[RESOLVED] Got a positive on Malwarebytes - Broni can you review and guide - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 38

Thread: [RESOLVED] Got a positive on Malwarebytes - Broni can you review and guide

  1. February 26th, 2014, 09:01 AM #16
    daveandrita1
    daveandrita1 is offline Virtual Intern
    Join Date
    May 2011
    Posts
    113
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.0.6002 Windows Vista Service Pack 2 x86

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, G:\ DRIVE_FIXED
    CPU speed: 1.900000 GHz
    Memory total: 2078461952, free: 998244352

    Initializing...
    ======================
    ------------ Kernel report ------------
    02/26/2014 07:31:35
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntkrnlpa.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\acpi.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\PxHelp20.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\msrpc.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\system32\speedfan.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\system32\giveio.sys
    \SystemRoot\System32\drivers\ecache.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\drivers\crcdisk.sys
    \SystemRoot\System32\Drivers\aswVmm.sys
    \SystemRoot\System32\Drivers\aswRvrt.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\tunmp.sys
    \SystemRoot\system32\DRIVERS\amdk8.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\cpqbttn.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\nvsmu.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\ohci1394.sys
    \SystemRoot\system32\DRIVERS\1394BUS.SYS
    \SystemRoot\system32\DRIVERS\sdbus.sys
    \SystemRoot\system32\DRIVERS\rimmptsk.sys
    \SystemRoot\system32\DRIVERS\rimsptsk.sys
    \SystemRoot\system32\DRIVERS\rixdptsk.sys
    \SystemRoot\system32\DRIVERS\nvmfdx32.sys
    \SystemRoot\system32\DRIVERS\bcmwl6.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\msiscsi.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\CHDRT32.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
    \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\system32\DRIVERS\btwampfl.sys
    \SystemRoot\System32\Drivers\BTHUSB.sys
    \SystemRoot\System32\Drivers\bthport.sys
    \??\C:\Windows\system32\drivers\aswSnx.sys
    \SystemRoot\system32\DRIVERS\rfcomm.sys
    \SystemRoot\system32\DRIVERS\BthEnum.sys
    \SystemRoot\system32\DRIVERS\bthpan.sys
    \SystemRoot\system32\drivers\btwavdt.sys
    \??\C:\Windows\system32\drivers\aswSP.sys
    \SystemRoot\system32\drivers\btwaudio.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\system32\DRIVERS\btwl2cap.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\system32\DRIVERS\btwrchid.sys
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\tdx.sys
    \??\C:\Windows\system32\drivers\aswTdi.sys
    \SystemRoot\system32\DRIVERS\smb.sys
    \SystemRoot\system32\drivers\afd.sys
    \??\C:\Windows\system32\drivers\aswRdr.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\aswMonFlt.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\drivers\spsys.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\drivers\mrxdav.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\DRIVERS\xaudio.sys
    \SystemRoot\system32\DRIVERS\psi_mf_x86.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xffffffff860f2ac8
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-6\
    Lower Device Object: 0xffffffff84e0cb98
    Lower Device Driver Name: \Driver\atapi\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff85fef780
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-4\
    Lower Device Object: 0xffffffff84e1a030
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff85fef780, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff85fef400, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff85fef780, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    DevicePointer: 0xffffffff857a2878, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff84e1a030, DeviceName: \Device\Ide\IdeDeviceP2T0L0-4\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    The directory C:\WINDOWS\SYSTEM32\drivers seems inaccessible or encrypted.
    Drivers scan is aborted.
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 1F29DFAF

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 216781047
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 216781110 Numsec = 15419016

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 232200192 Numsec = 2236416

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 120034123776 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-234421648-234441648)...
    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xffffffff860f2ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff860f27b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff860f2ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    DevicePointer: 0xffffffff84e04ba8, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff84e0cb98, DeviceName: \Device\Ide\IdeDeviceP3T0L0-6\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: D5975192

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 234436482

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 120034123776 bytes
    Sector size: 512 bytes

    Done!
    Scan finished
    Reply With Quote Reply With Quote
  2. February 26th, 2014, 09:04 AM #17
    daveandrita1
    daveandrita1 is offline Virtual Intern
    Join Date
    May 2011
    Posts
    113
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009
    www.malwarebytes.org

    Database version: v2013.10.02.12

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Dave :: DAVE-PC [administrator]

    2/26/2014 7:32:57 AM
    mbar-log-2014-02-26 (07-32-57).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 213968
    Time elapsed: 21 minute(s), 30 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)


    I only ran this once since it came back clean. Should I run again?

    PS - sound suddenly reappeared yesterday. My device and drivers that were completely missing came back, but it looks like windows updated as well yesterday based on my choices for restore point. HMMMM
    Last edited by daveandrita1; February 26th, 2014 at 09:06 AM. Reason: new information
    Reply With Quote Reply With Quote
  3. February 26th, 2014, 09:59 PM #18
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    MBAR?
    My Home Page
    Reply With Quote Reply With Quote
  4. February 26th, 2014, 10:17 PM #19
    daveandrita1
    daveandrita1 is offline Virtual Intern
    Join Date
    May 2011
    Posts
    113
    Two logs posted above as requested. Did I miss something?
    Reply With Quote Reply With Quote
  6. February 26th, 2014, 10:20 PM #20
    daveandrita1
    daveandrita1 is offline Virtual Intern
    Join Date
    May 2011
    Posts
    113
    Quote Originally Posted by Broni View Post
    MBAR?
    Oh, is this about my question? The directions said to run mbar, then clean, then run again. Since mine came back clean the first time, not sure I needed to run twice.
    Reply With Quote Reply With Quote
  7. February 26th, 2014, 10:24 PM #21
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Sorry about it
    This board is having some issues and I'd swear those logs were not there when I checked last time...lol

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.



    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.



    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"


    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode


    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.



