:20:28 | 000,180,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys

[2013/03/06 07:20:28 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys

[2013/03/02 00:29:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT12.ini

[2012/12/03 06:04:00 | 000,000,582 | ---- | C] () -- C:\WINDOWS\System32\tx19_ic.ini

[2011/08/17 13:20:52 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\Home User\Application Data\.backup.dm

[2009/12/06 15:02:07 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Home User\Local Settings\Application Data\housecall.guid.cache

[2009/02/09 20:42:27 | 000,000,078 | ---- | C] () -- C:\Documents and Settings\Home User\Application Data\Printer.ini

[2009/02/09 20:41:25 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Home User\Application Data\inst.exe

[2009/02/09 20:41:25 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Home User\Application Data\pcouffin.cat

[2009/02/09 20:41:25 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Home User\Application Data\pcouffin.inf

[2009/01/16 20:19:57 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Home User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

========== ZeroAccess Check ==========

 

[2008/11/14 15:59:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== LOP Check ==========

 

[2013/02/27 14:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2010/03/12 20:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2013/10/21 05:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2011/08/17 13:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk

[2013/09/07 18:28:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2009/12/19 16:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner

[2013/05/23 22:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FingerPrintService

[2010/05/20 13:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video

[2009/05/19 22:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN

[2014/04/24 21:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro

[2011/06/23 18:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog

[2013/02/14 20:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrintProjects

[2010/11/06 08:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint

[2013/02/14 20:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan

[2009/02/18 23:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk

[2011/03/04 15:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2013/03/05 21:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Temp

[2014/04/28 18:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Amazon

[2013/10/21 07:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\AVAST Software

[2013/01/22 20:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Centra

[2009/01/31 12:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2014/04/30 11:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Dropbox

[2014/04/09 11:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\DropboxMaster

[2010/11/04 20:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\EurekaLog

[2010/03/03 23:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Facebook

[2009/05/19 22:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\GARMIN

[2009/12/28 21:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\ImgBurn

[2009/12/27 14:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\OpenOffice.org

[2014/04/22 22:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\PC Tech Hotline

[2014/04/25 18:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\QuickScan

[2013/09/07 18:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Saba

[2010/09/09 18:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Sierra Wireless

[2014/04/11 15:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\SimplifiedIT

[2009/12/06 19:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Smilebox

[2013/12/08 00:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Spotify

[2013/08/30 12:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\SumatraPDF

[2010/11/20 14:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Teleca

[2013/02/14 19:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Temp

[2009/06/30 21:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Vso

[2008/11/14 23:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Windows Desktop Search

[2008/12/26 21:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Windows Search

[2010/09/09 18:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Bytemobile

[2013/02/15 20:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Temp

[2010/09/09 18:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile

 

========== Purity Check ==========

 

 

 

< End of report >
Link to post
Share on other sites

TL logfile created on: 4/30/2014 8:55:07 PM - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Home User\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.94 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 64.74% Memory free

4.78 Gb Paging File | 3.80 Gb Available in Paging File | 79.48% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 131.01 Gb Free Space | 56.26% Space Free | Partition Type: NTFS

 

Computer Name: HOME-95B40C9070 | User Name: Home User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/04/30 20:54:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home User\Desktop\OTL.exe

PRC - [2014/04/23 20:33:15 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

PRC - [2014/04/23 08:12:45 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2014/04/23 08:12:44 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2014/04/18 14:50:52 | 033,604,728 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Home User\Application Data\Dropbox\bin\Dropbox.exe

PRC - [2014/04/14 15:11:32 | 001,107,296 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

PRC - [2014/02/13 00:37:54 | 000,701,800 | ---- | M] (Crawler, LLC) -- C:\Program Files\PCTechHotline\PCTechHotlineSvc.exe

PRC - [2013/12/18 22:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe

PRC - [2013/07/02 09:16:32 | 000,507,264 | ---- | M] (Oracle Corporation) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe

PRC - [2013/03/15 15:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe

PRC - [2013/01/15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe

PRC - [2012/10/08 11:05:40 | 002,804,224 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

PRC - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/01/13 02:46:57 | 000,311,296 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon03.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2014/04/30 19:44:29 | 002,252,800 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\14043002\algo.dll

MOD - [2014/04/30 07:28:13 | 000,041,984 | ---- | M] () -- c:\Documents and Settings\Home User\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxfcgxk.dll

MOD - [2014/04/23 20:33:13 | 000,390,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\ppgooglenaclpluginchrome.dll

MOD - [2014/04/23 20:33:12 | 013,692,232 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll

MOD - [2014/04/23 20:33:10 | 004,081,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\pdf.dll

MOD - [2014/04/23 20:33:03 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll

MOD - [2014/04/23 20:33:01 | 000,065,352 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll

MOD - [2014/04/14 14:17:38 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll

MOD - [2014/04/14 14:17:14 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll

MOD - [2014/02/11 19:10:35 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\fd639d8d8def70deaf3b26cd073577f3\System.Runtime.Remoting.ni.dll

MOD - [2014/02/11 19:05:28 | 000,292,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\be98ad4fe7bc49ae3528d64de497cc63\Inkjet.Automation.ni.dll

MOD - [2014/02/11 19:05:25 | 000,236,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\d5dd97c2af851e919898c6ca83ad7e65\Inkjet.Localization.ni.dll

MOD - [2014/02/11 19:05:25 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\3d118e1588632791362775a153d8ab5c\Inkjet.DeviceSettings.ni.dll

MOD - [2014/02/11 19:05:19 | 000,294,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\c042572ea4e6d46fc642adcb27f13046\Inkjet.Utilities.ni.dll

MOD - [2014/02/11 19:05:18 | 000,862,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\eb90f6103bb23b0f009b1c2c813758df\Inkjet.Hardware.ni.dll

MOD - [2014/02/11 19:05:17 | 000,181,248 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\7abb679759d4de1961b76ccd18552c84\Inkjet.Statistics.ni.dll

MOD - [2014/02/11 19:05:14 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\2537d3461f34250aa9ef60ee874c160f\Inkjet.Diagnostics.ni.dll

MOD - [2014/02/11 19:05:14 | 000,081,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\50f9a4af4f66b36e0e43d7ca1a173e9c\Inkjet.Configuration.ni.dll

MOD - [2014/02/11 19:04:42 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll

MOD - [2014/02/11 19:03:08 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll

MOD - [2014/02/11 19:03:01 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll

MOD - [2014/02/11 19:02:44 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll

MOD - [2014/02/11 19:01:02 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll

MOD - [2014/02/11 19:00:51 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll

MOD - [2014/01/02 23:42:50 | 003,610,624 | ---- | M] () -- C:\Documents and Settings\Home User\Application Data\Dropbox\bin\wxmsw28uh_vc.dll

MOD - [2013/10/21 05:30:48 | 019,336,120 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\libcef.dll

MOD - [2013/10/18 19:55:02 | 025,100,288 | ---- | M] () -- C:\Documents and Settings\Home User\Application Data\Dropbox\bin\libcef.dll

MOD - [2013/01/28 14:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2013/01/28 14:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

MOD - [2010/09/17 21:13:36 | 002,826,240 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\Core.dll

MOD - [2010/09/17 21:07:18 | 000,733,184 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\qca2.dll

MOD - [2010/08/03 16:47:12 | 008,351,744 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtGui4.dll

MOD - [2010/08/03 16:47:12 | 002,244,608 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtCore4.dll

MOD - [2010/08/03 16:47:12 | 000,978,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll

MOD - [2010/08/03 16:47:12 | 000,364,544 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtXml4.dll

MOD - [2010/08/03 16:47:12 | 000,204,800 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtSql4.dll

MOD - [2010/05/19 16:55:36 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\mkunicode.dll

MOD - [2009/01/10 18:15:44 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\mmfinfo.dll

MOD - [2008/09/16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

 

 

========== Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2014/04/28 18:46:37 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/04/23 08:12:44 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2014/04/07 10:57:01 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2014/02/13 00:37:54 | 000,701,800 | ---- | M] (Crawler, LLC) [Auto | Running] -- C:\Program Files\PCTechHotline\PCTechHotlineSvc.exe -- (PCTechHotlineSvc)

SRV - [2013/12/18 22:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2013/03/15 15:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)

SRV - [2013/01/15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)

SRV - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)

SRV - [2006/01/13 02:46:57 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hphipm09.exe -- (Pml Driver)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\vad.sys -- (VAD_DEV)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.SYS -- (PCTINDIS5)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pctnullport.sys -- (Nmea)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ANDROIDUSB.sys -- (HTCAND32)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\HOMEUS~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\HOMEUS~1\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2014/04/23 08:13:00 | 000,776,976 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2014/04/23 08:13:00 | 000,411,552 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)

DRV - [2014/04/23 08:13:00 | 000,180,632 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)

DRV - [2014/04/23 08:13:00 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmonflt.sys -- (aswMonFlt)

DRV - [2014/04/23 08:13:00 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2014/04/23 08:13:00 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2014/04/23 08:13:00 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)

DRV - [2014/04/23 08:13:00 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)

DRV - [2010/06/08 16:36:10 | 000,203,008 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWNC5E00.sys -- (SWNC5E00)

DRV - [2010/06/08 16:36:10 | 000,157,440 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmx00.sys -- (swmx00)

DRV - [2010/06/08 16:36:06 | 000,037,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt)

DRV - [2010/06/08 16:35:46 | 000,229,376 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)

DRV - [2009/12/16 15:13:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2009/12/16 15:13:34 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2008/08/21 05:52:42 | 003,299,840 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2008/06/27 02:39:42 | 000,332,928 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)

DRV - [2007/07/20 19:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV - [2006/08/24 06:44:14 | 000,477,696 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(SMC)

DRV - [2006/07/26 21:49:10 | 000,083,712 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2006/03/17 14:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)

DRV - [2006/01/13 02:46:58 | 000,050,211 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphs2k09.sys -- (Dot4Storage HPH09)

DRV - [2006/01/13 02:46:58 | 000,018,864 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphius09.sys -- (Dot4Usb HPH09)

DRV - [2006/01/13 02:46:58 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphipr09.sys -- (Dot4Print HPH09)

DRV - [2006/01/13 02:46:57 | 000,050,800 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphid409.sys -- (Dot4 HPH09)

DRV - [2005/12/21 22:22:20 | 000,005,685 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)

DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-1275210071-329068152-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com

IE - HKU\S-1-5-21-1275210071-329068152-839522115-1004\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-1275210071-329068152-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-1275210071-329068152-839522115-1004\..\SearchScopes\{960169CD-648B-4BE4-B037-B750F145B68E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKU\S-1-5-21-1275210071-329068152-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1275210071-329068152-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@xmlauthor.com/downloads: C:\WINDOWS\system32\npmirage.dll (XMLAuthor Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Home User\Application Data\Facebook\npfbplugin_1_0_1.dll ( )

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Home User\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2014/04/23 08:13:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/04/07 10:56:52 | 000,000,000 | ---D | M]

 

[2008/11/14 16:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home User\Application Data\Mozilla\Extensions

[2014/03/20 16:39:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home User\Application Data\Mozilla\Firefox\Profiles\njlz5hts.default-1378665154078\extensions

[2014/04/07 10:56:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2014/04/07 10:56:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2014/04/07 10:56:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2014/04/07 10:56:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

[2014/04/07 10:56:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}

[2014/04/07 10:56:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions

[2014/04/07 10:57:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2014/04/07 10:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions

[2014/04/07 10:56:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},


CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.131\pdf.dll

CHR - plugin: Microsoft® Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Home User\Application Data\Facebook\npfbplugin_1_0_1.dll

CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Home User\Application Data\Facebook\npfbplugin_1_0_3.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll

CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll

CHR - plugin: XMLAuthor Inc. npmirage (Enabled) = C:\WINDOWS\system32\npmirage.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: Google Docs = C:\Documents and Settings\Home User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Documents and Settings\Home User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Documents and Settings\Home User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Documents and Settings\Home User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Google Wallet = C:\Documents and Settings\Home User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: Bitdefender QuickScan = C:\Documents and Settings\Home User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.141_0\

CHR - Extension: Gmail = C:\Documents and Settings\Home User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

 

O1 HOSTS File: ([2014/04/23 22:51:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)

O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)

O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)

O4 - HKLM..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard)

O4 - HKU\S-1-5-21-1275210071-329068152-839522115-1004..\Run: [GoogleChromeAutoLaunch_837EAB815E7C58C51C00FF55757775AE] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)

O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)

O4 - Startup: C:\Documents and Settings\Home User\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Home User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Documents and Settings\Home User\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1275210071-329068152-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1275210071-329068152-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1275210071-329068152-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1275210071-329068152-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Clip Image - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found

O8 - Extra context menu item: Clip selection - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found

O8 - Extra context menu item: Clip this page - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found

O8 - Extra context menu item: Clip URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found

O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html ()

O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()

O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1369345573234 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 10.51.2)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 10.51.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C604B8A-06D7-4BA6-B459-3C967B2D1FE6}: DhcpNameServer = 68.87.64.146 68.87.75.194 68.87.71.226

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFD3CFD1-A9FA-4F6F-9127-B151F1F91A84}: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Home User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Home User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/11/14 15:51:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/04/30 20:54:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home User\Desktop\OTL.exe

[2014/04/30 07:38:28 | 001,052,160 | ---- | C] (Farbar) -- C:\Documents and Settings\Home User\Desktop\FRST.exe

[2014/04/30 07:36:24 | 000,409,600 | ---- | C] (Farbar) -- C:\Documents and Settings\Home User\Desktop\FSS.exe

[2014/04/30 07:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Start Menu\Programs\Revo Uninstaller

[2014/04/30 07:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Desktop\Revo Uninstaller

[2014/04/30 07:30:42 | 002,623,656 | ---- | C] (VS Revo Group Ltd.) -- C:\Documents and Settings\Home User\Desktop\revosetup.exe

[2014/04/29 23:14:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Desktop\RK_Quarantine

[2014/04/29 23:03:43 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Home User\Desktop\dds.scr

[2014/04/25 18:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Application Data\QuickScan

[2014/04/24 22:56:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Home User\Recent

[2014/04/24 22:56:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2014/04/24 22:10:47 | 000,000,000 | ---D | C] -- C:\_OTL

[2014/04/24 21:45:13 | 000,000,000 | ---D | C] -- C:\FRST

[2014/04/24 21:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro

[2014/04/23 22:41:15 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2014/04/23 22:39:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2014/04/23 22:39:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2014/04/23 22:39:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2014/04/23 22:39:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2014/04/23 22:37:49 | 000,000,000 | ---D | C] -- C:\Qoobox

[2014/04/23 22:37:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Home User\Start Menu\Programs\Administrative Tools

[2014/04/23 22:37:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2014/04/23 21:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)

[2014/04/23 21:43:28 | 000,052,312 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys

[2014/04/23 21:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Desktop\mbar

[2014/04/23 20:51:35 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\System32\sqlite3.dll

[2014/04/23 08:12:58 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2014/04/22 22:12:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Application Data\PC Tech Hotline

[2014/04/22 22:12:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tech Hotline

[2014/04/22 22:12:42 | 000,000,000 | ---D | C] -- C:\Program Files\PCTechHotline

[2014/04/15 23:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Evernote

[2014/04/11 15:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Desktop\Picture Keeper

[2014/04/11 15:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Application Data\SimplifiedIT

[2014/04/09 11:25:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Application Data\DropboxMaster

[2014/04/07 10:56:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2009/02/09 20:41:25 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Home User\Application Data\pcouffin.sys

[2 C:\Documents and Settings\Home User\Desktop\*.tmp files -> C:\Documents and Settings\Home User\Desktop\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2014/04/30 20:54:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home User\Desktop\OTL.exe

[2014/04/30 20:46:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2014/04/30 20:34:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2014/04/30 20:29:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18UA.job

[2014/04/30 20:29:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18Core.job

[2014/04/30 20:13:00 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2014/04/30 09:34:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2014/04/30 07:38:28 | 001,052,160 | ---- | M] (Farbar) -- C:\Documents and Settings\Home User\Desktop\FRST.exe

[2014/04/30 07:36:24 | 000,409,600 | ---- | M] (Farbar) -- C:\Documents and Settings\Home User\Desktop\FSS.exe

[2014/04/30 07:31:30 | 000,000,677 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\Revo Uninstaller.lnk

[2014/04/30 07:30:43 | 002,623,656 | ---- | M] (VS Revo Group Ltd.) -- C:\Documents and Settings\Home User\Desktop\revosetup.exe

[2014/04/30 07:26:42 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job

[2014/04/30 07:24:12 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2014/04/30 07:24:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2014/04/30 07:24:05 | 000,044,964 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap

[2014/04/29 23:13:08 | 003,972,608 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\RogueKiller.exe

[2014/04/29 23:03:46 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Home User\Desktop\dds.scr

[2014/04/28 20:33:20 | 000,001,788 | -H-- | M] () -- C:\Documents and Settings\Home User\My Documents\Default.rdp

[2014/04/28 16:08:35 | 232,763,392 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP

[2014/04/26 13:34:41 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2014/04/25 10:46:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2014/04/24 22:14:06 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys

[2014/04/24 21:19:42 | 000,002,996 | ---- | M] () -- C:\WINDOWS\System32\.crusader

[2014/04/24 21:14:08 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk

[2014/04/23 23:37:03 | 000,001,040 | ---- | M] () -- C:\Documents and Settings\Home User\Start Menu\Programs\Startup\Dropbox.lnk

[2014/04/23 22:51:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2014/04/23 22:41:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2014/04/23 21:21:47 | 000,354,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2014/04/23 08:13:18 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2014/04/23 08:13:00 | 000,776,976 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2014/04/23 08:13:00 | 000,411,552 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys

[2014/04/23 08:13:00 | 000,180,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys

[2014/04/23 08:13:00 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmonflt.sys

[2014/04/23 08:13:00 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2014/04/23 08:13:00 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2014/04/23 08:13:00 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys

[2014/04/23 08:13:00 | 000,024,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswHwid.sys

[2014/04/23 08:12:58 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2014/04/23 08:12:57 | 000,271,264 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2014/04/22 22:12:43 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Home User\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Tech Hotline.lnk

[2014/04/22 22:12:43 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tech Hotline.lnk

[2014/04/11 21:13:09 | 000,001,062 | ---- | M] () -- C:\WINDOWS\System32\msxkwn.vxp

[2014/04/11 19:09:18 | 000,000,049 | ---- | M] () -- C:\WINDOWS\TaxACT13.ini

[2014/04/08 15:00:11 | 000,000,224 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job

[2 C:\Documents and Settings\Home User\Desktop\*.tmp files -> C:\Documents and Settings\Home User\Desktop\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2014/04/30 07:31:30 | 000,000,677 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\Revo Uninstaller.lnk

[2014/04/29 23:13:04 | 003,972,608 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\RogueKiller.exe

[2014/04/24 21:19:42 | 000,002,996 | ---- | C] () -- C:\WINDOWS\System32\.crusader

[2014/04/24 21:14:08 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk

[2014/04/23 22:41:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2014/04/23 22:41:22 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2014/04/23 22:39:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2014/04/23 22:39:35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2014/04/23 22:39:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2014/04/23 22:39:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2014/04/23 22:39:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2014/04/23 08:13:06 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys

[2014/04/22 22:12:43 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Home User\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Tech Hotline.lnk

[2014/04/22 22:12:43 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tech Hotline.lnk

[2014/03/23 17:14:02 | 000,000,049 | ---- | C] () -- C:\WINDOWS\TaxACT13.ini

[2013/03/06 07:20:28 | 000,180,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys

[2013/03/06 07:20:28 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys

[2013/03/02 00:29:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT12.ini

[2012/12/03 06:04:00 | 000,000,582 | ---- | C] () -- C:\WINDOWS\System32\tx19_ic.ini

[2011/08/17 13:20:52 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\Home User\Application Data\.backup.dm

[2009/12/06 15:02:07 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Home User\Local Settings\Application Data\housecall.guid.cache

[2009/02/09 20:42:27 | 000,000,078 | ---- | C] () -- C:\Documents and Settings\Home User\Application Data\Printer.ini

[2009/02/09 20:41:25 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Home User\Application Data\inst.exe

[2009/02/09 20:41:25 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Home User\Application Data\pcouffin.cat

[2009/02/09 20:41:25 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Home User\Application Data\pcouffin.inf

[2009/01/16 20:19:57 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Home User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

========== ZeroAccess Check ==========

 

[2008/11/14 15:59:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== LOP Check ==========

 

[2013/02/27 14:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2010/03/12 20:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2013/10/21 05:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2011/08/17 13:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk

[2013/09/07 18:28:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2009/12/19 16:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner

[2013/05/23 22:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FingerPrintService

[2010/05/20 13:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video

[2009/05/19 22:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN

[2014/04/24 21:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro

[2011/06/23 18:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog

[2013/02/14 20:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrintProjects

[2010/11/06 08:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint

[2013/02/14 20:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan

[2009/02/18 23:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk

[2011/03/04 15:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2013/03/05 21:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Temp

[2014/04/28 18:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Amazon

[2013/10/21 07:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\AVAST Software

[2013/01/22 20:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Centra

[2009/01/31 12:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2014/04/30 11:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Dropbox

[2014/04/09 11:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\DropboxMaster

[2010/11/04 20:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\EurekaLog

[2010/03/03 23:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Facebook

[2009/05/19 22:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\GARMIN

[2009/12/28 21:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\ImgBurn

[2009/12/27 14:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\OpenOffice.org

[2014/04/22 22:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\PC Tech Hotline

[2014/04/25 18:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\QuickScan

[2013/09/07 18:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Saba

[2010/09/09 18:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Sierra Wireless

[2014/04/11 15:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\SimplifiedIT

[2009/12/06 19:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Smilebox

[2013/12/08 00:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Spotify

[2013/08/30 12:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\SumatraPDF

[2010/11/20 14:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Teleca

[2013/02/14 19:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Temp

[2009/06/30 21:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Vso

[2008/11/14 23:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Windows Desktop Search

[2008/12/26 21:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Windows Search

[2010/09/09 18:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Bytemobile

[2013/02/15 20:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Temp

[2010/09/09 18:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile

 

========== Purity Check ==========

 

 

 

< End of report >
Link to post
Share on other sites

Please do this:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in bold:

:Files

C:\Program Files\PCTechHotline

C:\Documents and Settings\Home User\Application Data\PC Tech Hotline

Then click the Run Fix button at the top

Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"

Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Then.........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

 

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Was able to get FRST to run

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-05-2014
Ran by Home User (administrator) on HOME-95B40C9070 on 30-04-2014 22:00:41
Running from C:\Documents and Settings\Home User\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Crawler, LLC) C:\Program Files\PCTechHotline\PCTechHotlineSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Hewlett-Packard) C:\WINDOWS\system32\hphmon03.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Eastman Kodak Company) C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Documents and Settings\Home User\Application Data\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [soundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [843776 2006-05-01] (Analog Devices, Inc.)
HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [196608 2006-01-13] (HP)
HKLM\...\Run: [HPHmon03] => C:\WINDOWS\system32\hphmon03.exe [311296 2006-01-13] (Hewlett-Packard)
HKLM\...\Run: [Conime] => C:\WINDOWS\system32\conime.exe [27648 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [2804224 2012-10-08] (Eastman Kodak Company)
HKLM\...\Run: [EKStatusMonitor] => C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3873704 2014-04-23] (AVAST Software)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] - C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company)
HKU\S-1-5-21-1275210071-329068152-839522115-1004\...\Run: [GoogleChromeAutoLaunch_837EAB815E7C58C51C00FF55757775AE] => C:\Program Files\Google\Chrome\Application\chrome.exe [841032 2014-04-23] (Google Inc.)
Startup: C:\Documents and Settings\Home User\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Home User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Documents and Settings\Home User\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {960169CD-648B-4BE4-B037-B750F145B68E} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Home User\Application Data\Mozilla\Firefox\Profiles\njlz5hts.default-1378665154078
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandasecurity.com/activescan - C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @xmlauthor.com/downloads - C:\WINDOWS\system32\npmirage.dll (XMLAuthor Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.1 - C:\Documents and Settings\Home User\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Documents and Settings\Home User\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-04-07]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-04-07]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-04-07]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2014-04-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-13]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Facebook Plugin) - C:\Documents and Settings\Home User\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
CHR Plugin: (Facebook Plugin) - C:\Documents and Settings\Home User\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Panda ActiveScan 2.0) - C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR Plugin: (XMLAuthor Inc. npmirage) - C:\WINDOWS\system32\npmirage.dll (XMLAuthor Inc.)
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Documents and Settings\Home User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-08]
CHR Extension: (Google Drive) - C:\Documents and Settings\Home User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-08]
CHR Extension: (YouTube) - C:\Documents and Settings\Home User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-08]
CHR Extension: (Google Search) - C:\Documents and Settings\Home User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-08]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Home User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-08]
CHR Extension: (Bitdefender QuickScan) - C:\Documents and Settings\Home User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-04-25]
CHR Extension: (Gmail) - C:\Documents and Settings\Home User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-08]
 