    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
    My Home Page
    Reply With Quote Reply With Quote
  8. February 26th, 2014, 10:27 PM #22
    daveandrita1
    daveandrita1 is offline Virtual Intern
    Join Date
    May 2011
    Posts
    113
    I know what you are saying. Had to post my logs twice this morning because they disappeared after first attempt. Running combofix now.
    Reply With Quote Reply With Quote
  9. February 26th, 2014, 11:02 PM #23
    daveandrita1
    daveandrita1 is offline Virtual Intern
    Join Date
    May 2011
    Posts
    113
    ComboFix 14-02-24.02 - Dave 02/26/2014 21:35:32.4.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.986 [GMT -5:00]
    Running from: d:\downloads\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Dave\AppData\Local\Temp\sfamcc00001.dll
    c:\users\Dave\AppData\Local\Temp\sfareca00001.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-01-27 to 2014-02-27 )))))))))))))))))))))))))))))))
    .
    .
    2014-02-26 21:09 . 2014-02-26 21:09 -------- d-----w- c:\users\Dave\AppData\Roaming\AnvSoft
    2014-02-26 20:08 . 2014-02-26 20:09 -------- d-----w- c:\users\Dave\AppData\Roaming\muvee Technologies
    2014-02-26 20:08 . 2014-02-26 20:08 -------- d-----w- c:\programdata\muvee Technologies
    2014-02-26 18:11 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C20A1D0-32D0-43BB-B950-7D78DBF6F2E4}\mpengine.dll
    2014-02-26 12:31 . 2014-02-26 13:05 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-02-26 12:31 . 2014-02-26 12:31 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-02-26 12:30 . 2014-02-26 12:30 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-02-24 14:11 . 2002-12-05 19:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
    2014-02-24 14:11 . 2002-12-02 20:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
    2014-02-24 14:11 . 2002-12-02 18:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
    2014-02-24 14:11 . 2002-12-02 18:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
    2014-02-24 14:11 . 2014-02-24 14:11 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
    2014-02-24 14:11 . 2014-02-24 14:11 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
    2014-02-24 14:11 . 2003-02-27 21:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
    2014-02-23 21:40 . 2014-02-23 21:40 -------- d-----w- C:\DRIVERS
    2014-02-23 18:01 . 2014-02-23 18:04 -------- d-----w- C:\AdwCleaner
    2014-02-23 15:01 . 2001-09-05 09:18 225280 ----a-w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
    2014-02-16 06:02 . 2014-02-16 06:02 -------- d-----w- c:\program files\GUMC39B.tmp
    2014-02-16 06:02 . 2014-02-16 06:02 49940480 ----a-w- c:\program files\GUTC39C.tmp
    2014-02-11 18:41 . 2013-12-05 02:12 1248768 ----a-w- c:\windows\system32\msxml3.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-02-23 13:59 . 2013-08-30 18:56 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
    2014-02-23 05:59 . 2012-05-04 14:55 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-02-23 05:59 . 2011-05-26 18:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-02-11 17:07 . 2011-05-25 23:25 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2014-02-11 17:07 . 2011-05-25 23:25 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2014-02-11 17:07 . 2011-05-25 23:25 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2014-02-11 17:07 . 2011-05-25 23:24 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2014-02-11 17:07 . 2011-05-25 23:24 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-02-11 17:07 . 2011-05-25 23:23 43152 ----a-w- c:\windows\avastSS.scr
    2014-02-11 17:07 . 2011-05-25 23:23 270240 ----a-w- c:\windows\system32\aswBoot.exe
    2014-01-17 18:46 . 2014-01-17 18:47 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2014-01-06 14:36 . 2013-03-18 21:01 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-12-18 11:13 . 2009-10-08 01:11 231584 ------w- c:\windows\system32\MpSigStub.exe
    2013-12-01 18:17 . 2013-03-18 21:01 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-10-13 05:01 . 2013-10-13 05:01 50053120 ----a-w- c:\program files\GUT16D5.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-02-11 17:07 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2014-01-30 20:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2014-01-30 20:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2014-01-30 20:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2014-01-30 20:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2014-01-30 20:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2014-01-30 20:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "75B0C53D49D5CF4882A1C47CE2D857073EEAC1C5._service_run"="c:\program files\Google\Chrome\Application\chrome.exe" [2014-02-20 859464]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-24 92704]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-11 3767096]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-23 176128]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-11-4 565464]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoThumbnailCache"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-02-23 13:46 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 05:59]
    .
    2014-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-03-10 23:24]
    .
    2014-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-03-10 23:24]
    .
    2014-02-26 c:\windows\Tasks\HPCeeScheduleForDave.job
    - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-08-05 21:23]
    .
    2014-02-26 c:\windows\Tasks\SlimCleaner+ (Check for Updates - Dave).job
    - c:\program files\SlimCleaner+\SlimCleanerPlus.exe [2013-10-31 00:11]
    .
    2014-02-27 c:\windows\Tasks\SlimCleaner+ (Scheduled Scan - Dave).job
    - c:\program files\SlimCleaner+\SlimCleanerPlus.exe [2013-10-31 00:11]
    .
    2014-02-23 c:\windows\Tasks\SlimDrivers Startup.job
    - c:\program files\SlimDrivers\SlimDrivers.exe [2013-09-24 16:49]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = www.bing.com
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    LSP: %SYSTEMROOT%\system32\nvLsp.dll
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-02-26 21:53
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.0.6002 Disk: ST9120822AS rev.3.BHE -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-6
    .
    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user != kernel MBR !!!
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(3372)
    c:\program files\HP\QuickPlay\Kernel\TV\PCMRM2Splter.ax
    c:\program files\HP\QuickPlay\Kernel\Movie\CLDemuxer.ax
    c:\program files\Common Files\Roxio Shared\9.0\MPEG\RoxioMPEGDemuxer.dll
    c:\program files\HP\QuickPlay\Kernel\DMP\CLWMFDemux.ax
    c:\program files\Common Files\muvee Technologies\MainConcept2\muveedsmpeg.ax
    c:\program files\Common Files\muvee Technologies\MainConcept2\muveempgdec.dll
    c:\program files\Common Files\muvee Technologies\MainConcept2\muveespmpeg.ax
    c:\program files\Common Files\muvee Technologies\MainConcept2\muveempegin.dll
    c:\program files\PIXELA\ImageMixer3\ImxPsSpl.ax
    c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\rundll32.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\system32\WLANExt.exe
    c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe
    c:\program files\Secunia\PSI\PSIA.exe
    c:\program files\SlimCleaner+\SlimServiceFactory.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2014-02-26 21:59:50 - machine was rebooted
    ComboFix-quarantined-files.txt 2014-02-27 02:59
    .
    Pre-Run: 18,588,499,968 bytes free
    Post-Run: 18,891,710,464 bytes free
    .
    - - End Of File - - 583974FE05931228D5B2A8DA638D6854
    8F558EB6672622401DA993E1E865C861
    Reply With Quote Reply With Quote
  11. February 26th, 2014, 11:06 PM #24
    daveandrita1
    daveandrita1 is offline Virtual Intern
    Join Date
    May 2011
    Posts
    113
    I noticed it gave a quarantined files text, so here it is in case it is helpful