========================== Services (Whitelisted) =================
 
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2008-07-31] ()
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-04-23] (AVAST Software)
R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2010-09-17] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company)
R2 PCTechHotlineSvc; C:\Program Files\PCTechHotline\PCTechHotlineSvc.exe [701800 2014-02-13] (Crawler, LLC)
S3 Pml Driver; C:\WINDOWS\system32\HPHipm09.exe [77824 2006-01-13] (HP)
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21035 2008-11-14] (Meetinghouse Data Communications)
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [5685 2005-12-21] ()
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-04-23] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-04-23] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-04-23] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-04-23] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [776976 2014-04-23] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411552 2014-04-23] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-04-23] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180632 2014-04-23] ()
S3 Dot4 HPH09; C:\WINDOWS\System32\DRIVERS\hphid409.sys [50800 2006-01-13] (HP)
S3 Dot4Print HPH09; C:\WINDOWS\System32\DRIVERS\hphipr09.sys [16112 2006-01-13] (HP)
S3 Dot4Storage HPH09; C:\WINDOWS\System32\Drivers\hphs2k09.sys [50211 2006-01-13] (Hewlett-Packard)
S3 Dot4Usb HPH09; C:\WINDOWS\System32\drivers\hphius09.sys [18864 2006-01-13] (HP)
R2 EAPPkt; C:\WINDOWS\System32\DRIVERS\EAPPkt.sys [38144 2006-11-15] (Windows ® 2000 DDK provider)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2009-12-16] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2009-12-16] (Printing Communications Assoc., Inc. (PCAUSA))
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-12] ()
S3 RTLWUSB; C:\WINDOWS\System32\DRIVERS\RTL8187.sys [332928 2008-06-27] (Realtek Semiconductor Corporation                           )
R3 SenFiltService; C:\WINDOWS\System32\drivers\Senfilt.sys [392960 2006-03-17] (Sensaura)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
S3 swmsflt; C:\WINDOWS\System32\DRIVERS\swmsflt.sys [37248 2010-06-08] ()
S3 ZD1211BU(SMC); C:\WINDOWS\System32\DRIVERS\zd1211Bu.sys [477696 2006-08-24] (ZyDAS Technology Corporation)
S3 catchme; \??\C:\DOCUME~1\HOMEUS~1\LOCALS~1\Temp\catchme.sys [X]
S3 cpuz130; \??\C:\DOCUME~1\HOMEUS~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [X]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S4 IntelIde; No ImagePath
S3 Nmea; system32\DRIVERS\pctnullport.sys [X]
S3 PCASp50; System32\Drivers\PCASp50.sys [X]
S3 PCTINDIS5; \??\C:\WINDOWS\system32\PCTINDIS5.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; 
S3 VAD_DEV; system32\drivers\vad.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-30 22:00 - 2014-04-30 22:00 - 00000000 ____D () C:\Documents and Settings\Home User\Desktop\FRST-OlderVersion
2014-04-30 21:04 - 2014-04-30 21:04 - 00107710 _____ () C:\Documents and Settings\Home User\Desktop\OTL.Txt
2014-04-30 20:54 - 2014-04-30 20:54 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Home User\Desktop\OTL.exe
2014-04-30 07:38 - 2014-04-30 22:00 - 01050624 _____ (Farbar) C:\Documents and Settings\Home User\Desktop\FRST.exe
2014-04-30 07:37 - 2014-04-30 07:37 - 00001253 _____ () C:\Documents and Settings\Home User\Desktop\FSS.txt
2014-04-30 07:36 - 2014-04-30 07:36 - 00409600 _____ (Farbar) C:\Documents and Settings\Home User\Desktop\FSS.exe
2014-04-30 07:35 - 2014-04-30 22:00 - 00019733 _____ () C:\Documents and Settings\Home User\Desktop\FRST.txt
2014-04-30 07:31 - 2014-04-30 07:31 - 00000677 _____ () C:\Documents and Settings\Home User\Desktop\Revo Uninstaller.lnk
2014-04-29 23:18 - 2014-04-29 23:18 - 00001741 _____ () C:\Documents and Settings\Home User\Desktop\RKreport[0]_S_04292014_231837.txt
2014-04-29 23:14 - 2014-04-29 23:20 - 00000000 ____D () C:\Documents and Settings\Home User\Desktop\RK_Quarantine
2014-04-29 23:13 - 2014-04-29 23:13 - 03972608 _____ () C:\Documents and Settings\Home User\Desktop\RogueKiller.exe
2014-04-29 23:10 - 2014-04-29 23:10 - 00020009 _____ () C:\Documents and Settings\Home User\Desktop\attach.txt
2014-04-29 23:10 - 2014-04-29 23:10 - 00013051 _____ () C:\Documents and Settings\Home User\Desktop\dds.txt
2014-04-29 23:03 - 2014-04-29 23:03 - 00688992 ____R (Swearware) C:\Documents and Settings\Home User\Desktop\dds.scr
2014-04-28 16:08 - 2014-04-28 16:08 - 00065536 _____ () C:\WINDOWS\Minidump\Mini042814-01.dmp
2014-04-25 18:15 - 2014-04-25 18:34 - 00000000 ____D () C:\Documents and Settings\Home User\Application Data\QuickScan
2014-04-24 22:40 - 2014-04-24 22:40 - 00017312 _____ () C:\ComboFix.txt
2014-04-24 22:10 - 2014-04-24 22:10 - 00000000 ____D () C:\_OTL
2014-04-24 21:45 - 2014-04-30 22:00 - 00000000 ____D () C:\FRST
2014-04-24 21:19 - 2014-04-24 21:19 - 00002996 _____ () C:\WINDOWS\system32\.crusader
2014-04-24 21:14 - 2014-04-24 21:14 - 00001610 _____ () C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
2014-04-24 21:14 - 2014-04-24 21:14 - 00000000 ____D () C:\Program Files\HitmanPro
2014-04-23 22:41 - 2014-04-23 22:41 - 00000000 _RSHD () C:\cmdcons
2014-04-23 22:41 - 2008-11-14 23:52 - 00000211 _____ () C:\Boot.bak
2014-04-23 22:41 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-04-23 22:39 - 2011-06-26 02:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-04-23 22:39 - 2010-11-07 13:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-04-23 22:39 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-04-23 22:39 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-04-23 22:39 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-04-23 22:39 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-04-23 22:39 - 2000-08-30 20:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-04-23 22:39 - 2000-08-30 20:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-04-23 22:39 - 2000-08-30 20:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-04-23 22:37 - 2014-04-24 22:40 - 00000000 ____D () C:\Qoobox
2014-04-23 22:37 - 2014-04-23 22:52 - 00000000 ____D () C:\WINDOWS\erdnt
2014-04-23 21:44 - 2014-04-24 22:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-04-23 21:43 - 2014-04-24 22:25 - 00000000 ____D () C:\Documents and Settings\Home User\Desktop\mbar
2014-04-23 21:43 - 2014-04-24 22:14 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-23 20:51 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-04-23 08:13 - 2014-04-23 08:13 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-04-23 08:12 - 2014-04-23 08:12 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-04-22 22:12 - 2014-04-23 07:33 - 00000000 ____D () C:\Program Files\PCTechHotline
2014-04-22 22:12 - 2014-04-22 22:12 - 00000742 _____ () C:\Documents and Settings\All Users\Desktop\PC Tech Hotline.lnk
2014-04-22 22:12 - 2014-04-22 22:12 - 00000000 ____D () C:\Documents and Settings\Home User\Application Data\PC Tech Hotline
2014-04-22 22:12 - 2014-04-22 22:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PC Tech Hotline
2014-04-15 23:12 - 2014-04-15 23:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Evernote
2014-04-11 15:53 - 2014-04-11 15:53 - 00000000 ____D () C:\Documents and Settings\Home User\Desktop\Picture Keeper
2014-04-11 15:53 - 2014-04-11 15:53 - 00000000 ____D () C:\Documents and Settings\Home User\Application Data\SimplifiedIT
2014-04-09 11:25 - 2014-04-09 11:25 - 00000000 ____D () C:\Documents and Settings\Home User\Application Data\DropboxMaster
2014-04-07 10:56 - 2014-04-07 10:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-31 16:10 - 2014-04-30 07:26 - 00000230 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-31 16:10 - 2014-04-08 15:00 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
 