    2014-02-27 02:58:09 . 2014-02-27 02:58:09 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfRd.reg.dat
    2014-02-27 02:58:09 . 2014-02-27 02:58:09 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfPf.reg.dat
    2014-02-27 02:57:49 . 2014-02-27 02:57:49 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
    2014-02-27 02:43:38 . 2014-02-27 02:43:38 5,899 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
    2014-02-27 02:35:13 . 2014-02-27 02:35:13 512 ----a-w- C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
    2014-02-27 02:31:59 . 2014-02-27 02:35:32 62 ----a-w- C:\Qoobox\Quarantine\catchme.log
    2014-01-21 21:50:02 . 2014-02-26 23:19:19 172,032 ----a-w- C:\Qoobox\Quarantine\C\Users\Dave\AppData\Local\Temp\sfareca00001.dll.vir
    2012-12-17 18:31:40 . 2014-02-26 23:19:19 192,512 ----a-w- C:\Qoobox\Quarantine\C\Users\Dave\AppData\Local\Temp\sfamcc00001.dll.vir
    Reply With Quote Reply With Quote
  12. February 26th, 2014, 11:29 PM #25
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Looks good.

    Please download AdwCleaner by Xplode onto your desktop.

    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.




    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.




    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
    My Home Page
    Reply With Quote Reply With Quote
  13. February 27th, 2014, 08:01 AM #26
    daveandrita1
    daveandrita1 is offline Virtual Intern
    Join Date
    May 2011
    Posts
    113
    # AdwCleaner v3.019 - Report created 27/02/2014 at 06:56:29
    # Updated 17/02/2014 by Xplode
    # Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # Username : Dave - DAVE-PC
    # Running from : D:\downloads\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16533


    -\\ Google Chrome v33.0.1750.117

    [ File : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted : homepage

    *************************

    AdwCleaner[R0].txt - [7049 octets] - [23/02/2014 13:02:16]
    AdwCleaner[R1].txt - [894 octets] - [27/02/2014 06:45:13]
    AdwCleaner[S0].txt - [7315 octets] - [23/02/2014 13:04:20]
    AdwCleaner[S1].txt - [818 octets] - [27/02/2014 06:56:29]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [877 octets] ##########
    Reply With Quote Reply With Quote
  14. February 27th, 2014, 08:27 AM #27
    daveandrita1
    daveandrita1 is offline Virtual Intern
    Join Date
    May 2011
    Posts
    113
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.2 (02.20.2014:1)
    OS: Windows Vista (TM) Home Premium x86
    Ran by Dave on Thu 02/27/2014 at 7:03:06.96
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\fixcleaner
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\fixcleaner
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C710C720-B588-4676-A61E-B8C9C166D712}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{C710C720-B588-4676-A61E-B8C9C166D712}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\Dave\AppData\Roaming\fixcleaner"
    Successfully deleted: [Folder] "C:\Program Files\fixcleaner"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 02/27/2014 at 7:07:32.89
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Reply With Quote Reply With Quote
  15. February 27th, 2014, 08:45 AM #28
    daveandrita1
    daveandrita1 is offline Virtual Intern
    Join Date
    May 2011
    Posts
    113
    OTL logfile created on: 2/27/2014 7:28:14 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = D:\downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.94 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 59.65% Memory free
    4.11 Gb Paging File | 3.29 Gb Available in Paging File | 80.12% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 103.37 Gb Total Space | 17.46 Gb Free Space | 16.89% Space Free | Partition Type: NTFS
    Drive D: | 111.79 Gb Total Space | 65.33 Gb Free Space | 58.44% Space Free | Partition Type: NTFS
    Drive E: | 7.35 Gb Total Space | 0.74 Gb Free Space | 10.00% Space Free | Partition Type: NTFS
    Drive G: | 1.07 Gb Total Space | 0.92 Gb Free Space | 86.31% Space Free | Partition Type: NTFS

    Computer Name: DAVE-PC | User Name: Dave | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/02/27 06:45:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\downloads\OTL.exe
    PRC - [2014/02/11 12:07:49 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2014/02/11 12:07:47 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/11/04 07:42:10 | 001,228,504 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
    PRC - [2013/11/04 07:42:08 | 000,565,464 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
    PRC - [2013/10/30 19:11:32 | 000,211,264 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files\SlimCleaner+\SlimServiceFactory.exe
    PRC - [2013/08/14 14:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    PRC - [2011/03/25 15:25:42 | 000,660,768 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/12/18 11:05:40 | 000,457,248 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    PRC - [2008/12/18 11:05:40 | 000,191,008 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/12/01 13:17:22 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
    MOD - [2007/04/23 18:11:44 | 000,339,968 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
    MOD - [2007/04/23 18:11:34 | 000,237,673 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
    MOD - [2007/04/23 18:11:34 | 000,114,787 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
    MOD - [2007/04/23 18:10:44 | 000,061,440 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll


    ========== Services (SafeList) ==========

    SRV - [2014/02/23 00:59:16 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/02/11 12:07:47 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/11/04 07:42:10 | 001,228,504 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
    SRV - [2013/11/04 07:42:08 | 000,660,184 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
    SRV - [2013/10/30 19:11:32 | 000,211,264 | ---- | M] (SlimWare Utilities, Inc.) [Auto | Running] -- C:\Program Files\SlimCleaner+\SlimServiceFactory.exe -- (SlimService)
    SRV - [2013/08/14 14:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
    SRV - [2011/03/25 15:25:42 | 000,660,768 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV - [2008/12/18 11:05:40 | 000,457,248 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
    SRV - [2008/12/18 11:05:40 | 000,191,008 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
    SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2014/02/23 08:59:47 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
    DRV - [2014/02/11 12:07:56 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2014/02/11 12:07:56 | 000,410,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2014/02/11 12:07:56 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2014/02/11 12:07:56 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2014/02/11 12:07:56 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2014/01/06 09:36:50 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2013/12/01 13:17:34 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2013/11/04 07:42:02 | 000,016,024 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf_x86.sys -- (PSI)
    DRV - [2011/04/13 14:02:36 | 000,045,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
    DRV - [2010/12/18 06:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
    DRV - [2010/04/30 17:09:44 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2010/04/30 17:09:22 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2010/02/25 00:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey)
    DRV - [2009/06/25 15:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2009/06/25 15:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2009/06/25 15:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2009/06/24 05:08:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009/04/29 06:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2008/03/03 10:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
    DRV - [2007/07/10 05:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/04/11 21:30:52 | 000,160,768 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
    DRV - [2006/11/08 02:02:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
    DRV - [2004/11/22 18:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
    DRV - [2004/11/22 18:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
    DRV - [1999/12/31 19:00:00 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [1999/12/31 19:00:00 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{13BA74AE-E197-454E-B8DB-18B78838913A}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
    IE - HKLM\..\SearchScopes\{9AE845A0-B8DE-4C87-A54E-55B6FFA38502}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.bing.com
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKCU\..\SearchScopes\{13BA74AE-E197-454E-B8DB-18B78838913A}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\..\SearchScopes\{9AE845A0-B8DE-4C87-A54E-55B6FFA38502}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKCU\..\SearchScopes\{AD642CB3-48D9-4B9B-87DC-49FFB073685A}: "URL" = http://www.bing.com/search?FORM=SO3TDF&PC=SUN3&q={searchTerms}&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-atty
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/04 02:07:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/08/29 08:14:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/28 09:51:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/08/29 08:14:35 | 000,000,000 | ---D | M]

    [2013/03/26 14:51:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.delta-search.com/?affID=1...C0001A739DAF10
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U43 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
    CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
    CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
    CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
    CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
    CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll
    CHR - plugin: Java Deployment Toolkit 6.0.430.1 (Enabled) = C:\Windows\system32\npdeployJava1.dll
    CHR - Extension: WOT = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.4.6_0\
    CHR - Extension: avast! Online Security = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2013.75_0\
    CHR - Extension: Google Wallet = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
    CHR - Extension: Gmail = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2014/02/26 21:52:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKCU..\Run: [75B0C53D49D5CF4882A1C47CE2D857073EEAC1C5._service_run] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\nvLsp.dll (NVIDIA)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos...ineScanner.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{166FE80A-742B-470C-A759-1E930A54C1A9}: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Dave\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Dave\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/08/04 21:57:23 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/02/27 07:02:59 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/02/26 21:59:59 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP113.SYS
    [2014/02/26 21:59:55 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\temp
    [2014/02/26 21:52:07 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2014/02/26 21:47:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2014/02/26 21:32:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2014/02/26 21:32:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2014/02/26 21:32:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2014/02/26 21:31:52 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014/02/26 16:09:04 | 000,000,000 | ---D | C] -- C:\Users\Dave\Documents\Any Video Converter
    [2014/02/26 16:09:04 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\AnvSoft
    [2014/02/26 15:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
    [2014/02/26 15:09:00 | 000,000,000 | ---D | C] -- C:\Users\Dave\Documents\My muvees
    [2014/02/26 15:08:56 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\muvee Technologies
    [2014/02/26 15:08:55 | 000,000,000 | ---D | C] -- C:\ProgramData\muvee Technologies
    [2014/02/26 07:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2014/02/26 07:31:31 | 000,107,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    [2014/02/26 07:30:31 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
    [2014/02/26 07:30:13 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\mbar
    [2014/02/26 06:58:06 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\RK_Quarantine
    [2014/02/23 16:40:51 | 000,000,000 | ---D | C] -- C:\DRIVERS
    [2014/02/23 13:01:56 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [3 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/02/27 07:02:14 | 000,291,488 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2014/02/27 07:02:14 | 000,291,488 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2014/02/27 07:00:34 | 000,000,266 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
    [2014/02/27 06:58:36 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/02/27 06:58:35 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/02/27 06:58:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/02/27 06:57:15 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2014/02/27 06:53:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/02/27 06:46:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/02/26 21:59:59 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP113.SYS
    [2014/02/26 21:59:48 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\SlimCleaner+ (Scheduled Scan - Dave).job
    [2014/02/26 21:52:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2014/02/26 21:13:54 | 000,645,894 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2014/02/26 21:13:54 | 000,120,994 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2014/02/26 17:35:04 | 000,095,744 | ---- | M] () -- C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2014/02/26 15:52:04 | 000,000,546 | ---- | M] () -- C:\Users\Dave\Desktop\Any Video Converter.lnk
    [2014/02/26 12:57:00 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\SlimCleaner+ (Check for Updates - Dave).job
    [2014/02/26 09:22:04 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDave.job
    [2014/02/26 07:31:31 | 000,107,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    [2014/02/26 07:30:31 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
    [2014/02/26 07:28:29 | 000,001,875 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2014/02/24 10:24:39 | 000,000,512 | ---- | M] () -- C:\Users\Dave\Desktop\MBR.dat
    [2014/02/23 09:27:08 | 000,000,039 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\mbam.context.scan
    [2014/02/23 09:14:08 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
    [2014/02/23 08:59:47 | 000,013,464 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
    [2014/02/23 08:48:05 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2014/02/18 13:39:58 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/02/11 12:07:56 | 000,775,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2014/02/11 12:07:56 | 000,410,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2014/02/11 12:07:56 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2014/02/11 12:07:56 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2014/02/11 12:07:56 | 000,054,832 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2014/02/11 12:07:55 | 000,270,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2014/02/11 12:07:55 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2014/02/06 12:16:12 | 000,041,228 | ---- | M] () -- C:\Users\Dave\Documents\burlap backgrounds.pdf
    [3 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/02/26 21:32:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2014/02/26 21:32:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2014/02/26 21:32:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2014/02/26 21:32:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2014/02/26 21:32:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2014/02/26 15:52:04 | 000,000,546 | ---- | C] () -- C:\Users\Dave\Desktop\Any Video Converter.lnk
    [2014/02/24 10:24:39 | 000,000,512 | ---- | C] () -- C:\Users\Dave\Desktop\MBR.dat
    [2014/02/23 09:26:34 | 000,000,039 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\mbam.context.scan
    [2014/02/06 12:16:12 | 000,041,228 | ---- | C] () -- C:\Users\Dave\Documents\burlap backgrounds.pdf
    [2014/02/04 17:22:58 | 000,000,412 | ---- | C] () -- C:\Windows\tasks\SlimCleaner+ (Scheduled Scan - Dave).job
    [2014/02/02 01:03:27 | 000,000,318 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForDave.job
    [2013/08/30 14:30:42 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
    [2013/08/30 13:56:28 | 000,013,464 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
    [2013/08/09 05:38:42 | 000,002,544 | ---- | C] () -- C:\Windows\System32\MyDefrag.dat
    [2013/03/18 16:01:22 | 000,180,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
    [2013/03/18 16:01:21 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
    [2011/05/25 18:47:44 | 000,000,000 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
    [2011/05/12 13:49:58 | 000,001,940 | ---- | C] () -- C:\Users\Dave\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2011/04/30 09:52:17 | 000,004,096 | -H-- | C] () -- C:\Users\Dave\AppData\Local\keyfile3.drm
    [2011/02/14 10:50:08 | 000,029,825 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\Comma Separated Values (Windows).ADR
    [2009/04/17 06:59:57 | 000,000,680 | ---- | C] () -- C:\Users\Dave\AppData\Local\d3d9caps.dat
    [2009/02/17 15:09:52 | 000,291,488 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2009/02/17 15:09:40 | 000,291,488 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2009/01/08 11:06:55 | 000,000,782 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\wklnhst.dat
    [2007/11/21 19:21:27 | 000,095,744 | ---- | C] () -- C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/10/30 19:45:52 | 000,027,240 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\nvModes.001
    [2007/10/30 11:04:28 | 000,027,240 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\nvModes.dat