==================== One Month Modified Files and Folders =======
 
2014-04-30 22:00 - 2014-04-30 22:00 - 00000000 ____D () C:\Documents and Settings\Home User\Desktop\FRST-OlderVersion
2014-04-30 22:00 - 2014-04-30 07:38 - 01050624 _____ (Farbar) C:\Documents and Settings\Home User\Desktop\FRST.exe
2014-04-30 22:00 - 2014-04-30 07:35 - 00019733 _____ () C:\Documents and Settings\Home User\Desktop\FRST.txt
2014-04-30 22:00 - 2014-04-24 21:45 - 00000000 ____D () C:\FRST
2014-04-30 21:46 - 2012-04-08 09:17 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-30 21:34 - 2013-09-08 21:08 - 00000892 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-30 21:29 - 2014-02-07 21:24 - 00000998 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2014-04-30 21:04 - 2014-04-30 21:04 - 00107710 _____ () C:\Documents and Settings\Home User\Desktop\OTL.Txt
2014-04-30 20:54 - 2014-04-30 20:54 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Home User\Desktop\OTL.exe
2014-04-30 20:29 - 2014-02-07 21:24 - 00000946 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2014-04-30 20:13 - 2012-07-05 16:34 - 00000366 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-04-30 19:01 - 2013-02-11 16:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kodak
2014-04-30 11:30 - 2013-04-18 13:10 - 00000000 ____D () C:\Documents and Settings\Home User\Application Data\Dropbox
2014-04-30 09:34 - 2013-09-08 21:08 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-30 07:37 - 2014-04-30 07:37 - 00001253 _____ () C:\Documents and Settings\Home User\Desktop\FSS.txt
2014-04-30 07:36 - 2014-04-30 07:36 - 00409600 _____ (Farbar) C:\Documents and Settings\Home User\Desktop\FSS.exe
2014-04-30 07:31 - 2014-04-30 07:31 - 00000677 _____ () C:\Documents and Settings\Home User\Desktop\Revo Uninstaller.lnk
2014-04-30 07:30 - 2008-11-14 15:50 - 01757959 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-30 07:29 - 2013-04-18 13:21 - 00000000 ___RD () C:\Documents and Settings\Home User\My Documents\Dropbox
2014-04-30 07:26 - 2014-03-31 16:10 - 00000230 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-30 07:24 - 2009-12-06 19:03 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-30 07:24 - 2009-12-06 19:03 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-04-30 07:24 - 2008-11-14 15:58 - 00044964 _____ () C:\WINDOWS\system32\ativvaxx.cap
2014-04-30 07:24 - 2008-11-14 15:54 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-30 07:24 - 2004-08-04 16:00 - 00002422 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-29 23:23 - 2008-11-14 15:56 - 00000278 ___SH () C:\Documents and Settings\Home User\ntuser.ini
2014-04-29 23:23 - 2008-11-14 15:54 - 00032622 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-29 23:20 - 2014-04-29 23:14 - 00000000 ____D () C:\Documents and Settings\Home User\Desktop\RK_Quarantine
2014-04-29 23:18 - 2014-04-29 23:18 - 00001741 _____ () C:\Documents and Settings\Home User\Desktop\RKreport[0]_S_04292014_231837.txt
2014-04-29 23:13 - 2014-04-29 23:13 - 03972608 _____ () C:\Documents and Settings\Home User\Desktop\RogueKiller.exe
2014-04-29 23:10 - 2014-04-29 23:10 - 00020009 _____ () C:\Documents and Settings\Home User\Desktop\attach.txt
2014-04-29 23:10 - 2014-04-29 23:10 - 00013051 _____ () C:\Documents and Settings\Home User\Desktop\dds.txt
2014-04-29 23:03 - 2014-04-29 23:03 - 00688992 ____R (Swearware) C:\Documents and Settings\Home User\Desktop\dds.scr
2014-04-29 17:06 - 2008-11-14 23:37 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
2014-04-28 20:33 - 2013-01-03 18:40 - 00001788 ____H () C:\Documents and Settings\Home User\My Documents\Default.rdp
2014-04-28 18:46 - 2012-04-08 09:16 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-04-28 18:46 - 2011-05-30 09:04 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-04-28 18:23 - 2012-05-21 21:34 - 00000000 ____D () C:\Documents and Settings\Home User\Application Data\Amazon
2014-04-28 18:23 - 2012-05-21 21:33 - 00000000 ____D () C:\Program Files\Amazon
2014-04-28 18:23 - 2012-05-21 21:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Amazon
2014-04-28 16:08 - 2014-04-28 16:08 - 00065536 _____ () C:\WINDOWS\Minidump\Mini042814-01.dmp
2014-04-28 16:08 - 2011-05-03 19:42 - 00000000 ____D () C:\WINDOWS\Minidump
2014-04-28 16:08 - 2008-11-14 10:32 - 232763392 _____ () C:\WINDOWS\MEMORY.DMP
2014-04-26 13:34 - 2013-09-08 21:12 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-04-25 18:34 - 2014-04-25 18:15 - 00000000 ____D () C:\Documents and Settings\Home User\Application Data\QuickScan
2014-04-25 10:46 - 2013-02-25 11:13 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-04-24 22:56 - 2010-02-02 14:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Powertoys for Windows XP
2014-04-24 22:40 - 2014-04-24 22:40 - 00017312 _____ () C:\ComboFix.txt
2014-04-24 22:40 - 2014-04-23 22:37 - 00000000 ____D () C:\Qoobox
2014-04-24 22:38 - 2004-08-04 16:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-04-24 22:25 - 2014-04-23 21:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-04-24 22:25 - 2014-04-23 21:43 - 00000000 ____D () C:\Documents and Settings\Home User\Desktop\mbar
2014-04-24 22:14 - 2014-04-23 21:43 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-24 22:10 - 2014-04-24 22:10 - 00000000 ____D () C:\_OTL
2014-04-24 21:19 - 2014-04-24 21:19 - 00002996 _____ () C:\WINDOWS\system32\.crusader
2014-04-24 21:19 - 2013-09-08 15:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-04-24 21:14 - 2014-04-24 21:14 - 00001610 _____ () C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
2014-04-24 21:14 - 2014-04-24 21:14 - 00000000 ____D () C:\Program Files\HitmanPro
2014-04-24 20:44 - 2013-09-08 14:38 - 00000000 ____D () C:\AdwCleaner
2014-04-24 18:54 - 2008-11-14 16:08 - 00095312 ____C () C:\Documents and Settings\Home User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-04-23 23:36 - 2013-04-18 13:11 - 00000000 ____D () C:\Documents and Settings\Home User\Start Menu\Programs\Dropbox
2014-04-23 22:52 - 2014-04-23 22:37 - 00000000 ____D () C:\WINDOWS\erdnt
2014-04-23 22:41 - 2014-04-23 22:41 - 00000000 _RSHD () C:\cmdcons
2014-04-23 22:41 - 2008-11-14 10:37 - 00000327 __RSH () C:\boot.ini
2014-04-23 21:21 - 2008-11-14 10:38 - 00354568 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-04-23 08:13 - 2014-04-23 08:13 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-04-23 08:13 - 2013-10-21 05:31 - 00001744 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-04-23 08:13 - 2013-03-06 07:20 - 00180632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-04-23 08:13 - 2013-03-06 07:20 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2014-04-23 08:13 - 2013-03-06 07:20 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-04-23 08:13 - 2011-03-13 07:52 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-04-23 08:13 - 2008-12-02 16:24 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-04-23 08:13 - 2008-12-02 16:24 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-04-23 08:13 - 2008-12-02 16:24 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-04-23 08:12 - 2014-04-23 08:12 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-04-23 08:12 - 2008-12-02 16:24 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-04-23 07:33 - 2014-04-22 22:12 - 00000000 ____D () C:\Program Files\PCTechHotline
2014-04-22 22:12 - 2014-04-22 22:12 - 00000742 _____ () C:\Documents and Settings\All Users\Desktop\PC Tech Hotline.lnk
2014-04-22 22:12 - 2014-04-22 22:12 - 00000000 ____D () C:\Documents and Settings\Home User\Application Data\PC Tech Hotline
2014-04-22 22:12 - 2014-04-22 22:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PC Tech Hotline
2014-04-22 21:52 - 2008-11-14 23:42 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB940157$
2014-04-19 20:31 - 2009-05-30 15:21 - 00000000 ____D () C:\Documents and Settings\Home User\My Documents\Amy
2014-04-15 23:12 - 2014-04-15 23:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Evernote
2014-04-11 21:15 - 2014-03-23 17:14 - 00000000 ____D () C:\Documents and Settings\Home User\My Documents\TaxACT 2013
2014-04-11 21:13 - 2009-03-23 20:01 - 00001062 _____ () C:\WINDOWS\system32\msxkwn.vxp
2014-04-11 19:09 - 2014-03-23 17:14 - 00000049 _____ () C:\WINDOWS\TaxACT13.ini
2014-04-11 15:53 - 2014-04-11 15:53 - 00000000 ____D () C:\Documents and Settings\Home User\Desktop\Picture Keeper
2014-04-11 15:53 - 2014-04-11 15:53 - 00000000 ____D () C:\Documents and Settings\Home User\Application Data\SimplifiedIT
2014-04-10 03:23 - 2012-05-01 18:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-10 03:06 - 2008-11-14 23:41 - 00000000 ____D () C:\WINDOWS\ie7updates
2014-04-10 03:05 - 2013-07-14 19:12 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-10 03:05 - 2010-02-11 09:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-04-10 03:01 - 2008-11-14 23:39 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-09 15:02 - 2009-01-18 10:02 - 00000000 ____D () C:\Documents and Settings\Home User\My Documents\Alison
2014-04-09 11:25 - 2014-04-09 11:25 - 00000000 ____D () C:\Documents and Settings\Home User\Application Data\DropboxMaster
2014-04-08 15:00 - 2014-03-31 16:10 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-04-07 10:57 - 2014-04-07 10:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox
 
Some content of TEMP:
====================
C:\Documents and Settings\Home User\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxfcgxk.dll
C:\Documents and Settings\Home User\Local Settings\Temp\ntdll_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
Link to post
Share on other sites

========= FILES ==========

C:\Program Files\PCTechHotline folder moved successfully.

C:\Documents and Settings\Home User\Application Data\PC Tech Hotline\skin folder moved successfully.

C:\Documents and Settings\Home User\Application Data\PC Tech Hotline folder moved successfully.

 

OTL by OldTimer - Version 3.2.69.0 log created on 04302014_221020
Link to post
Share on other sites

ComboFix 14-04-30.01 - Home User 04/30/2014  22:13:32.3.2 - x86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3007.2234 [GMT -4:00]

Running from: c:\documents and settings\Home User\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

(((((((((((((((((((((((((   Files Created from 2014-04-01 to 2014-05-01  )))))))))))))))))))))))))))))))

.

.

2014-04-25 22:15 . 2014-04-25 22:34 -------- d-----w- c:\documents and settings\Home User\Application Data\QuickScan

2014-04-25 02:10 . 2014-04-25 02:10 -------- d-----w- C:\_OTL

2014-04-25 01:45 . 2014-05-01 02:01 -------- d-----w- C:\FRST

2014-04-25 01:14 . 2014-04-25 01:14 -------- d-----w- c:\program files\HitmanPro

2014-04-24 01:44 . 2014-04-25 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)

2014-04-24 01:43 . 2014-04-25 02:14 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-04-24 00:51 . 2010-08-30 12:34 536576 ----a-w- c:\windows\system32\sqlite3.dll

2014-04-23 12:13 . 2014-04-23 12:13 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys

2014-04-23 12:12 . 2014-04-23 12:12 43152 ----a-w- c:\windows\avastSS.scr

2014-04-11 19:53 . 2014-04-11 19:53 -------- d-----w- c:\documents and settings\Home User\Application Data\SimplifiedIT

2014-04-09 15:25 . 2014-04-09 15:25 -------- d-----w- c:\documents and settings\Home User\Application Data\DropboxMaster

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-04-28 22:46 . 2012-04-08 13:16 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-04-28 22:46 . 2011-05-30 13:04 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-04-23 12:13 . 2013-03-06 11:20 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2014-04-23 12:13 . 2013-03-06 11:20 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2014-04-23 12:13 . 2013-03-06 11:20 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys

2014-04-23 12:13 . 2011-03-13 11:52 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2014-04-23 12:13 . 2008-12-02 20:24 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2014-04-23 12:13 . 2008-12-02 20:24 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2014-04-23 12:13 . 2008-12-02 20:24 411552 ----a-w- c:\windows\system32\drivers\aswsp.sys

2014-04-23 12:12 . 2008-12-02 20:24 271264 ----a-w- c:\windows\system32\aswBoot.exe

2014-02-26 01:59 . 2014-03-18 08:18 13312 ------w- c:\windows\system32\xp_eos.exe

2014-02-25 22:53 . 2004-08-04 20:00 841216 ----a-w- c:\windows\system32\wininet.dll

2014-02-25 22:53 . 2004-08-04 20:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2014-02-25 22:53 . 2004-08-04 20:00 1830912 ------w- c:\windows\system32\inetcpl.cpl

2014-02-25 22:53 . 2004-08-04 20:00 17408 ----a-w- c:\windows\system32\corpol.dll

2014-02-07 02:01 . 2004-08-04 20:00 1879040 ----a-w- c:\windows\system32\win32k.sys

2014-02-05 08:55 . 2004-08-04 20:00 562688 ----a-w- c:\windows\system32\qedit.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2014-04-23 12:12 260976 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 131248 ----a-w- c:\documents and settings\Home User\Application Data\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 131248 ----a-w- c:\documents and settings\Home User\Application Data\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 131248 ----a-w- c:\documents and settings\Home User\Application Data\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 131248 ----a-w- c:\documents and settings\Home User\Application Data\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GoogleChromeAutoLaunch_837EAB815E7C58C51C00FF55757775AE"="c:\program files\Google\Chrome\Application\chrome.exe" [2014-04-24 841032]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608]

"HPHmon03"="c:\windows\system32\hphmon03.exe" [2006-01-13 311296]

"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]

"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2012-10-08 2804224]

"EKStatusMonitor"="c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]

"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-04-23 3873704]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2013-03-15 2236792]

.

c:\documents and settings\Home User\Start Menu\Programs\Startup\

Dropbox.lnk - c:\documents and settings\Home User\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2014-4-18 33604728]

EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2014-4-14 1107296]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Home User^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\documents and settings\Home User\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusServiceProvider]

2006-08-03 09:25 591360 ----a-r- c:\program files\ASUS\AASP\1.00.05\aaCenter.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

2004-08-04 20:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

2004-08-04 20:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

2004-08-04 20:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]

2013-11-23 22:15 5955072 ----a-w- c:\documents and settings\Home User\Application Data\Spotify\spotify.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]

2013-11-23 22:15 1168896 ----a-w- c:\documents and settings\Home User\Application Data\Spotify\Data\SpotifyWebHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2008-07-16 21:57 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Documents and Settings\\Home User\\Application Data\\Spotify\\spotify.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=

"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=

"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=

"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=

"c:\\Documents and Settings\\Home User\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Documents and Settings\\Home User\\My Documents\\Downloads\\PK Mobile Helper (1).exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:UDP"= 5353:UDP:Bonjour Port 5353

"9322:TCP"= 9322:TCP:EKDiscovery

.

R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [3/6/2013 7:20 AM 49944]

R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [3/6/2013 7:20 AM 180632]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/13/2011 7:52 AM 776976]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [12/2/2008 4:24 PM 411552]

R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [4/23/2014 8:13 AM 24184]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [3/6/2013 7:20 AM 67824]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [11/14/2008 11:05 PM 38144]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [3/15/2013 3:07 PM 395640]

R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [1/15/2013 1:07 PM 780152]

R2 PCTechHotlineSvc;PCTechHotlineService;c:\program files\PCTechHotline\PCTechHotlineSvc.exe --> c:\program files\PCTechHotline\PCTechHotlineSvc.exe [?]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [2/9/2009 8:41 PM 47360]

S3 cpuz130;cpuz130;\??\c:\docume~1\HOMEUS~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\HOMEUS~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [12/26/2008 12:37 AM 18864]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys --> c:\windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [10/21/2008 11:15 AM 332928]

S3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys --> c:\windows\system32\drivers\vad.sys [?]

S3 ZD1211BU(SMC);802.11g Wireless USB2.0 Adapter Driver(SMC);c:\windows\system32\drivers\ZD1211BU.sys [8/24/2006 6:44 AM 477696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-04-26 17:30 1078088 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 22:46]

.

2014-04-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]

.

2014-05-01 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-04-23 12:12]

.

2014-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-09 01:08]

.

2014-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-09 01:08]

.

2014-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job

- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2014-02-08 01:24]

.

2014-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job

- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2014-02-08 01:24]

.

2014-04-30 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job

- c:\windows\system32\xp_eos.exe [2014-03-18 01:59]

.

2014-04-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

- c:\windows\system32\xp_eos.exe [2014-03-18 01:59]

.

.

------- Supplementary Scan -------

.


uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Clip Image - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4

IE: Clip selection - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3

IE: Clip this page - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1

IE: Clip URL - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0

IE: New Note - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\documents and settings\Home User\Application Data\Mozilla\Firefox\Profiles\njlz5hts.default-1378665154078\

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1 - c:\program files\PCTechHotline\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2014-04-30 22:19

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...  

.

scanning hidden autostart entries ... 

.

scanning hidden files ...  

.

.

C:\avast! sandbox

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(680)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(3660)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\documents and settings\Home User\Application Data\Dropbox\bin\DropboxExt.22.dll

c:\windows\system32\ieframe.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2014-04-30  22:21:28

ComboFix-quarantined-files.txt  2014-05-01 02:21

ComboFix2.txt  2014-04-25 02:40

ComboFix3.txt  2014-04-24 02:53

.

Pre-Run: 140,582,428,672 bytes free

Post-Run: 140,727,156,736 bytes free

.

- - End Of File - - 06CCC11EA7DC2301C80C9B5D88DAE8DD

8F558EB6672622401DA993E1E865C861

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.