    ========== ZeroAccess Check ==========

    [2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2014/02/26 16:09:04 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\AnvSoft
    [2013/12/01 16:03:23 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\AVAST Software
    [2009/02/16 12:13:52 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Aventail
    [2010/09/26 09:35:07 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Binary Fortress Software
    [2011/06/28 13:44:27 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2013/09/24 12:26:35 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\com.Shutterfly.ExpressUploader
    [2011/07/09 13:21:38 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\DriverFinder
    [2009/09/14 12:23:37 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\EPSON
    [2013/03/26 14:31:06 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Foresight Software
    [2013/03/26 15:32:35 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\HandBrake
    [2010/12/12 10:41:34 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\MusicNet
    [2014/02/26 15:09:03 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\muvee Technologies
    [2008/03/28 12:53:22 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\pdf995
    [2011/05/25 15:17:09 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Sammsoft
    [2009/04/11 18:30:33 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\TaxCut
    [2011/06/10 07:00:58 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Template
    [2013/07/23 15:39:28 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\uTorrent
    [2013/03/09 08:57:37 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\WinFF

    ========== Purity Check ==========



    < End of report >
    Reply With Quote Reply With Quote
  16. February 27th, 2014, 08:46 AM #29
    daveandrita1
    daveandrita1 is offline Virtual Intern
    Join Date
    May 2011
    Posts
    113
    OTL logfile created on: 2/27/2014 7:28:14 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = D:\downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.94 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 59.65% Memory free
    4.11 Gb Paging File | 3.29 Gb Available in Paging File | 80.12% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 103.37 Gb Total Space | 17.46 Gb Free Space | 16.89% Space Free | Partition Type: NTFS
    Drive D: | 111.79 Gb Total Space | 65.33 Gb Free Space | 58.44% Space Free | Partition Type: NTFS
    Drive E: | 7.35 Gb Total Space | 0.74 Gb Free Space | 10.00% Space Free | Partition Type: NTFS
    Drive G: | 1.07 Gb Total Space | 0.92 Gb Free Space | 86.31% Space Free | Partition Type: NTFS

    Computer Name: DAVE-PC | User Name: Dave | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/02/27 06:45:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\downloads\OTL.exe
    PRC - [2014/02/11 12:07:49 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2014/02/11 12:07:47 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/11/04 07:42:10 | 001,228,504 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
    PRC - [2013/11/04 07:42:08 | 000,565,464 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
    PRC - [2013/10/30 19:11:32 | 000,211,264 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files\SlimCleaner+\SlimServiceFactory.exe
    PRC - [2013/08/14 14:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    PRC - [2011/03/25 15:25:42 | 000,660,768 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/12/18 11:05:40 | 000,457,248 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    PRC - [2008/12/18 11:05:40 | 000,191,008 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/12/01 13:17:22 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
    MOD - [2007/04/23 18:11:44 | 000,339,968 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
    MOD - [2007/04/23 18:11:34 | 000,237,673 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
    MOD - [2007/04/23 18:11:34 | 000,114,787 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
    MOD - [2007/04/23 18:10:44 | 000,061,440 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll


    ========== Services (SafeList) ==========

    SRV - [2014/02/23 00:59:16 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/02/11 12:07:47 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/11/04 07:42:10 | 001,228,504 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
    SRV - [2013/11/04 07:42:08 | 000,660,184 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
    SRV - [2013/10/30 19:11:32 | 000,211,264 | ---- | M] (SlimWare Utilities, Inc.) [Auto | Running] -- C:\Program Files\SlimCleaner+\SlimServiceFactory.exe -- (SlimService)
    SRV - [2013/08/14 14:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
    SRV - [2011/03/25 15:25:42 | 000,660,768 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV - [2008/12/18 11:05:40 | 000,457,248 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
    SRV - [2008/12/18 11:05:40 | 000,191,008 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
    SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2014/02/23 08:59:47 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
    DRV - [2014/02/11 12:07:56 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2014/02/11 12:07:56 | 000,410,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2014/02/11 12:07:56 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2014/02/11 12:07:56 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2014/02/11 12:07:56 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2014/01/06 09:36:50 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2013/12/01 13:17:34 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2013/11/04 07:42:02 | 000,016,024 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf_x86.sys -- (PSI)
    DRV - [2011/04/13 14:02:36 | 000,045,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
    DRV - [2010/12/18 06:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
    DRV - [2010/04/30 17:09:44 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2010/04/30 17:09:22 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2010/02/25 00:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey)
    DRV - [2009/06/25 15:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2009/06/25 15:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2009/06/25 15:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2009/06/24 05:08:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009/04/29 06:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2008/03/03 10:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
    DRV - [2007/07/10 05:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/04/11 21:30:52 | 000,160,768 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
    DRV - [2006/11/08 02:02:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
    DRV - [2004/11/22 18:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
    DRV - [2004/11/22 18:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
    DRV - [1999/12/31 19:00:00 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [1999/12/31 19:00:00 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{13BA74AE-E197-454E-B8DB-18B78838913A}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
    IE - HKLM\..\SearchScopes\{9AE845A0-B8DE-4C87-A54E-55B6FFA38502}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.bing.com
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKCU\..\SearchScopes\{13BA74AE-E197-454E-B8DB-18B78838913A}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\..\SearchScopes\{9AE845A0-B8DE-4C87-A54E-55B6FFA38502}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKCU\..\SearchScopes\{AD642CB3-48D9-4B9B-87DC-49FFB073685A}: "URL" = http://www.bing.com/search?FORM=SO3TDF&PC=SUN3&q={searchTerms}&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-atty
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/04 02:07:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/08/29 08:14:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/28 09:51:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/08/29 08:14:35 | 000,000,000 | ---D | M]

    [2013/03/26 14:51:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.delta-search.com/?affID=1...C0001A739DAF10
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U43 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
    CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
    CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
    CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
    CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
    CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll
    CHR - plugin: Java Deployment Toolkit 6.0.430.1 (Enabled) = C:\Windows\system32\npdeployJava1.dll
    CHR - Extension: WOT = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.4.6_0\
    CHR - Extension: avast! Online Security = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2013.75_0\
    CHR - Extension: Google Wallet = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
    CHR - Extension: Gmail = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2014/02/26 21:52:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKCU..\Run: [75B0C53D49D5CF4882A1C47CE2D857073EEAC1C5._service_run] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\nvLsp.dll (NVIDIA)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos...ineScanner.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{166FE80A-742B-470C-A759-1E930A54C1A9}: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Dave\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Dave\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/08/04 21:57:23 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/02/27 07:02:59 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/02/26 21:59:59 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP113.SYS
    [2014/02/26 21:59:55 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\temp
    [2014/02/26 21:52:07 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2014/02/26 21:47:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2014/02/26 21:32:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2014/02/26 21:32:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2014/02/26 21:32:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2014/02/26 21:31:52 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014/02/26 16:09:04 | 000,000,000 | ---D | C] -- C:\Users\Dave\Documents\Any Video Converter
    [2014/02/26 16:09:04 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\AnvSoft
    [2014/02/26 15:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
    [2014/02/26 15:09:00 | 000,000,000 | ---D | C] -- C:\Users\Dave\Documents\My muvees
    [2014/02/26 15:08:56 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\muvee Technologies
    [2014/02/26 15:08:55 | 000,000,000 | ---D | C] -- C:\ProgramData\muvee Technologies
    [2014/02/26 07:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2014/02/26 07:31:31 | 000,107,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    [2014/02/26 07:30:31 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
    [2014/02/26 07:30:13 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\mbar
    [2014/02/26 06:58:06 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\RK_Quarantine
    [2014/02/23 16:40:51 | 000,000,000 | ---D | C] -- C:\DRIVERS
    [2014/02/23 13:01:56 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [3 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/02/27 07:02:14 | 000,291,488 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2014/02/27 07:02:14 | 000,291,488 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2014/02/27 07:00:34 | 000,000,266 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
    [2014/02/27 06:58:36 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/02/27 06:58:35 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/02/27 06:58:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/02/27 06:57:15 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2014/02/27 06:53:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/02/27 06:46:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/02/26 21:59:59 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP113.SYS
    [2014/02/26 21:59:48 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\SlimCleaner+ (Scheduled Scan - Dave).job
    [2014/02/26 21:52:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2014/02/26 21:13:54 | 000,645,894 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2014/02/26 21:13:54 | 000,120,994 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2014/02/26 17:35:04 | 000,095,744 | ---- | M] () -- C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2014/02/26 15:52:04 | 000,000,546 | ---- | M] () -- C:\Users\Dave\Desktop\Any Video Converter.lnk
    [2014/02/26 12:57:00 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\SlimCleaner+ (Check for Updates - Dave).job
    [2014/02/26 09:22:04 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDave.job
    [2014/02/26 07:31:31 | 000,107,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    [2014/02/26 07:30:31 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
    [2014/02/26 07:28:29 | 000,001,875 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2014/02/24 10:24:39 | 000,000,512 | ---- | M] () -- C:\Users\Dave\Desktop\MBR.dat
    [2014/02/23 09:27:08 | 000,000,039 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\mbam.context.scan
    [2014/02/23 09:14:08 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
    [2014/02/23 08:59:47 | 000,013,464 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
    [2014/02/23 08:48:05 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2014/02/18 13:39:58 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/02/11 12:07:56 | 000,775,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2014/02/11 12:07:56 | 000,410,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2014/02/11 12:07:56 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2014/02/11 12:07:56 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2014/02/11 12:07:56 | 000,054,832 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2014/02/11 12:07:55 | 000,270,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2014/02/11 12:07:55 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2014/02/06 12:16:12 | 000,041,228 | ---- | M] () -- C:\Users\Dave\Documents\burlap backgrounds.pdf
    [3 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/02/26 21:32:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2014/02/26 21:32:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2014/02/26 21:32:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2014/02/26 21:32:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2014/02/26 21:32:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2014/02/26 15:52:04 | 000,000,546 | ---- | C] () -- C:\Users\Dave\Desktop\Any Video Converter.lnk
    [2014/02/24 10:24:39 | 000,000,512 | ---- | C] () -- C:\Users\Dave\Desktop\MBR.dat
    [2014/02/23 09:26:34 | 000,000,039 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\mbam.context.scan
    [2014/02/06 12:16:12 | 000,041,228 | ---- | C] () -- C:\Users\Dave\Documents\burlap backgrounds.pdf
    [2014/02/04 17:22:58 | 000,000,412 | ---- | C] () -- C:\Windows\tasks\SlimCleaner+ (Scheduled Scan - Dave).job
    [2014/02/02 01:03:27 | 000,000,318 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForDave.job
    [2013/08/30 14:30:42 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
    [2013/08/30 13:56:28 | 000,013,464 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
    [2013/08/09 05:38:42 | 000,002,544 | ---- | C] () -- C:\Windows\System32\MyDefrag.dat
    [2013/03/18 16:01:22 | 000,180,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
    [2013/03/18 16:01:21 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
    [2011/05/25 18:47:44 | 000,000,000 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
    [2011/05/12 13:49:58 | 000,001,940 | ---- | C] () -- C:\Users\Dave\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2011/04/30 09:52:17 | 000,004,096 | -H-- | C] () -- C:\Users\Dave\AppData\Local\keyfile3.drm
    [2011/02/14 10:50:08 | 000,029,825 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\Comma Separated Values (Windows).ADR
    [2009/04/17 06:59:57 | 000,000,680 | ---- | C] () -- C:\Users\Dave\AppData\Local\d3d9caps.dat
    [2009/02/17 15:09:52 | 000,291,488 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2009/02/17 15:09:40 | 000,291,488 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2009/01/08 11:06:55 | 000,000,782 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\wklnhst.dat
    [2007/11/21 19:21:27 | 000,095,744 | ---- | C] () -- C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/10/30 19:45:52 | 000,027,240 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\nvModes.001
    [2007/10/30 11:04:28 | 000,027,240 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\nvModes.dat

    ========== ZeroAccess Check ==========

    [2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2014/02/26 16:09:04 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\AnvSoft
    [2013/12/01 16:03:23 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\AVAST Software
    [2009/02/16 12:13:52 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Aventail
    [2010/09/26 09:35:07 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Binary Fortress Software
    [2011/06/28 13:44:27 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2013/09/24 12:26:35 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\com.Shutterfly.ExpressUploader
    [2011/07/09 13:21:38 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\DriverFinder
    [2009/09/14 12:23:37 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\EPSON
    [2013/03/26 14:31:06 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Foresight Software
    [2013/03/26 15:32:35 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\HandBrake
    [2010/12/12 10:41:34 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\MusicNet
    [2014/02/26 15:09:03 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\muvee Technologies
    [2008/03/28 12:53:22 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\pdf995
    [2011/05/25 15:17:09 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Sammsoft
    [2009/04/11 18:30:33 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\TaxCut
    [2011/06/10 07:00:58 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Template
    [2013/07/23 15:39:28 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\uTorrent
    [2013/03/09 08:57:37 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\WinFF

    ========== Purity Check ==========



    < End of report >
    Reply With Quote Reply With Quote
  17. February 27th, 2014, 08:49 AM #30
    daveandrita1
    daveandrita1 is offline Virtual Intern
    Join Date
    May 2011
    Posts
    113
    OTL Extras logfile created on: 2/27/2014 7:28:14 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = D:\downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.94 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 59.65% Memory free
    4.11 Gb Paging File | 3.29 Gb Available in Paging File | 80.12% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 103.37 Gb Total Space | 17.46 Gb Free Space | 16.89% Space Free | Partition Type: NTFS
    Drive D: | 111.79 Gb Total Space | 65.33 Gb Free Space | 58.44% Space Free | Partition Type: NTFS
    Drive E: | 7.35 Gb Total Space | 0.74 Gb Free Space | 10.00% Space Free | Partition Type: NTFS
    Drive G: | 1.07 Gb Total Space | 0.92 Gb Free Space | 86.31% Space Free | Partition Type: NTFS

    Computer Name: DAVE-PC | User Name: Dave | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{24B922A9-B243-4E7B-BC6A-97D1BB046FE0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{B0938255-F00E-4B68-A110-CA30A04D79C1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{B27CBB25-F543-49BE-8F0B-22CFC06F9F95}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{07C19C5E-E154-49C4-94A4-FBFFECC45C9F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{15CFE5DA-07E6-4C2E-AA02-C15E79CB1CCC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
    "{1800F268-F447-4582-9414-13E6E4B22FB0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
    "{1C7D6AB8-7D0B-49DC-9263-82400E120449}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{1E7CD4B0-5C7B-4182-8E47-908AD1D3631A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{2B296E57-481D-497A-AF70-E05A45010B3A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{3CE176F6-FE31-44AF-8716-6E963E16C8C5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{406FA7C5-42D1-4DE2-BD87-19117B6951E6}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{4D051607-5CF6-4221-BD3C-98F50FC14C74}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
    "{4D200BE8-A616-468D-B87D-1DD732207026}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
    "{67F58F89-C906-4769-AA1C-BD0287ECDEA1}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
    "{85777A53-A9B8-487C-8BB3-834527BFD7E2}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{8D1C16C9-DCE8-4F8B-AAE6-6AC713EC7C4D}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
    "{99BF42D2-0F18-48F2-9058-4FB0EFF45E4E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{ABE05DD1-4B8A-4117-A4E5-CEF78F2BEC68}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{BD0C338B-0175-43EB-8E50-502F4F30E264}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{BD66770E-C9F6-4250-A095-42B33BB1ADA7}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{BE8A8F5C-0012-4D54-880A-798E7C719483}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{C7937381-7658-4504-9499-2D153482856B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{C9A5D13F-A9F2-4F1E-8111-E75E6417F97F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{CA15E77D-0622-49F3-9F7E-E0ABB217835B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
    "{DFB41557-CD44-4A29-9AFE-9459A7F0ABDC}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{E230856B-4A8C-467F-93E3-26185C4B5B38}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{F86521EC-F013-4DEC-8ECF-394A3BA411AD}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "TCP Query User{1E3A7F96-88F6-4F99-8632-B6FA338C8B29}C:\users\dave\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\dave\appdata\local\google\chrome\application\chrome.exe |
    "UDP Query User{8CEDB0E1-CC32-4FEE-9D1B-7C9836816960}C:\users\dave\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\dave\appdata\local\google\chrome\application\chrome.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}" = Apple Mobile Device Support
    "{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
    "{31B2D73B-4311-4D95-A131-32FB2194D1CB}" = Microsoft UI Engine
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
    "{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
    "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Bluetooth by hp
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
    "{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CA4B2E7-3F49-4C15-9869-547FDB24C8E6}" = SlimCleaner+
    "{54F7A791-38DE-4439-AB3F-B3F7DDA89C75}" = ESU for Microsoft Vista
    "{5AB56552-6938-4686-9F87-DB0ED8D1E06B}" = HP User Guides 0056
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{616445AF-BBCF-41C1-A4D6-8CFF171C182D}" = iTunes
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{663E217E-FC26-4249-9E8E-F190CD63E737}" = TaxCut Premium + State 2007
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
    "{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}" = SavingsBull
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{751910E3-ECF1-44D0-BF3F-2936A4424514}" = ImageMixer3
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A5EBB62-ADE7-41E2-8884-1517DE3505D1}" = DeductionPro 2007
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B0B46B3-10DF-4ADA-9501-0129D784563D}" = Aventail Web Proxy Agent
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
    "{A5457401-D56A-43F2-9524-78E54A7FC07A}" = SlimDrivers
    "{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}" = Apple Application Support
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
    "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
    "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
    "{ADA1977A-77B7-4837-B788-83F00C3A4894}" = TaxCut Kentucky 2008
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
    "{B673174A-207E-426D-9F4F-8F9C0F20B510}" = TaxCut Kentucky 2007
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
    "{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
    "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
    "{C8192B14-5B56-2E27-6652-8AA650091D6E}" = Shutterfly Express Uploader
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
    "{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
    "{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
    "{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
    "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
    "{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
    "{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor
    "{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
    "{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
    "8089B79E-5E25-4872-8AC9-058E5F5599EC_is1" = iTunes Sync 1.5.1
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 12.0
    "Any Video Converter_is1" = Any Video Converter 5.5.5
    "avast" = avast! Free Antivirus
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
    "Defraggler" = Defraggler
    "ENTERPRISER" = Microsoft Office Enterprise 2007
    "EPSON Printer and Utilities" = EPSON Printer Software
    "EPSON Scanner" = EPSON Scan
    "Excel" = Microsoft Excel 97
    "Google Chrome" = Google Chrome
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
    "NVIDIA Drivers" = NVIDIA Drivers
    "Pdf995" = Pdf995 (installed by TaxCut)
    "PdfEdit995" = PdfEdit995 (installed by TaxCut)
    "RealPlayer 16.0" = RealPlayer
    "Secunia PSI" = Secunia PSI (3.0.0.9015)
    "SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
    "SmartAudio" = SmartAudio
    "SpeedFan" = SpeedFan (remove only)
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WildTangent hplaptop Master Uninstall" = My HP Games
    "WinFF_is1" = WinFF 1.5 (Codename EMMA)
    "Word8.0" = Microsoft Word 97

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager

    ========== Last 20 Event Log Errors ==========

    [ OSession Events ]
    Error - 7/18/2013 5:41:41 PM | Computer Name = Dave-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
    12.0.6676.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3341
    seconds with 1680 seconds of active time. This session ended with a crash.

    Error - 7/25/2013 6:18:33 PM | Computer Name = Dave-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
    12.0.6676.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 47
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 7/30/2013 10:42:44 AM | Computer Name = Dave-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
    12.0.6676.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 54
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 8/6/2013 10:35:41 AM | Computer Name = Dave-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
    12.0.6676.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1829
    seconds with 240 seconds of active time. This session ended with a crash.

    Error - 8/7/2013 7:46:59 PM | Computer Name = Dave-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
    12.0.6676.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1608
    seconds with 300 seconds of active time. This session ended with a crash.

    Error - 8/9/2013 9:32:02 AM | Computer Name = Dave-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
    12.0.6676.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 355
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 8/9/2013 9:50:34 AM | Computer Name = Dave-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
    12.0.6676.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1105
    seconds with 540 seconds of active time. This session ended with a crash.

    Error - 8/30/2013 1:59:23 PM | Computer Name = Dave-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
    12.0.6676.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4346
    seconds with 1260 seconds of active time. This session ended with a crash.

    Error - 8/30/2013 1:59:23 PM | Computer Name = Dave-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
    12.0.6676.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 675
    seconds with 600 seconds of active time. This session ended with a crash.

    Error - 9/19/2013 7:07:45 PM | Computer Name = Dave-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
    12.0.6676.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4840
    seconds with 2100 seconds of active time. This session ended with a crash.


    < End of report >
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules