View Full Version : cannot remove Win32.downloader malware
halibrewer
2014-02-03, 11:27
thank you tashi for your response. I have tried running spybot as administrator and at startup several times. I have followed your instructions.
here is the dds have
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.51.2
Run by H at 9:02:12 on 2014-02-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3767.1871 [GMT 0:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: avast! Internet Security *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Internet Security *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: avast! Internet Security *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\Rundll32.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
C:\Windows\system32\svchost.exe -k bthaudiosvc
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files (x86)\Kodak\CloudPrinting\KCPConnector.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\lxcycoms.exe
C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uProxyServer = localhost:8118
uProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.symantec.com
uURLSearchHooks: AF-HSS Toolbar: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\tbAF-H.dll
uURLSearchHooks: {81d24ea1-3106-46a5-a324-fa96b8178519} - <orphaned>
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
mURLSearchHooks: AF-HSS Toolbar: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\tbAF-H.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\CoIEPlg.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: AF-HSS Toolbar: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\tbAF-H.dll
TB: AF-HSS Toolbar: {F0381DBD-E018-4E07-AE40-D96AB15083F0} - C:\Program Files (x86)\AF-HSS\tbAF-H.dll
TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
TB: AF-HSS Toolbar: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\tbAF-H.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\CoIEPlg.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Google Update] "C:\Users\H\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [BackgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\H\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\Users\H\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{278E566C-8F28-44DB-9BEE-335AAA7FBCA5} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{278E566C-8F28-44DB-9BEE-335AAA7FBCA5}\74357475C414E4 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{62A4F96F-62B9-4067-9009-0BF19CAD32FB} : DHCPNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\citrix\icacli~1\rshook.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxps://www.google.com/search
FF - prefs.js: network.proxy.type - 2
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\H\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\H\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\H\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\H\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\H\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-1-27 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-1-27 207904]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-13 55024]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2010-12-21 316248]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1501000.012\SymDS64.sys [2013-12-28 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1501000.012\SymEFA64.sys [2013-12-28 1147480]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2014-1-27 28184]
R1 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswNdisFlt.sys [2014-1-27 440672]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-1-27 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-1-27 421704]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-12-5 98888]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140124.001\IDSviA64.sys [2014-1-25 521944]
R1 RapportCerberus_59849;RapportCerberus_59849;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [2013-10-30 606672]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-12-21 282648]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-12-21 397784]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-1-27 78648]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2012-10-5 133944]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-1-27 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-1-27 113704]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-8-3 325200]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-10-13 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-1-8 23584]
R2 HFGService;Handsfree Headset Service;C:\Windows\System32\svchost.exe -k bthaudiosvc [2009-7-13 27136]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-3 13336]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2013-3-15 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2013-1-15 780152]
R2 Kodak Cloud Software Connector;Kodak Cloud Software Connector;C:\Program Files (x86)\Kodak\CloudPrinting\KCPConnector.exe -s --> C:\Program Files (x86)\Kodak\CloudPrinting\KCPConnector.exe -s [?]
R2 lxcy_device;lxcy_device;C:\Windows\System32\lxcycoms.exe -service --> C:\Windows\System32\lxcycoms.exe -service [?]
R2 MCLIENT;Norton Management;C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe [2013-8-22 143928]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [2013-12-28 275696]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-6-28 255744]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-12-21 1444120]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-28 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-8-3 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-8-3 243232]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-1-27 80184]
R3 BthAudioHF;BthAudioHF Service;C:\Windows\System32\drivers\BthAudioHF.sys [2009-12-21 52224]
R3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\System32\drivers\BthAvrcp.sys [2009-8-13 29184]
R3 csr_a2dp;Bluetooth AV Profile;C:\Windows\System32\drivers\bthav.sys [2009-12-21 78848]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-8-3 135560]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-8-3 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-8-3 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-8-3 271872]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-3-21 321064]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-8-3 1108000]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [2014-1-22 1526488]
S1 ccSet_MCLIENT;Norton Management Settings Manager;C:\Windows\System32\drivers\MCLIENTx64\0302020.00C\ccsetx64.sys [2013-8-22 168096]
S1 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\drivers\NISx64\1501000.012\ccSetx64.sys [2013-12-28 162392]
S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1501000.012\Ironx64.sys [2013-12-28 264280]
S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1501000.012\symnets.sys [2013-12-28 590936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2013-6-13 14448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-13 111616]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2011-2-22 9216]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-8-3 245280]
S3 SMARTMouseFilterx64;HID-compliant mouse;C:\Windows\System32\drivers\SMARTMouseFilterx64.sys [2012-3-21 13168]
S3 SMARTVHidMiniVistaAmd64;SMART HID Device;C:\Windows\System32\drivers\SMARTVHidMiniVistaAmd64.sys [2012-3-21 16368]
S3 SMARTVTabletPCx64;SMART Virtual TabletPC;C:\Windows\System32\drivers\SMARTVTabletPCx64.sys [2012-3-21 24944]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-6-13 155824]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-14 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-20 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-01-31 22:36:31 0 ----a-w- C:\Windows\SysWow64\sho2754.tmp
2014-01-29 18:00:14 0 ----a-w- C:\Windows\SysWow64\sho9680.tmp
2014-01-27 16:30:29 -------- d-----w- C:\Users\H\New folder
2014-01-27 15:18:27 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2014-01-27 15:17:54 440672 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys
2014-01-27 15:10:12 80184 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-01-27 15:10:12 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-01-27 15:10:11 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-01-27 15:10:11 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-01-27 15:10:11 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-01-27 15:10:11 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-01-27 15:10:02 43152 ----a-w- C:\Windows\avastSS.scr
2014-01-27 12:34:38 -------- d--h--w- C:\Users\H\AppData\Roaming\AVAST Software
2014-01-27 12:28:33 -------- d-----w- C:\Program Files\AVAST Software
2014-01-27 12:27:39 -------- d-----w- C:\ProgramData\AVAST Software
2014-01-25 18:06:09 -------- d-----w- C:\Program Files\iPod
2014-01-25 18:06:08 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-25 18:06:08 -------- d-----w- C:\Program Files\iTunes
2014-01-25 18:06:08 -------- d-----w- C:\Program Files (x86)\iTunes
2014-01-25 18:03:08 -------- d-----w- C:\Program Files\Bonjour
2014-01-25 18:03:08 -------- d-----w- C:\Program Files (x86)\Bonjour
2014-01-25 16:40:16 -------- d-----w- C:\ProgramData\Logs
2014-01-20 09:58:21 -------- d--h--w- C:\Users\H\AppData\Local\LogMeIn Rescue Applet
2014-01-20 09:56:28 -------- d-----w- C:\Users\H\AppData\Local\Conduit
2014-01-19 12:16:44 0 ----a-w- C:\Windows\SysWow64\sho42FE.tmp
2014-01-17 22:43:58 0 ----a-w- C:\Windows\SysWow64\sho9097.tmp
2014-01-17 18:50:57 -------- d--h--w- C:\Users\H\AppData\Local\Oxford University Press
2014-01-17 18:50:57 -------- d-----w- C:\Users\H\AppData\Roaming\Oxford University Press
2014-01-17 18:08:57 -------- d-----w- C:\Program Files (x86)\Oxford University Press
2014-01-16 01:50:40 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-15 08:56:20 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 08:56:20 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-15 08:56:20 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-15 08:56:20 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-15 08:56:20 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-15 08:56:20 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 08:56:20 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-15 08:55:58 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-15 08:55:48 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-01-08 00:30:56 0 ----a-w- C:\Windows\SysWow64\shoAEC8.tmp
2014-01-06 19:23:36 4558848 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2014-01-05 17:41:13 0 ----a-w- C:\Windows\SysWow64\shoE7DE.tmp
2014-01-04 16:50:33 -------- d-----w- C:\Users\H\AppData\Local\Amazon Cloud Player
.
==================== Find3M ====================
.
2014-02-02 19:47:08 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-02 19:47:08 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-03 22:30:09 0 ----a-w- C:\Windows\SysWow64\sho5A20.tmp
2013-12-28 19:51:08 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-12-24 02:14:04 0 ----a-w- C:\Windows\SysWow64\sho6F57.tmp
2013-12-21 22:56:32 316248 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2013-12-12 10:01:10 0 ----a-w- C:\Windows\SysWow64\shoAE89.tmp
2013-12-03 22:30:00 0 ----a-w- C:\Windows\SysWow64\sho51F.tmp
2013-12-01 09:37:00 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2013-12-01 09:37:00 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-25 14:44:44 19392 ----a-w- C:\Windows\System32\roboot64.exe
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 02:58:41 0 ----a-w- C:\Windows\SysWow64\shoA43B.tmp
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 9:05:21.68 ===============
here is the aswmbr
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-02-03 09:13:01
-----------------------------
09:13:01.741 OS Version: Windows x64 6.1.7601 Service Pack 1
09:13:01.741 Number of processors: 4 586 0x2505
09:13:01.742 ComputerName: HALIMAB-PC UserName: H
09:13:03.447 Initialize success
09:13:06.621 AVAST engine defs: 14020201
09:13:11.405 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:13:11.409 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
09:13:11.544 Disk 0 MBR read successfully
09:13:11.549 Disk 0 MBR scan
09:13:11.556 Disk 0 Windows 7 default MBR code
09:13:11.561 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
09:13:11.585 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
09:13:11.591 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 291831 MB offset 27469824
09:13:11.609 Disk 0 scanning C:\Windows\system32\drivers
09:13:26.022 Service scanning
09:13:53.399 Modules scanning
09:13:53.414 Disk 0 trace - called modules:
09:13:53.430 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:13:53.929 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007007060]
09:13:53.929 3 CLASSPNP.SYS[fffff8800161c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004faa050]
09:13:54.865 AVAST engine scan C:\Windows
09:13:57.455 AVAST engine scan C:\Windows\system32
09:16:52.978 AVAST engine scan C:\Windows\system32\drivers
09:17:11.495 AVAST engine scan C:\Users\H
09:18:28.952 Disk 0 MBR has been saved successfully to "C:\Users\H\Desktop\MBR.dat"
09:18:28.968 The log file has been saved successfully to "C:\Users\H\Desktop\aswMBR.txt"
Hi and welcome
I can see a lot of things going on here.
Avast and Norton Internet Security. One might be a paid for subscription that has expired?
Need to get this down to just 1 antivirus on your computer or we will not be able to run all the necessary scans. Let me know if you need any uninstall tools.
~~~~~~~~~~~~~~~~~~~~~~~~~
P2P software/programs are a major contributor to infections. I see you have uTorrent. Not passing judgment on file-sharing, However will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Save these instructions to wordpad/notepad or print them out, while some of the fix will have all windows closed and will help you complete all the necessary steps.
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.
In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done.
Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
If prompted with a legal dialog, accept the warning.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/teatimer/mode.png and then on "Advanced Mode"
http://billy-oneal.com/Canned%20Speeches/speechimages/teatimer/advanced%20mode.png
You may be presented with a warning dialog. If so, press http://billy-oneal.com/Canned%20Speeches/speechimages/teatimer/btnYes.png
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/teatimer/tools.png
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/teatimer/resident.png
Uncheck this checkbox:
http://billy-oneal.com/Canned%20Speeches/speechimages/teatimer/teatimercheck.png
Close/Exit Spybot Search and Destroy
~~~~~~~~~~~~~~~~~~~
-AdwCleaner-by Xplode
Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
Do not click on any links in the top Advertisment.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
At times this scanner will appear to be stalled, on a heavily infected computer it can take quite a while to finish, please be patient. To check that the tool is still running, open task manager and look for JRT.exe.
-Junkware-Removal-Tool-
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.
Vista / 7 / 8 users:
You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.
halibrewer
2014-02-03, 20:08
I thought I had uninstalled Norton totally before installing Avast. I guess there are residual files that did not go. I have as your recommendation uninstalled utorrent as well.
when the computer restarted, it showed a warning message which says it cannot find C:\users\AppData\Local\Conduit\BackgroundContainer\Backgroundcontainer.dll which, coincidentally is the location Spybot gave as the Win32.downloader.gen malware.
Shall I continue to step involving the Junkware removal tool?
# Username : H - HALIMAB-PC
# Running from : C:\Users\H\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\ProgramData\boost_interprocess
[#] Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\AF-HSS
Folder Deleted : C:\Users\H\AppData\Local\Conduit
Folder Deleted : C:\Users\H\AppData\Local\PackageAware
Folder Deleted : C:\Users\H\AppData\Local\torch
Folder Deleted : C:\Users\H\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\H\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\H\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\H\AppData\LocalLow\AF-HSS
Folder Deleted : C:\Users\H\AppData\Roaming\file scout
Folder Deleted : C:\Users\H\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\FCTB
Folder Deleted : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\qywyl651.default\Conduit
Folder Deleted : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\qywyl651.default\ConduitCommon
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
File Deleted : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\qywyl651.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\h4ykg8bs.default-1340233384957\searchplugins\safesearch.xml
File Deleted : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\qywyl651.default\searchplugins\safesearch.xml
File Deleted : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\qywyl651.default\searchplugins\Search_Results.xml
File Deleted : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\searchplugins\search-the-web.xml
File Deleted : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\h4ykg8bs.default-1340233384957\user.js
File Deleted : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\qywyl651.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2765711
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0381DBD-E018-4E07-AE40-D96AB15083F0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DD182CC-FB8D-42D6-93AF-DE1F143FCF2F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0381DBD-E018-4E07-AE40-D96AB15083F0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0381DBD-E018-4E07-AE40-D96AB15083F0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0381DBD-E018-4E07-AE40-D96AB15083F0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8DD182CC-FB8D-42D6-93AF-DE1F143FCF2F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E61616DF-C0BE-4249-BAA7-7E45F35DB468}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F0381DBD-E018-4E07-AE40-D96AB15083F0}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F0381DBD-E018-4E07-AE40-D96AB15083F0}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F0381DBD-E018-4E07-AE40-D96AB15083F0}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F0381DBD-E018-4E07-AE40-D96AB15083F0}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\AF-HSS
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\torch
Key Deleted : HKLM\Software\AF-HSS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AF-HSS Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v26.0 (en-US)
[ File : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\prefs.js ]
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "ea5fbbb30000000000001c659d5ff28d");
Line Deleted : user_pref("extensions.delta.instlDay", "15855");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.59:33:13");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119943&tt=gc_");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.AutoSearchEventData", "auto%20search");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.ClearCacheDate", 3);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.DNSCatch", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.DisplayEULA", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.DnsCatchEventData", "dns%20catch");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.EBOMode", false);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.EnableDCAData_xx", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.EnableDCA_xx", false);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.FirstLaunchShown", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.InstallDomain", "sharethis.com");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.InstallType", "one_click");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.LoadLayoutDate.100311", 3);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.NewTabSearchEventData", "tab%20search");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.ShowRecommendedOptions", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.StateReportDate", "1391416351804");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.TopRightSearchEventData", "top%20right%20search");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.beforeInstallSaved", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.beforeinstall.homepage", "hxxps%3A//www.google.co.uk/");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.beforeinstall.search", "Google");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.comp.search.sharethis_search.engine_img", "aHR0cDovL3Mzd2l6YXJkLmZyZWVjYXVzZS5jb20vc2VhcmNoLnBuZw%3D%3D");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.comp.search.sharethis_search.engine_url", "aHR0cDovL3NlYXJjaC55YWhvby5jb20vc2VhcmNoP2VpPXV0Zi04JmZyPWZyZWVjYXVzZSZ0eXBlPSV0b29saWQmcD0%3D");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.comp.search.sharethis_search.text", "Search%20Here%21");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.customNewTab", false);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.dcaDefaultMode", false);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.dcaShowInstallerPage", false);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.dcaShowSurvey", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.helpUsImprove", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.hideOthers", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.partnerauth", false);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.processAddrBar", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.remove_search", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.restoreSearch", false);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.searchHistory", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.showFirstLaunchOptions", false);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.tb_lang", "en");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.tool_id", "100311");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.user_id", "132320309");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.user_key", "2295945e4f7140cb26a9897d05e27c68a4ed0309");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.user_layouts", "100311");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.user_lnames", "ShareThis%20Toolbar");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.xml_service_url", "6bb94bbf55fe2f255901a560824a6ebe");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.yahooSearch", true);
-\\ Google Chrome v32.0.1700.102
[ File : C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [15957 octets] - [03/02/2014 17:38:52]
AdwCleaner[R1].txt - [16018 octets] - [03/02/2014 17:41:27]
AdwCleaner[S0].txt - [15745 octets] - [03/02/2014 17:42:15]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15806 octets] ##########
I thought I had uninstalled Norton totally before installing Avast. I guess there are residual files that did not go. I have as your recommendation uninstalled utorrent as well.
when the computer restarted, it showed a warning message which says it cannot find C:\users\AppData\Local\Conduit\BackgroundContainer\Backgroundcontainer.dll which, coincidentally is the location Spybot gave as the Win32.downloader.gen malware.
Shall I continue to step involving the Junkware removal tool?
Yes please, as suspected this machine is heavily infected
http://www.bleepingcomputer.com/download/norton-removal-tool/ <--Norton removal tool
halibrewer
2014-02-03, 20:41
here is the JRT file
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by H on 03/02/2014 at 18:23:45.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?
Value Name Type Value Data
========================================================================================
BackgroundContainer REG_SZ "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\H\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2413547309-3373987886-2876452647-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\torchsetupfull_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\torchsetupfull_rasmancs
~~~ Files
Successfully deleted: [File] C:\Windows\syswow64\sho13A.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1441.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1637.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1693.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho17AE.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho19B9.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1BBB.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho2754.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho28A6.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho2B7.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho2CBC.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho2CE9.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3A8A.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4089.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho421A.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho42FE.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho44C8.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4885.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho492C.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4A38.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4AC0.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4D97.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4F5C.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho501.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho50BE.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho51F.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho5634.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho56D.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho5811.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho5A20.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho637D.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6580.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho65AE.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho65F9.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6A65.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6EBC.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6F57.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6FF6.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7105.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho782C.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7AB3.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7C1F.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7C8.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho81A0.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8664.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho87C3.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8B4C.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8DEC.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9097.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho964B.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9680.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho96B2.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho97C8.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho99A4.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA0F0.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA43B.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA54C.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAB1D.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAE89.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAE93.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAEC8.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB00.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB078.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB0D3.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB2B3.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB5ED.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB83.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB891.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoBA11.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoBA7A.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoBC59.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC1E8.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC40F.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC4EB.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC566.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCCEF.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCDE5.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD750.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoDA82.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoDC56.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoDDAF.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoDE75.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE4D9.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE5DC.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE738.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE7DE.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEAB0.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEAC4.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEAFC.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEC55.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoED59.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEFDC.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF181.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF53E.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoFB5B.tmp
~~~ Folders
Successfully deleted: [Folder] "C:\Users\H\appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\H\appdata\local\{10BC6893-BA3B-447B-825B-032B1BB23DF2}
Successfully deleted: [Empty Folder] C:\Users\H\appdata\local\{396F670F-8621-4F73-8EE4-21DB51254B8A}
Successfully deleted: [Empty Folder] C:\Users\H\appdata\local\{63CA1F15-0125-4A4C-8F1F-07417D11E304}
Successfully deleted: [Empty Folder] C:\Users\H\appdata\local\{83D27F20-138E-4E30-B736-B201D9DB157D}
~~~ FireFox
Successfully deleted: [Folder] C:\Users\H\AppData\Roaming\mozilla\firefox\profiles\pxges0f6.default-1368729130564\fctb
Successfully deleted the following from C:\Users\H\AppData\Roaming\mozilla\firefox\profiles\pxges0f6.default-1368729130564\prefs.js
user_pref("freecause5e889f1137386e34f5adccce03875424.AutoSearchEventData", "auto%20search");
user_pref("freecause5e889f1137386e34f5adccce03875424.ClearCacheDate", 3);
user_pref("freecause5e889f1137386e34f5adccce03875424.DNSCatch", true);
user_pref("freecause5e889f1137386e34f5adccce03875424.DisplayEULA", true);
user_pref("freecause5e889f1137386e34f5adccce03875424.DnsCatchEventData", "dns%20catch");
user_pref("freecause5e889f1137386e34f5adccce03875424.EBOMode", false);
user_pref("freecause5e889f1137386e34f5adccce03875424.EnableDCAData_xx", true);
user_pref("freecause5e889f1137386e34f5adccce03875424.EnableDCA_xx", false);
user_pref("freecause5e889f1137386e34f5adccce03875424.FirstLaunchShown", true);
user_pref("freecause5e889f1137386e34f5adccce03875424.InstallDomain", "sharethis.com");
user_pref("freecause5e889f1137386e34f5adccce03875424.InstallType", "one_click");
user_pref("freecause5e889f1137386e34f5adccce03875424.LoadLayoutDate.100311", 3);
user_pref("freecause5e889f1137386e34f5adccce03875424.NewTabSearchEventData", "tab%20search");
user_pref("freecause5e889f1137386e34f5adccce03875424.ShowRecommendedOptions", true);
user_pref("freecause5e889f1137386e34f5adccce03875424.StateReportDate", "1391449741251");
user_pref("freecause5e889f1137386e34f5adccce03875424.TopRightSearchEventData", "top%20right%20search");
user_pref("freecause5e889f1137386e34f5adccce03875424.beforeInstallSaved", true);
user_pref("freecause5e889f1137386e34f5adccce03875424.beforeinstall.homepage", "www.google.com");
user_pref("freecause5e889f1137386e34f5adccce03875424.beforeinstall.search", "Google");
user_pref("freecause5e889f1137386e34f5adccce03875424.comp.search.sharethis_search.engine_img", "aHR0cDovL3Mzd2l6YXJkLmZyZWVjYXVzZS5jb20vc2VhcmNoLnBuZw%3D%3D");
user_pref("freecause5e889f1137386e34f5adccce03875424.comp.search.sharethis_search.engine_url", "aHR0cDovL3NlYXJjaC55YWhvby5jb20vc2VhcmNoP2VpPXV0Zi04JmZyPWZyZWVjYXVzZSZ0eXBlPSV
user_pref("freecause5e889f1137386e34f5adccce03875424.comp.search.sharethis_search.text", "Search%20Here%21");
user_pref("freecause5e889f1137386e34f5adccce03875424.customNewTab", true);
user_pref("freecause5e889f1137386e34f5adccce03875424.dcaDefaultMode", false);
user_pref("freecause5e889f1137386e34f5adccce03875424.dcaShowInstallerPage", false);
user_pref("freecause5e889f1137386e34f5adccce03875424.dcaShowSurvey", true);
user_pref("freecause5e889f1137386e34f5adccce03875424.helpUsImprove", true);
user_pref("freecause5e889f1137386e34f5adccce03875424.hideOthers", true);
user_pref("freecause5e889f1137386e34f5adccce03875424.partnerauth", false);
user_pref("freecause5e889f1137386e34f5adccce03875424.processAddrBar", true);
user_pref("freecause5e889f1137386e34f5adccce03875424.remove_search", true);
user_pref("freecause5e889f1137386e34f5adccce03875424.restoreSearch", false);
user_pref("freecause5e889f1137386e34f5adccce03875424.searchHistory", true);
user_pref("freecause5e889f1137386e34f5adccce03875424.showFirstLaunchOptions", false);
user_pref("freecause5e889f1137386e34f5adccce03875424.tb_lang", "en");
user_pref("freecause5e889f1137386e34f5adccce03875424.tool_id", "100311");
user_pref("freecause5e889f1137386e34f5adccce03875424.user_id", "132320309");
user_pref("freecause5e889f1137386e34f5adccce03875424.user_key", "2295945e4f7140cb26a9897d05e27c68a4ed0309");
user_pref("freecause5e889f1137386e34f5adccce03875424.user_layouts", "100311");
user_pref("freecause5e889f1137386e34f5adccce03875424.user_lnames", "ShareThis%20Toolbar");
user_pref("freecause5e889f1137386e34f5adccce03875424.xml_service_url", "6bb94bbf55fe2f255901a560824a6ebe");
user_pref("freecause5e889f1137386e34f5adccce03875424.yahooSearch", true);
user_pref("keyword.URL", "hxxp://search.yahoo.com/search?ourmark=3&ei=utf-8&fr=freecause&type=100311&p=");
Emptied folder: C:\Users\H\AppData\Roaming\mozilla\firefox\profiles\qywyl651.default\minidumps [18 files]
Emptied folder: C:\Users\H\AppData\Roaming\mozilla\firefox\profiles\pxges0f6.default-1368729130564\minidumps [7 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/02/2014 at 18:38:02.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
halibrewer
2014-02-03, 21:02
Have run the Norton removal tool now, too. but on restart, I got the warning message 2x "There was a problem starting C:\Users\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
That should had made a difference?
let's see if we can find some left overs.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~``
Tweaking.com Registry Backup
http://i.imgur.com/OJQgrbU.png
Tweaking.com Registry Backup
Download the tool found here (http://www.bleepingcomputer.com/download/registry-backup/) to your Desktop so it is easy to find.
Double click on the file you just downloaded
to install it to your system.
Once the tool is installed, double-click on the Tweaking.com Registry Backup icon
**Note** The tool should automatically open to the Backup Registry tab.
http://i.imgur.com/TRfuT3t.jpg
Press Backup Now
When the back up is complete, the tool will tell you that Successful */* Files Backed Up
You have now successfully backed up your Registry.
Once you have the tool downloaded there is a tab labeled Settings where you can set where the backups are saved at.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it to your Desktop.
(use correct version for your system.....Which system am I using? (http://support.microsoft.com/kb/827218))
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
C:\Users\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
JRT found it and deleted it.....let's continue and see if the next scanner can find it as well.
halibrewer
2014-02-03, 21:41
I will have to send these in 4 lots because I keep getting a message that it is too long. First, the first file
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by H (administrator) on HALIMAB-PC on 03-02-2014 19:32:17
Running from C:\Users\H\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
() C:\Program Files (x86)\Kodak\CloudPrinting\KCPConnector.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
( ) C:\Windows\System32\lxcycoms.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_start.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_7_8_2008_2012_64.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_pause.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [960080 2010-05-25] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [EKStatusMonitor] - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-27] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2413547309-3373987886-2876452647-1000\...\Run: [] - [x]
HKU\S-1-5-21-2413547309-3373987886-2876452647-1000\...\Run: [Google Update] - C:\Users\H\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-24] (Google Inc.)
HKU\S-1-5-21-2413547309-3373987886-2876452647-1000\...\Run: [BackgroundContainer] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\H\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-2413547309-3373987886-2876452647-1000\...\MountPoints2: {53ff305e-d44c-11e2-8194-1c7508051370} - E:\Startme.exe
HKU\S-1-5-21-2413547309-3373987886-2876452647-1000\...\MountPoints2: {84f5167a-4f45-11e2-b84e-1c7508051370} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2413547309-3373987886-2876452647-1000\...\MountPoints2: {86c18bf5-9c04-11e0-8122-1c7508051370} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2413547309-3373987886-2876452647-1000\...\MountPoints2: {c89e4185-900d-11e0-a47e-1c7508051370} - E:\LaunchU3.exe -a
AppInit_DLLs-x32: c:\progra~2\citrix\icacli~1\rshook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [256568 2012-12-14] (Citrix Systems, Inc.)
Startup: C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
==================== Internet (Whitelisted) ====================
ProxyServer: localhost:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=OIE9HP
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
URLSearchHook: HKCU - (No Name) - {81d24ea1-3106-46a5-a324-fa96b8178519} - No File
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564
FF NewTab: www.google.com
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: www.google.com
FF Keyword.URL: hxxp://search.yahoo.com/search?ourmark=3&ei=utf-8&fr=freecause&type=100311&p=
FF NetworkProxy: "autoconfig_url", "https://mediahint.com/default.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\H\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\H\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\H\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\H\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\H\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\H\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\H\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\H\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\H\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\H\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\searchplugins\search-the-web.xml
FF Extension: iCloud Bookmarks - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\Extensions\firefoxdav@icloud.com [2013-12-20]
FF Extension: Pocket - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\Extensions\isreaditlater@ideashower.com [2013-10-21]
FF Extension: Fun Characters - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\Extensions\funcharacters@diegoruiz.info.xpi [2013-06-22]
FF Extension: Grammarly - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\Extensions\grammar.plugin@grammarly.com.xpi [2013-07-29]
FF Extension: Push to Kindle - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\Extensions\jid0-GokC6R49cBZciOKniufAR4QKFWc@jetpack.xpi [2013-05-16]
FF Extension: Media Hint - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\Extensions\mediahint@jetpack.xpi [2013-10-22]
FF Extension: ShareThis - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\Extensions\{1b8cc170-8c85-11db-b606-0800200c9a66}.xpi [2013-07-27]
FF Extension: ShowIP - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\Extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi [2013-05-29]
FF Extension: ShareThis Toolbar - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\Extensions\{5e889f11-3738-6e34-f5ad-ccce03875424}.xpi [2013-11-13]
FF Extension: Modify Headers - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2013-05-16]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-20]
FF HKLM-x32\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ []
FF HKLM-x32\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012-12-18]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-27]
FF HKLM-x32\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ []
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: google.co.uk
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (Skype Click to Call) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\H\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Google Talk Plugin) - C:\Users\H\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\H\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\H\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Media Go Detector) - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Translate) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2013-10-21]
CHR Extension: (Media Hint) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja [2013-10-22]
CHR Extension: (AddThis - Share & Bookmark (new)) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde [2013-10-21]
CHR Extension: (Hola Better Internet) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2013-11-10]
CHR Extension: (RealDownloader) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-10-17]
CHR Extension: (Pocket (formerly Read It Later)) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-10-21]
CHR Extension: (Google Wallet) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-21]
CHR Extension: (uTorrentControl2) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc [2013-10-17]
CHR Extension: (Push to Kindle) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc [2013-10-21]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\H\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-16]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-27]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
halibrewer
2014-02-03, 21:42
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-27] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-01-27] (AVAST Software)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated)
S3 GameConsoleService; C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe [246520 2010-04-03] (WildTangent, Inc.)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 Kodak Cloud Software Connector; C:\Program Files (x86)\Kodak\CloudPrinting\KCPConnector.exe [1526192 2012-06-14] ()
R2 lxcy_device; C:\Windows\system32\lxcycoms.exe [566192 2006-11-29] ( )
R2 MCLIENT; C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-05] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-28] (NewTech Infosystems, Inc.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2014-01-22] (Trusteer Ltd.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)
==================== Drivers (Whitelisted) ====================
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-01-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-27] (AVAST Software)
R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [440672 2014-01-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-27] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-01-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-27] ()
R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
S1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-10-04] (Symantec Corporation)
S3 massfilter; C:\Windows\SysWOW64\drivers\massfilter.sys [9216 2009-09-07] (ZTE Incorporated)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-10-30] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [282712 2014-01-22] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [316312 2014-01-22] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [397848 2014-01-22] (Trusteer Ltd.)
S3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [13168 2012-03-21] (SMART Technologies ULC)
S3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [16368 2012-03-21] (SMART Technologies ULC)
S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [24944 2012-03-21] (SMART Technologies ULC)
S3 ZTEusbmdm6k; C:\Windows\SysWOW64\DRIVERS\ZTEusbmdm6k.sys [119680 2009-09-07] (ZTE Incorporated)
S3 ZTEusbnmea; C:\Windows\SysWOW64\DRIVERS\ZTEusbnmea.sys [119680 2009-09-07] (ZTE Incorporated)
S3 ZTEusbser6k; C:\Windows\SysWOW64\DRIVERS\ZTEusbser6k.sys [119680 2009-09-07] (ZTE Incorporated)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-03 19:32 - 2014-02-03 19:32 - 00036631 _____ () C:\Users\H\Desktop\FRST.txt
2014-02-03 19:32 - 2014-02-03 19:32 - 00000000 ____D () C:\FRST
2014-02-03 19:31 - 2014-02-03 19:31 - 02080256 _____ (Farbar) C:\Users\H\Desktop\FRST64.exe
2014-02-03 19:27 - 2014-02-03 19:27 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HALIMAB-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-02-03 19:25 - 2014-02-03 19:25 - 00000000 ____D () C:\RegBackup
2014-02-03 19:24 - 2014-02-03 19:24 - 00002251 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-02-03 19:24 - 2014-02-03 19:24 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-02-03 19:19 - 2014-02-03 19:19 - 03936992 _____ () C:\Users\H\Desktop\tweaking.com_registry_backup_setup.exe
2014-02-03 19:09 - 2014-02-03 19:29 - 00000000 ____D () C:\Users\H\Desktop\spybot tools from forum
2014-02-03 19:05 - 2014-02-03 19:07 - 00000000 ____D () C:\Users\H\Desktop\various
2014-02-03 18:50 - 2014-02-03 18:50 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2413547309-3373987886-2876452647-1000
2014-02-03 18:50 - 2014-02-03 18:50 - 00003216 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2413547309-3373987886-2876452647-1000
2014-02-03 18:23 - 2014-02-03 18:23 - 00000000 ____D () C:\Windows\ERUNT
2014-02-03 17:43 - 2014-02-03 18:47 - 00021554 _____ () C:\Windows\PFRO.log
2014-02-03 17:38 - 2014-02-03 17:42 - 00000000 ____D () C:\AdwCleaner
2014-02-03 08:58 - 2014-02-03 14:32 - 00000000 ____D () C:\Windows\ERDNT
2014-02-03 08:56 - 2014-02-03 08:56 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-02-02 13:35 - 2014-02-03 18:49 - 00000672 _____ () C:\Windows\setupact.log
2014-02-02 13:35 - 2014-02-02 13:35 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-02 10:35 - 2014-02-03 14:32 - 00003346 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2014-02-02 10:24 - 2014-02-02 10:24 - 00450712 ____R () C:\Windows\system32\Drivers\etc\hosts.20140202-102447.backup
2014-02-02 10:24 - 2014-02-02 10:23 - 00450712 ____R () C:\Windows\system32\Drivers\etc\hosts.20140202-102434.backup
2014-02-02 10:23 - 2014-02-02 10:22 - 00450712 ____R () C:\Windows\system32\Drivers\etc\hosts.20140202-102303.backup
2014-01-31 16:33 - 2014-02-03 14:32 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2413547309-3373987886-2876452647-1000
2014-01-27 16:37 - 2014-01-27 16:37 - 00002962 _____ () C:\Windows\System32\Tasks\{25C68268-E81B-4740-8445-A0E990FDEBF4}
2014-01-27 16:37 - 2014-01-27 16:37 - 00002962 _____ () C:\Windows\System32\Tasks\{01CE5DFF-93BC-433A-A3A2-AD28A565E4CC}
2014-01-27 16:36 - 2014-01-27 16:36 - 00002962 _____ () C:\Windows\System32\Tasks\{4811AC6E-E0BA-42D1-AE43-79B6A205DA26}
2014-01-27 16:30 - 2014-01-27 16:30 - 00000000 ____D () C:\Users\H\New folder
2014-01-27 16:29 - 2014-01-27 18:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-27 16:07 - 2014-01-27 16:07 - 00002962 _____ () C:\Windows\System32\Tasks\{3C68EB6A-E311-4A85-9BB8-3A43DAC36A9A}
2014-01-27 16:05 - 2014-01-27 16:05 - 00002962 _____ () C:\Windows\System32\Tasks\{C8BC8C04-C892-4F10-AC08-EE3F6DDDF68A}
2014-01-27 16:03 - 2014-01-27 16:03 - 00002962 _____ () C:\Windows\System32\Tasks\{EC44D2C3-C8F6-40EE-93F5-97CDDAA88076}
2014-01-27 15:43 - 2014-01-27 15:43 - 00282992 _____ (Mozilla) C:\Users\H\Downloads\Firefox Setup Stub 26.0.exe
2014-01-27 15:19 - 2014-01-27 15:19 - 00002044 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-01-27 15:19 - 2014-01-27 15:19 - 00001984 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-01-27 15:18 - 2014-01-27 15:18 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-01-27 15:17 - 2014-01-27 15:17 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-01-27 15:10 - 2014-02-03 18:50 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-27 15:10 - 2014-01-27 15:10 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-27 15:10 - 2014-01-27 15:10 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-27 15:10 - 2014-01-27 15:10 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-27 15:10 - 2014-01-27 15:10 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-01-27 15:10 - 2014-01-27 15:10 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-27 15:10 - 2014-01-27 15:10 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-01-27 15:10 - 2014-01-27 15:10 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-27 15:10 - 2014-01-27 15:10 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-27 15:10 - 2014-01-27 15:10 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-27 12:34 - 2014-01-27 12:34 - 00000000 ___HD () C:\Users\H\AppData\Roaming\AVAST Software
2014-01-27 12:28 - 2014-01-27 12:28 - 00000000 ____D () C:\Program Files\AVAST Software
2014-01-27 12:27 - 2014-01-27 12:27 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-01-25 18:06 - 2014-01-25 18:06 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-25 18:06 - 2014-01-25 18:06 - 00000000 ____D () C:\Program Files\iTunes
2014-01-25 18:06 - 2014-01-25 18:06 - 00000000 ____D () C:\Program Files\iPod
2014-01-25 18:06 - 2014-01-25 18:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-25 18:04 - 2014-01-25 18:04 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-01-25 18:04 - 2014-01-25 18:04 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-01-25 18:03 - 2014-01-25 18:03 - 00000000 ____D () C:\Program Files\Bonjour
2014-01-25 18:03 - 2014-01-25 18:03 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-01-25 17:52 - 2014-01-25 17:55 - 148904784 _____ (Apple Inc.) C:\Users\H\Downloads\iTunes64Setup.exe
2014-01-25 09:55 - 2014-01-25 09:55 - 05341472 _____ (Dll-Files.com ) C:\Users\H\Downloads\dffsetup-msvcr80.exe
2014-01-20 17:26 - 2014-01-20 17:27 - 00000017 _____ () C:\Windows\SysWOW64\shortcut_ex.dat
2014-01-20 09:58 - 2014-01-20 10:27 - 00000000 ___HD () C:\Users\H\AppData\Local\LogMeIn Rescue Applet
2014-01-17 18:50 - 2014-01-27 14:48 - 00000000 ____D () C:\Users\H\AppData\Roaming\Oxford University Press
2014-01-17 18:50 - 2014-01-17 18:50 - 00000000 ___HD () C:\Users\H\AppData\Local\Oxford University Press
2014-01-17 18:09 - 2014-01-17 18:09 - 00001629 _____ () C:\Users\Public\Desktop\English File third edition Elementary.lnk
2014-01-17 18:08 - 2014-01-17 18:08 - 00000000 ____D () C:\Program Files (x86)\Oxford University Press
2014-01-16 01:51 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-16 01:50 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-16 01:50 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-16 01:50 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-16 01:49 - 2014-01-16 01:50 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 08:56 - 2013-11-27 01:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 08:56 - 2013-11-27 01:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 08:56 - 2013-11-27 01:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 08:56 - 2013-11-27 01:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 08:56 - 2013-11-27 01:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 08:56 - 2013-11-27 01:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 08:56 - 2013-11-27 01:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 08:55 - 2013-11-26 11:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 08:55 - 2013-11-26 10:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-10 11:39 - 2014-02-03 14:32 - 00003194 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2413547309-3373987886-2876452647-1000
2014-01-07 07:59 - 2014-01-27 14:58 - 00000000 ____D () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-06 19:23 - 2014-01-06 19:23 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-01-04 16:50 - 2014-01-27 14:58 - 00000000 ____D () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-01-04 16:50 - 2014-01-18 10:33 - 00000000 ____D () C:\Users\H\AppData\Local\Amazon Cloud Player
2014-01-04 16:49 - 2014-01-04 16:49 - 36152456 _____ (Amazon) C:\Users\H\Downloads\AmazonCloudPlayerInstaller_399.exe
==================== One Month Modified Files and Folders =======
2014-02-03 19:32 - 2014-02-03 19:32 - 00036631 _____ () C:\Users\H\Desktop\FRST.txt
2014-02-03 19:32 - 2014-02-03 19:32 - 00000000 ____D () C:\FRST
2014-02-03 19:31 - 2014-02-03 19:31 - 02080256 _____ (Farbar) C:\Users\H\Desktop\FRST64.exe
2014-02-03 19:29 - 2014-02-03 19:09 - 00000000 ____D () C:\Users\H\Desktop\spybot tools from forum
2014-02-03 19:27 - 2014-02-03 19:27 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HALIMAB-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-02-03 19:27 - 2009-07-14 04:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-03 19:27 - 2009-07-14 04:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-03 19:25 - 2014-02-03 19:25 - 00000000 ____D () C:\RegBackup
2014-02-03 19:24 - 2014-02-03 19:24 - 00002251 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-02-03 19:24 - 2014-02-03 19:24 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-02-03 19:19 - 2014-02-03 19:19 - 03936992 _____ () C:\Users\H\Desktop\tweaking.com_registry_backup_setup.exe
2014-02-03 19:08 - 2013-06-13 20:06 - 00000000 ____D () C:\Users\H\Documents\Media Go
2014-02-03 19:07 - 2014-02-03 19:05 - 00000000 ____D () C:\Users\H\Desktop\various
2014-02-03 19:07 - 2013-01-25 10:26 - 00000000 ____D () C:\Users\H\Desktop\greensquare
2014-02-03 19:07 - 2012-02-04 10:55 - 00000296 _____ () C:\Windows\Tasks\PrintProjects Communicator.job
2014-02-03 19:06 - 2013-11-23 18:59 - 00000000 ____D () C:\Users\H\Desktop\Crisis and CIEH
2014-02-03 19:01 - 2011-05-31 18:08 - 00000000 ____D () C:\ProgramData\Kodak
2014-02-03 18:59 - 2011-12-24 14:26 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2413547309-3373987886-2876452647-1000UA.job
2014-02-03 18:54 - 2010-10-13 06:22 - 01413639 _____ () C:\Windows\WindowsUpdate.log
2014-02-03 18:50 - 2014-02-03 18:50 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2413547309-3373987886-2876452647-1000
2014-02-03 18:50 - 2014-02-03 18:50 - 00003216 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2413547309-3373987886-2876452647-1000
2014-02-03 18:50 - 2014-01-27 15:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-03 18:49 - 2014-02-02 13:35 - 00000672 _____ () C:\Windows\setupact.log
2014-02-03 18:49 - 2010-12-20 07:02 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-03 18:48 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-03 18:47 - 2014-02-03 17:43 - 00021554 _____ () C:\Windows\PFRO.log
2014-02-03 18:46 - 2010-12-20 02:29 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-02-03 18:46 - 2010-08-03 06:07 - 00000000 ____D () C:\ProgramData\Norton
2014-02-03 18:36 - 2010-12-20 07:02 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-03 18:23 - 2014-02-03 18:23 - 00000000 ____D () C:\Windows\ERUNT
2014-02-03 17:50 - 2009-07-14 05:13 - 00727334 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-03 17:47 - 2012-04-05 06:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-03 17:42 - 2014-02-03 17:38 - 00000000 ____D () C:\AdwCleaner
2014-02-03 17:32 - 2012-02-28 20:57 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-03 16:54 - 2012-11-21 16:49 - 00000912 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2413547309-3373987886-2876452647-1000UA.job
2014-02-03 16:54 - 2012-11-21 16:49 - 00000890 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2413547309-3373987886-2876452647-1000Core.job
2014-02-03 14:32 - 2014-02-03 08:58 - 00000000 ____D () C:\Windows\ERDNT
2014-02-03 14:32 - 2014-02-02 10:35 - 00003346 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2014-02-03 14:32 - 2014-01-31 16:33 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2413547309-3373987886-2876452647-1000
2014-02-03 14:32 - 2014-01-10 11:39 - 00003194 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2413547309-3373987886-2876452647-1000
2014-02-03 08:56 - 2014-02-03 08:56 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-02-03 08:56 - 2010-12-20 02:27 - 00000000 ___RD () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-02 19:47 - 2012-04-05 06:43 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-02 19:47 - 2012-04-05 06:43 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-02 19:47 - 2011-06-02 17:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-02 13:35 - 2014-02-02 13:35 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-02 10:24 - 2014-02-02 10:24 - 00450712 ____R () C:\Windows\system32\Drivers\etc\hosts.20140202-102447.backup
2014-02-02 10:23 - 2014-02-02 10:24 - 00450712 ____R () C:\Windows\system32\Drivers\etc\hosts.20140202-102434.backup
2014-02-02 10:22 - 2014-02-02 10:23 - 00450712 ____R () C:\Windows\system32\Drivers\etc\hosts.20140202-102303.backup
2014-02-02 07:34 - 2011-12-24 14:26 - 00000840 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2413547309-3373987886-2876452647-1000Core.job
2014-01-31 16:39 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-27 22:35 - 2010-12-20 23:02 - 00000000 ____D () C:\Users\H\AppData\Local\Apple
2014-01-27 18:07 - 2014-01-27 16:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-27 16:37 - 2014-01-27 16:37 - 00002962 _____ () C:\Windows\System32\Tasks\{25C68268-E81B-4740-8445-A0E990FDEBF4}
2014-01-27 16:37 - 2014-01-27 16:37 - 00002962 _____ () C:\Windows\System32\Tasks\{01CE5DFF-93BC-433A-A3A2-AD28A565E4CC}
2014-01-27 16:36 - 2014-01-27 16:36 - 00002962 _____ () C:\Windows\System32\Tasks\{4811AC6E-E0BA-42D1-AE43-79B6A205DA26}
2014-01-27 16:30 - 2014-01-27 16:30 - 00000000 ____D () C:\Users\H\New folder
2014-01-27 16:29 - 2013-12-20 23:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-27 16:07 - 2014-01-27 16:07 - 00002962 _____ () C:\Windows\System32\Tasks\{3C68EB6A-E311-4A85-9BB8-3A43DAC36A9A}
2014-01-27 16:05 - 2014-01-27 16:05 - 00002962 _____ () C:\Windows\System32\Tasks\{C8BC8C04-C892-4F10-AC08-EE3F6DDDF68A}
2014-01-27 16:04 - 2011-02-27 18:36 - 00000000 ____D () C:\Program Files\CCleaner
2014-01-27 16:03 - 2014-01-27 16:03 - 00002962 _____ () C:\Windows\System32\Tasks\{EC44D2C3-C8F6-40EE-93F5-97CDDAA88076}
2014-01-27 15:43 - 2014-01-27 15:43 - 00282992 _____ (Mozilla) C:\Users\H\Downloads\Firefox Setup Stub 26.0.exe
2014-01-27 15:19 - 2014-01-27 15:19 - 00002044 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-01-27 15:19 - 2014-01-27 15:19 - 00001984 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-01-27 15:18 - 2014-01-27 15:18 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-01-27 15:17 - 2014-01-27 15:17 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-01-27 15:10 - 2014-01-27 15:10 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-27 15:10 - 2014-01-27 15:10 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-27 15:10 - 2014-01-27 15:10 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-27 15:10 - 2014-01-27 15:10 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-01-27 15:10 - 2014-01-27 15:10 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-27 15:10 - 2014-01-27 15:10 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-01-27 15:10 - 2014-01-27 15:10 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-27 15:10 - 2014-01-27 15:10 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-27 15:10 - 2014-01-27 15:10 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-27 14:59 - 2013-12-29 11:15 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-01-27 14:59 - 2013-03-10 16:53 - 00000000 ___SD () C:\Users\H\Google Drive
2014-01-27 14:59 - 2012-02-04 12:44 - 00000000 ___RD () C:\Users\H\Dropbox
2014-01-27 14:59 - 2011-11-02 08:05 - 00000000 ____D () C:\Windows\system32\Drivers\MCLIENTx64
2014-01-27 14:59 - 2011-01-07 19:49 - 00000000 ____D () C:\Users\H\Downloads\Tor Browser
2014-01-27 14:59 - 2010-08-03 06:07 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-01-27 14:58 - 2014-01-07 07:59 - 00000000 ____D () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-27 14:58 - 2014-01-04 16:50 - 00000000 ____D () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-01-27 14:58 - 2013-10-23 16:28 - 00000000 ____D () C:\Users\H\Downloads\OpenOffice 4.0.1 (en-US) Installation Files
2014-01-27 14:58 - 2013-09-22 09:59 - 00000000 ____D () C:\Users\H\Documents\Data from Baoji University Arts and Sciiences Advance Knowledge in Nanoelectronics and Optoelectronics - HispanicBusiness.com_files
2014-01-27 14:58 - 2013-07-28 13:53 - 00000000 ____D () C:\Users\H\Downloads\OpenOffice 4.0.0 (en-US) Installation Files
2014-01-27 14:58 - 2013-06-14 08:13 - 00000000 ____D () C:\Users\H\AppData\Local\Viber
2014-01-27 14:58 - 2013-05-30 11:43 - 00000000 ____D () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript
2014-01-27 14:58 - 2013-05-30 11:05 - 00000000 ____D () C:\Users\H\AppData\Roaming\Scribus
2014-01-27 14:58 - 2013-05-16 18:32 - 00000000 ____D () C:\Users\H\Documents\Old Firefox Data
2014-01-27 14:58 - 2013-04-07 11:33 - 00000000 ____D () C:\Users\H\AppData\Roaming\vlc
2014-01-27 14:58 - 2013-01-25 10:30 - 00000000 ____D () C:\Users\H\Documents\karim
2014-01-27 14:58 - 2012-12-04 07:27 - 00000000 ____D () C:\Users\H\AppData\Roaming\ICAClient
2014-01-27 14:58 - 2012-10-15 05:55 - 00000000 ____D () C:\Users\H\Downloads\OpenOffice.org 3.4.1 (en-US) Installation Files
2014-01-27 14:58 - 2012-09-28 09:51 - 00000000 ____D () C:\Users\H\AppData\Roaming\SMART Technologies
2014-01-27 14:58 - 2012-07-12 15:19 - 00000000 ____D () C:\Users\H\Downloads\OpenOffice.org 3.4 (en-US) Installation Files
2014-01-27 14:58 - 2012-07-12 12:37 - 00000000 ____D () C:\Users\H\Downloads\[ www.TorrentDay.com ] - The.Daily.Show.2012.01.24.Elizabeth.Warren.HDTV.XviD-FQM
2014-01-27 14:58 - 2012-07-04 07:58 - 00000000 ____D () C:\Users\H\AppData\Local\{BD52D38F-4F0D-4325-BB9E-32223CCB54AA}
2014-01-27 14:58 - 2012-06-29 05:14 - 00000000 ____D () C:\Users\H\Documents\computer and tech stuff
2014-01-27 14:58 - 2012-03-23 08:37 - 00000000 ____D () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Cloud Networks
2014-01-27 14:58 - 2012-03-23 08:37 - 00000000 ____D () C:\Users\H\AppData\Local\The_Cloud_Networks
2014-01-27 14:58 - 2012-03-04 19:58 - 00000000 ____D () C:\Users\H\Downloads\iolo
2014-01-27 14:58 - 2012-02-24 22:02 - 00000000 ___RD () C:\Users\H\Documents\Insync
2014-01-27 14:58 - 2012-02-24 22:00 - 00000000 ____D () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Insync
2014-01-27 14:58 - 2012-02-15 01:34 - 00000000 ____D () C:\Users\H\AppData\Local\{FFFA2FB9-4857-4475-8379-F36343DA5801}
2014-01-27 14:58 - 2012-02-04 12:42 - 00000000 ____D () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-27 14:58 - 2012-02-04 11:20 - 00000000 ____D () C:\Users\H\Documents\greensquare_brain
2014-01-27 14:58 - 2011-12-24 14:25 - 00000000 ____D () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Talk
2014-01-27 14:58 - 2011-11-18 10:42 - 00000000 ____D () C:\Users\H\AppData\Roaming\ASUS WebStorage
2014-01-27 14:58 - 2011-11-09 08:43 - 00000000 ____D () C:\Users\H\AppData\Local\{485D00B3-DB2C-480C-A96B-106D9BBEF1D9}
2014-01-27 14:58 - 2011-11-01 17:34 - 00000000 ____D () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-01-27 14:58 - 2011-09-29 09:43 - 00000000 ____D () C:\Users\H\Documents\ESOL
2014-01-27 14:58 - 2011-05-07 01:53 - 00000000 ____D () C:\Users\H\Downloads\DeDRM_WinApp_v1.8
2014-01-27 14:58 - 2011-03-21 06:19 - 00000000 ____D () C:\Users\H\Downloads\OpenOffice.org 3.3 (en-US) Installation Files
2014-01-27 14:58 - 2011-03-20 21:18 - 00000000 ____D () C:\Users\H\AppData\Roaming\Tor
2014-01-27 14:58 - 2011-03-11 18:16 - 00000000 ____D () C:\Users\H\Documents\kindle docs
2014-01-27 14:58 - 2011-03-01 20:08 - 00000000 ____D () C:\Users\H\AppData\Roaming\Spotify
2014-01-27 14:58 - 2011-02-12 08:31 - 00000000 ____D () C:\Users\H\AppData\Roaming\Real
2014-01-27 14:58 - 2010-12-22 08:50 - 00000000 ____D () C:\Users\H\Downloads\avast
2014-01-27 14:58 - 2010-12-21 06:00 - 00000000 ____D () C:\Users\H\AppData\Roaming\SNS
2014-01-27 14:58 - 2010-12-20 07:02 - 00000000 ____D () C:\Users\H\AppData\Roaming\Skype
2014-01-27 14:58 - 2010-12-20 04:32 - 00000000 ____D () C:\Users\H\AppData\Roaming\Thunderbird
2014-01-27 14:58 - 2010-12-20 04:25 - 00000000 ____D () C:\Users\H\AppData\Roaming\Mozilla
2014-01-27 14:58 - 2010-12-20 04:14 - 00000000 ____D () C:\Users\H\AppData\Roaming\Google
2014-01-27 14:58 - 2010-12-20 02:27 - 00000000 ___RD () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-27 14:58 - 2010-12-20 02:26 - 00000000 ___RD () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-27 14:58 - 2010-12-20 02:26 - 00000000 ___RD () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-27 14:58 - 2010-12-19 22:27 - 00000000 ____D () C:\Users\H\Documents\redist
2014-01-27 14:58 - 2010-12-19 22:25 - 00000000 ____D () C:\Users\H\Documents\inserts for docs
2014-01-27 14:57 - 2011-11-02 08:05 - 00000000 ____D () C:\Program Files (x86)\Norton Management
2014-01-27 14:57 - 2010-08-03 06:34 - 00000000 ___HD () C:\OEM
2014-01-27 14:57 - 2010-08-03 06:05 - 00000000 ____D () C:\ProgramData\Symantec
2014-01-27 14:57 - 2010-08-03 06:05 - 00000000 ____D () C:\Program Files (x86)\Symantec
2014-01-27 14:57 - 2010-08-03 05:46 - 00000000 ____D () C:\Intel
2014-01-27 14:54 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration
2014-01-27 14:52 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\AppCompat
2014-01-27 14:49 - 2010-12-19 22:26 - 00000000 ____D () C:\Users\H\Documents\ptlls
2014-01-27 14:48 - 2014-01-17 18:50 - 00000000 ____D () C:\Users\H\AppData\Roaming\Oxford University Press
2014-01-27 14:48 - 2013-07-28 14:08 - 00000000 ____D () C:\Users\H\AppData\Roaming\OpenOffice
2014-01-27 14:48 - 2012-07-08 14:07 - 00000000 ____D () C:\Users\H\AppData\Roaming\RealNetworks
2014-01-27 14:48 - 2012-02-04 11:42 - 00000000 ____D () C:\Users\H\AppData\Roaming\XMind
2014-01-27 14:48 - 2012-01-12 10:02 - 00000000 ____D () C:\Users\H\Documents\ESOL EFL CD
2014-01-27 14:48 - 2012-01-08 10:51 - 00000000 ____D () C:\Users\H\Documents\New folder
2014-01-27 14:48 - 2011-11-08 10:48 - 00000000 ____D () C:\Users\H\AppData\Roaming\SoftGrid Client
2014-01-27 14:48 - 2011-10-20 20:39 - 00000000 ____D () C:\Users\H\Documents\Fax
2014-01-27 14:48 - 2011-04-26 18:43 - 00000000 ____D () C:\Users\H\AppData\Roaming\Transparent
2014-01-27 14:48 - 2011-01-25 03:21 - 00000000 ____D () C:\Users\H\Documents\CLASSWORK
2014-01-27 14:48 - 2010-12-21 04:15 - 00000000 ____D () C:\Users\H\AppData\Roaming\Trusteer
2014-01-27 14:48 - 2010-12-20 04:51 - 00000000 ____D () C:\Users\H\AppData\Roaming\OpenOffice.org
2014-01-27 14:48 - 2010-12-19 22:26 - 00000000 ____D () C:\Users\H\Documents\javamail-1.4.3
2014-01-27 14:46 - 2013-11-21 21:19 - 00000000 ____D () C:\Users\H\AppData\Local\TomTom
2014-01-27 14:46 - 2012-02-24 22:00 - 00000000 ____D () C:\Users\H\AppData\Roaming\Insync
2014-01-27 14:46 - 2012-02-04 12:41 - 00000000 ____D () C:\Users\H\AppData\Roaming\Dropbox
2014-01-27 14:46 - 2011-04-21 06:20 - 00000000 ____D () C:\Users\H\AppData\Local\Trusteer
2014-01-27 14:46 - 2010-12-22 23:46 - 00000000 ____D () C:\Users\H\AppData\Roaming\Hemera
2014-01-27 14:46 - 2010-12-20 04:03 - 00000000 ____D () C:\Users\H\AppData\Roaming\Adobe
2014-01-27 14:46 - 2010-12-20 02:27 - 00000000 ____D () C:\Users\H\AppData\Roaming\Macromedia
2014-01-27 14:46 - 2010-12-20 02:27 - 00000000 ____D () C:\Users\H\AppData\Local\VirtualStore
2014-01-27 14:43 - 2011-02-12 08:42 - 00000000 ____D () C:\ProgramData\Real
2014-01-27 12:34 - 2014-01-27 12:34 - 00000000 ___HD () C:\Users\H\AppData\Roaming\AVAST Software
2014-01-27 12:28 - 2014-01-27 12:28 - 00000000 ____D () C:\Program Files\AVAST Software
2014-01-27 12:27 - 2014-01-27 12:27 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-01-25 18:06 - 2014-01-25 18:06 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-25 18:06 - 2014-01-25 18:06 - 00000000 ____D () C:\Program Files\iTunes
2014-01-25 18:06 - 2014-01-25 18:06 - 00000000 ____D () C:\Program Files\iPod
2014-01-25 18:06 - 2014-01-25 18:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-25 18:04 - 2014-01-25 18:04 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-01-25 18:04 - 2014-01-25 18:04 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-01-25 18:03 - 2014-01-25 18:03 - 00000000 ____D () C:\Program Files\Bonjour
2014-01-25 18:03 - 2014-01-25 18:03 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-01-25 18:02 - 2010-12-20 23:02 - 00000000 ____D () C:\ProgramData\Apple
2014-01-25 17:55 - 2014-01-25 17:52 - 148904784 _____ (Apple Inc.) C:\Users\H\Downloads\iTunes64Setup.exe
2014-01-25 17:32 - 2011-02-27 14:02 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-01-25 09:55 - 2014-01-25 09:55 - 05341472 _____ (Dll-Files.com ) C:\Users\H\Downloads\dffsetup-msvcr80.exe
2014-01-23 08:29 - 2010-12-20 23:04 - 00000000 ___HD () C:\Users\H\AppData\Roaming\Apple Computer
2014-01-22 20:37 - 2010-12-21 04:15 - 00316312 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys
2014-01-20 17:27 - 2014-01-20 17:26 - 00000017 _____ () C:\Windows\SysWOW64\shortcut_ex.dat
2014-01-20 10:27 - 2014-01-20 09:58 - 00000000 ___HD () C:\Users\H\AppData\Local\LogMeIn Rescue Applet
2014-01-18 16:55 - 2010-12-21 04:53 - 00000000 ___HD () C:\Users\H\AppData\Local\Adobe
2014-01-18 10:33 - 2014-01-04 16:50 - 00000000 ____D () C:\Users\H\AppData\Local\Amazon Cloud Player
2014-01-17 18:50 - 2014-01-17 18:50 - 00000000 ___HD () C:\Users\H\AppData\Local\Oxford University Press
2014-01-17 18:09 - 2014-01-17 18:09 - 00001629 _____ () C:\Users\Public\Desktop\English File third edition Elementary.lnk
2014-01-17 18:08 - 2014-01-17 18:08 - 00000000 ____D () C:\Program Files (x86)\Oxford University Press
2014-01-16 08:02 - 2009-07-14 04:45 - 00338160 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-16 01:53 - 2013-10-17 20:57 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-16 01:50 - 2014-01-16 01:49 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-16 01:50 - 2011-01-03 08:25 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-15 21:43 - 2013-07-16 05:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 21:33 - 2010-12-20 02:52 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-13 11:44 - 2011-11-08 10:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-01-06 19:23 - 2014-01-06 19:23 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-01-05 17:43 - 2009-07-14 05:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-01-04 16:49 - 2014-01-04 16:49 - 36152456 _____ (Amazon) C:\Users\H\Downloads\AmazonCloudPlayerInstaller_399.exe
2014-01-04 16:20 - 2011-03-01 20:08 - 00000000 ___HD () C:\Users\H\AppData\Local\Spotify
2014-01-04 16:19 - 2011-03-01 20:08 - 00001785 _____ () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-01-04 16:09 - 2011-03-01 20:07 - 31412160 _____ (Spotify Ltd) C:\Users\H\Downloads\Spotify Installer.exe
Some content of TEMP:
====================
C:\Users\H\AppData\Local\Temp\Quarantine.exe
C:\Users\H\AppData\Local\Temp\tbuTo2.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-29 09:55
================ End Of Log ============================
halibrewer
2014-02-03, 21:43
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2014 04
Ran by H at 2014-02-03 19:33:20
Running from C:\Users\H\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Internet Security (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Internet Security (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
100,000 Clipart - Volume 2 (x32 Version: 3.12.0000 - GSP)
100,000 Clipart - Volume 2 (x32 Version: 3.12.0000 - GSP) Hidden
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
ACDSee for PENTAX 3.0 (x32 Version: 9.0.34 - ACD Systems Ltd.)
Acrobat.com (x32 Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions (x32 Version: - )
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (x32 Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.9) (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.4.144 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 6.2.3.10 - Your Company Name) Hidden
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
Amazon Cloud Player (HKCU Version: 2.2.0.399 - Amazon Services LLC)
Amazon MP3 Downloader 1.0.9 (x32 Version: - )
Apple Application Support (x32 Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ASUS WebStorage Sync (x32 Version: 1.0.7.45 - eCareme Technologies, Inc.)
Audials (x32 Version: 8.0.46302.200 - RapidSolution Software AG)
avast! Internet Security (x32 Version: 9.0.2013 - Avast Software)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (Version: 12.52.04 - Broadcom Corporation)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
calibre (x32 Version: 0.8.33 - Kovid Goyal)
CCleaner (Version: 4.10 - Piriform)
center (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco WebEx Meetings (HKCU Version: - Cisco WebEx LLC)
Citrix Authentication Manager (x32 Version: 4.0.0.53726 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HDX Flash Redirection) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver (x32 Version: 13.4.0.25 - Citrix Systems, Inc.)
Citrix Receiver Inside (x32 Version: 3.4.0.29585 - Citrix Systems, Inc.) Hidden
Citrix Receiver Updater (x32 Version: 3.4.0.29577 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver(DV) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver(USB) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DMUninstaller (x32 Version: - )
Dropbox (HKCU Version: 2.0.22 - Dropbox, Inc.)
English File third edition Elementary (x32 Version: 1.0 - Oxford University Press)
ERUNT 1.1j (x32 Version: - Lars Hederer)
essentials (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
ETDWare PS/2-x64 7.0.6.5_WHQL (Version: 7.0.6.5 - ELAN Microelectronics Corp.)
Evernote v. 4.5.8 (x32 Version: 4.5.8.7356 - Evernote Corp.)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FastConnect 1.2.2 (x32 Version: 1.2.2 - The Cloud Networks)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FreeMind (x32 Version: 0.9.0 - )
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
Google Drive (x32 Version: 1.13.5782.599 - Google, Inc.)
Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)
Google Talk (remove only) (HKCU Version: - )
Google Talk Plugin (x32 Version: 4.9.1.16010 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Google+ Auto Backup (x32 Version: 1.0.21.81 - Google)
GoToMeeting 5.1.0.880 (HKCU Version: 5.1.0.880 - CitrixOnline)
GPL Ghostscript 8.71 (Version: - )
iCloud (Version: 3.1.0.40 - Apple Inc.)
Identity Card (x32 Version: 1.00.3003 - Packard Bell)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
InstallIQ Updater (x32 Version: 1.1.2.0 - W3i, LLC)
Insync (HKCU Version: 0.9.19.17363 - Insynchq Pte. Ltd.)
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2125 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.2.1001 - Intel Corporation)
ISO Recorder (Version: 3.1.0 - Alex Feinman)
iTunes (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (x32 Version: 2.1.1 - Oracle Corporation)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (x32 Version: 7.7.6.0 - Eastman Kodak Company)
KODAK Cloud Software Connector (x32 Version: 1.0.9.0 - Eastman Kodak Company)
Launch Manager (x32 Version: 4.0.10 - Packard Bell)
Media Go (x32 Version: 2.4.256 - Sony)
Media Go Video Playback Engine 1.116.104.02020 (x32 Version: 1.116.104.02020 - Sony)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (x32 Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 en-GB) (x32 Version: 24.2.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MusicBrainz Picard (x32 Version: 0.14 - MusicBrainz)
MyDriveConnect 3.3.0.1318 (x32 Version: 3.3.0.1318 - TomTom)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Nokia Connectivity Cable Driver (x32 Version: 7.1.41.0 - Nokia)
Nokia Ovi Suite (x32 Version: 3.1.0.91 - Nokia)
Nokia Ovi Suite (x32 Version: 3.1.0.91 - Nokia) Hidden
Nokia Ovi Suite Software Updater (x32 Version: 02.07.004.45780 - Nokia Corporation)
Nokia PC Suite (x32 Version: 7.1.60.0 - Nokia)
Nokia PC Suite (x32 Version: 7.1.60.0 - Nokia) Hidden
Norton Management (x32 Version: 3.2.2.12 - Symantec Corporation)
Norton Online Backup (x32 Version: 2.1.17869 - Symantec Corporation)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
OpenOffice 4.0.1 (x32 Version: 4.01.9714 - Apache Software Foundation)
Ovi Desktop Sync Engine (x32 Version: 1.5.257.0 - Nokia) Hidden
OviMPlatform (x32 Version: 2.7.66.0 - Nokia) Hidden
Packard Bell Game Console (x32 Version: - WildTangent) Hidden
Packard Bell Games (x32 Version: 1.0.1.3 - WildTangent)
Packard Bell InfoCentre (x32 Version: 3.02.3000 - Packard Bell)
Packard Bell MyBackup (x32 Version: 2.0.0.68 - NewTech Infosystems)
Packard Bell Power Management (x32 Version: 5.00.3005 - Packard Bell)
Packard Bell Recovery Management (x32 Version: 4.05.3013 - Packard Bell)
Packard Bell Registration (x32 Version: 1.03.3003 - Packard Bell)
Packard Bell ScreenSaver (x32 Version: 1.1.0414.2010 - Packard Bell )
Packard Bell Social Networks (x32 Version: 1.0.1901 - CyberLink Corp.)
Packard Bell Social Networks (x32 Version: 1.0.1901 - CyberLink Corp.) Hidden
Packard Bell Updater (x32 Version: 1.02.3001 - Packard Bell)
PC Connectivity Solution (x32 Version: 11.4.16.0 - Nokia)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PersonalBrain 6 (x32 Version: 6.0.7.7 - TheBrain Technologies)
Picasa 3 (x32 Version: 3.9 - Google, Inc.)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayStation(R)Store (x32 Version: 4.14.6.15183 - Sony Computer Entertainment Inc.)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (x32 Version: 1.0.0.6972 - RocketLife Inc.)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Rapport (Version: 3.5.1205.20 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1304.46 - Trusteer) Hidden
RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (x32 Version: 16.0.0 - RealNetworks)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30118 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Scribus 1.4.2 (64bit) (Version: 1.4.2 - The Scribus Team)
Self-service Plug-in (x32 Version: 3.4.0.33684 - Citrix Systems, Inc.) Hidden
Skype Click to Call (x32 Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Sony Ericsson Update Engine (x32 Version: 2.13.6.201305161305 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.155 (x32 Version: 2.10.155 - Sony)
Spotify (HKCU Version: 0.8.3.222.g317ab79d - Spotify AB)
Spotify (x32 Version: 0.4.9 - )
Spybot - Search & Destroy (x32 Version: 1.6.2 - Safer Networking Limited)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Teaching-you 31 Languages (x32 Version: 10.0 - )
Times Reader (x32 Version: 2.054 - The New York Times Company)
Trusteer Endpoint Protection (x32 Version: 3.5.1304.46 - Trusteer)
Tweaking.com - Registry Backup (x32 Version: 1.6.9 - Tweaking.com)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Verbatim GREEN BUTTON 1.46 (x32 Version: - Verbatim)
Viber (HKCU Version: 3.0.0.132799 - Viber Media Inc)
Video Web Camera (x32 Version: 0.5.37.3 - SuYin)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio C++ 10.0 Runtime (x32 Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.0 (x32 Version: 2.1.0 - VideoLAN)
Welcome Center (x32 Version: 1.02.3002 - Packard Bell)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)
ZTE_MF627_USB_MODEM_1.2059.0.4 (x32 Version: - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden
==================== Restore Points =========================
27-01-2014 15:16:49 avast! antivirus system restore point
02-02-2014 19:00:08 Windows Backup
03-02-2014 14:35:06 Installed Rapport
==================== Hosts content: ==========================
2011-02-27 16:09 - 2014-02-02 10:24 - 00450712 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {0A9868FA-D263-474E-9E15-798E94B9CEB0} - System32\Tasks\{57AB1A36-937D-48F2-B0C0-6A797E149219} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-01-20] (Apple Inc.)
Task: {0DB9EBA2-19D7-4091-B9A6-AF0D72DF1BA5} - System32\Tasks\{B24F76FA-AF2A-4456-AFEF-F1062F906A63} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-01-20] (Apple Inc.)
Task: {12006345-9338-44E7-9DA8-1BCF7B3169CA} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2413547309-3373987886-2876452647-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2012-11-29] (RealNetworks, Inc.)
Task: {1280DEF1-BD76-4F62-B49D-5A912C35C583} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe [2012-10-19] (Symantec Corporation)
Task: {1E6349CE-BA83-4C93-BD9E-E8E60364F55B} - System32\Tasks\{79E984C0-31BC-4DA7-9740-3465BF9CDAFC} => C:\Program Files (x86)\iprivo\iprivo_on.exe
Task: {25552EF6-F239-4842-8CEB-2FFD3E096BBC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2ED6DD4F-2032-44E1-AEC7-67AE48C42E0A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-20] (Google Inc.)
Task: {322643B0-B8E9-4FE2-AAC6-25735347CB88} - System32\Tasks\{C8BC8C04-C892-4F10-AC08-EE3F6DDDF68A} => Firefox.exe
Task: {3C355B7D-3190-455E-B861-F4ABF8D94493} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2413547309-3373987886-2876452647-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {4555A0AF-8091-4E4D-8456-193A0AB0424F} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {4A9366C5-63C0-4539-98AC-E1AF36C48E5D} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2413547309-3373987886-2876452647-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {595AA8E0-26CE-454B-8C92-5CBBA12F60BC} - System32\Tasks\{1E4FE0BD-0146-4DDA-B30E-C2ABBCC8D7EE} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-01-20] (Apple Inc.)
Task: {6472055A-3409-4B3A-8770-059EA1BD4EC6} - System32\Tasks\{9A0158CC-C387-4F11-941C-AF82357FB884} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-01-20] (Apple Inc.)
Task: {6E1A4C06-430F-4E2F-96F3-6035937740D7} - System32\Tasks\{B219D692-AA42-495D-8042-9416221A52FB} => Firefox.exe http://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?source=lightinstaller&page=tsMain
Task: {6F0EE64D-3618-484E-8764-D0F0B2594E96} - System32\Tasks\{88BB4C8C-1019-4C41-B24E-1C2D22496B51} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-01-20] (Apple Inc.)
Task: {6FAC1FE8-5863-4346-8080-D3E453488F12} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe
Task: {7458875E-684B-4B05-9925-AF8F7C9FC997} - System32\Tasks\{5F14F897-7F0C-4E82-9F37-2A3666B41AF5} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {74627B8F-AFCB-4A50-8AA0-CF250EC973C6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2413547309-3373987886-2876452647-1000Core => C:\Users\H\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {7D743118-1AAA-4998-9EB7-C58E3C7299B4} - System32\Tasks\{53BADC73-31EA-4132-A7A6-494FCA3A9B44} => C:\Program Files (x86)\iprivo\iprivo_on.exe
Task: {82AD1EBE-8964-40A6-9277-691D4878B8D3} - System32\Tasks\{EC44D2C3-C8F6-40EE-93F5-97CDDAA88076} => Firefox.exe
Task: {831C3C8C-7621-46B8-A487-6B60CE264570} - System32\Tasks\{7E8D4532-A0DF-486F-86A9-558BE222CBE6} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-01-20] (Apple Inc.)
Task: {85EAD016-5B8E-4EF6-B9A9-1BC83F877027} - System32\Tasks\{3C68EB6A-E311-4A85-9BB8-3A43DAC36A9A} => Firefox.exe
Task: {880630B5-8F71-41BB-86CB-6D1D9360B283} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2413547309-3373987886-2876452647-1000Core => C:\Users\H\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-24] (Google Inc.)
Task: {8D239B25-DBEE-4F2C-86D0-E0FB5DA72CDA} - System32\Tasks\PrintProjects Communicator => C:\ProgramData\PrintProjects\MessageCheck.exe [2011-11-22] ()
Task: {925970C2-5F80-48AC-8C08-A323A54C90EA} - System32\Tasks\{7D21D0FD-9331-4A56-9CFB-7C89D6214FEC} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-01-20] (Apple Inc.)
Task: {94241F4F-06F6-4F31-8C10-1854BC63AFDB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-20] (Google Inc.)
Task: {95958DC4-5C50-4EF4-9D83-96CBCF7EA06F} - System32\Tasks\{BC34DDAF-5D44-4154-9228-42BFCA0C3914} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-01-20] (Apple Inc.)
Task: {9B61C355-83FE-4DDB-AA82-F1CA10031C27} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe [2012-10-19] (Symantec Corporation)
Task: {9D5B2CAD-5091-4245-830F-F6934C76C33C} - System32\Tasks\{93864360-EF3A-4C6C-AD89-FCE539EB4374} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-01-20] (Apple Inc.)
Task: {A4382229-3CCE-4ABF-B8E8-1444765EDA5F} - System32\Tasks\{51B7C9DC-D8D0-4A43-9C40-4B525A0F0E0F} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-01-20] (Apple Inc.)
Task: {A5D146C5-01B0-49E9-9F1C-E7A4CA95A438} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2413547309-3373987886-2876452647-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)
Task: {AB2B3BD6-E3ED-464A-B13D-197D1DF7F850} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {AC00FF9C-502C-41E0-B2CD-5DD2E6ADF4D8} - System32\Tasks\H Local Autobackup => C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe
Task: {B0D09DA1-6FC9-453C-B8BA-F0F8C73001A3} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2413547309-3373987886-2876452647-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {B0E5A5EF-636B-4510-ACDB-E78133C54780} - System32\Tasks\{01CE5DFF-93BC-433A-A3A2-AD28A565E4CC} => Firefox.exe
Task: {B7029DBC-C774-4D16-AA56-3BC75CE18221} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2413547309-3373987886-2876452647-1000UA => C:\Users\H\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {B734BCB4-56D2-40BD-B996-A9A45728A2F5} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {BEB7152D-FF57-408B-B76B-5054D9FA8AFA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2413547309-3373987886-2876452647-1000UA => C:\Users\H\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-24] (Google Inc.)
Task: {BF754559-7553-4070-9EE7-7206F9C275EA} - System32\Tasks\{25C68268-E81B-4740-8445-A0E990FDEBF4} => Firefox.exe
Task: {C5280457-BC6F-4697-AA54-80CE13C9A028} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\H\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {CACE9CE1-4460-47A7-8D0B-75A842F37EE4} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe
Task: {CE8C5465-2D5A-475D-A86A-47F63B0D4196} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-27] (AVAST Software)
Task: {D26E24FC-26A0-41B9-9B6B-6AD9A8A28555} - System32\Tasks\{48B0170F-9B39-45C3-B9B2-FD35988AE10C} => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2013-03-15] (Eastman Kodak Company)
Task: {D4727CA1-5E2C-4949-BA38-79FD9209F4C8} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2413547309-3373987886-2876452647-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {D8323EA2-B374-4F94-BBF9-D2431E03A6A9} - System32\Tasks\{513C912D-9222-431B-BE4D-44395F936CBA} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-01-20] (Apple Inc.)
Task: {D95BC0A8-76B1-40C7-9936-3A8FC25D0394} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {DDD5D5FD-EE36-43E6-81B5-3970F11AD614} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2413547309-3373987886-2876452647-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)
Task: {E1B2F1B0-DF33-474D-9D97-EEF4C101972F} - System32\Tasks\{611EF063-E14B-4748-8170-3D3B8E5D4AB4} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-01-20] (Apple Inc.)
Task: {EF4849BA-12A3-40B9-8709-6C5ECA4808D6} - System32\Tasks\{4811AC6E-E0BA-42D1-AE43-79B6A205DA26} => Firefox.exe
Task: {F94EEC86-1F30-4E71-AE8E-70DC471AB9A1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-02] (Adobe Systems Incorporated)
Task: {FAF8B863-1319-41D6-B579-881DEDDAC7E4} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2413547309-3373987886-2876452647-1000Core.job => C:\Users\H\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2413547309-3373987886-2876452647-1000UA.job => C:\Users\H\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2413547309-3373987886-2876452647-1000Core.job => C:\Users\H\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2413547309-3373987886-2876452647-1000UA.job => C:\Users\H\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PrintProjects Communicator.job => C:\ProgramData\PrintProjects\MessageCheck.exe
==================== Loaded Modules (whitelisted) =============
2012-01-19 21:33 - 2014-02-03 14:38 - 01125592 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2014-02-03 17:47 - 2014-02-03 17:06 - 02168320 _____ () C:\Program Files\AVAST Software\Avast\defs\14020301\algo.dll
2012-06-27 14:09 - 2012-06-27 14:09 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-08-03 06:35 - 2009-05-20 06:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2014-01-27 15:10 - 2014-01-27 15:10 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-06-14 02:16 - 2012-06-14 02:16 - 00194048 _____ () C:\Program Files (x86)\Kodak\CloudPrinting\curllib.dll
2012-06-14 02:16 - 2012-06-14 02:16 - 00110592 _____ () C:\Program Files (x86)\Kodak\CloudPrinting\OpenLDAP.dll
2012-06-14 02:16 - 2012-06-14 02:16 - 00070920 _____ () C:\Program Files (x86)\Kodak\CloudPrinting\libsasl.dll
2010-06-28 22:20 - 2010-06-28 22:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
2010-06-28 22:12 - 2010-06-28 22:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\ACE.dll
2014-01-27 16:29 - 2013-12-05 19:36 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-08-15 08:12 - 2013-08-15 08:12 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\eff228aa396c1d45248a54b44d7ce5a0\IsdiInterop.ni.dll
2010-08-03 05:48 - 2010-04-13 16:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
==================== Faulty Device Manager Devices =============
Name: Norton Management Settings Manager
Description: Norton Management Settings Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ccSet_MCLIENT
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/03/2014 06:49:21 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 18 3.1.168.192.in-addr.arpa. PTR HalimaB-PC.local.
Error: (02/03/2014 06:49:21 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.3:5353 20 3.1.168.192.in-addr.arpa. PTR HalimaB-PC-2.local.
System errors:
=============
Error: (02/03/2014 06:51:10 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (02/03/2014 06:50:32 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ccSet_MCLIENT
Error: (02/03/2014 06:45:10 PM) (Source: Service Control Manager) (User: )
Description: The Norton Management service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (02/03/2014 06:45:09 PM) (Source: Service Control Manager) (User: )
Description: The Norton Internet Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Microsoft Office Sessions:
=========================
Error: (02/03/2014 06:49:21 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 18 3.1.168.192.in-addr.arpa. PTR HalimaB-PC.local.
Error: (02/03/2014 06:49:21 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.3:5353 20 3.1.168.192.in-addr.arpa. PTR HalimaB-PC-2.local.
CodeIntegrity Errors:
===================================
Date: 2012-10-21 08:57:47.424
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-10-21 08:57:47.294
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 55%
Total physical RAM: 3766.71 MB
Available physical RAM: 1691.34 MB
Total Pagefile: 7531.6 MB
Available Pagefile: 5232.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive b: (Packard Bell) (RAMDisk) (Total:284.99 GB) (Free:95.61 GB) NTFS
Drive c: (Packard Bell) (Fixed) (Total:284.99 GB) (Free:95.43 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 5A28EEB7)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
start
C:\Users\H\AppData\Local\Temp\Quarantine.exe
C:\Users\H\AppData\Local\Temp\tbuTo2.dll
HKU\S-1-5-21-2413547309-3373987886-2876452647-1000\...\Run: - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\H\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
URLSearchHook: HKCU - (No Name) - {81d24ea1-3106-46a5-a324-fa96b8178519} - No File
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Extension: (uTorrentControl2) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc [2013-10-17]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\H\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-16]
C:\Windows\System32\Tasks\BackgroundContainer Startup Task
Task: {C5280457-BC6F-4697-AA54-80CE13C9A028} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\H\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
end
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
[b]NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Did you run the Norton removal tool?, reason is I still see several files and folders related to norton and a few error messages to this program.
~~~~~~~~~~~~~~~~~~~~~~~`
http://www.malwarebytes.org/forums/style_images/1/bf_new.gif Please download Malwarebytes' Anti-Malware from Here (http://www.malwarebytes.org/mbam-download.php). Never download Malwarebytes' Anti-Malware from other sources.
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
In your next reply post:
Fixlog.txt
MBAM txt
How's your computer now, still seeing error messages?
halibrewer
2014-02-03, 22:58
I ran the Norton removal tool again, and it was almost instant, but on restart there was no warning message of any kind, and it started fast. (A friend of mine recommended not using Norton because it creeps into everything and is a bitch to remove. One of the reasons I decided to switch to Avast as soon as the subscription time ran out.)
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2014 04
Ran by H at 2014-02-03 20:34:10 Run:1
Running from C:\Users\H\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
C:\Users\H\AppData\Local\Temp\Quarantine.exe
C:\Users\H\AppData\Local\Temp\tbuTo2.dll
HKU\S-1-5-21-2413547309-3373987886-2876452647-1000\...\Run: [BackgroundContainer] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\H\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
URLSearchHook: HKCU - (No Name) - {81d24ea1-3106-46a5-a324-fa96b8178519} - No File
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Extension: (uTorrentControl2) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc [2013-10-17]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\H\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-16]
C:\Windows\System32\Tasks\BackgroundContainer Startup Task
Task: {C5280457-BC6F-4697-AA54-80CE13C9A028} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\H\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
end
*****************
C:\Users\H\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\H\AppData\Local\Temp\tbuTo2.dll => Moved successfully.
HKU\S-1-5-21-2413547309-3373987886-2876452647-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BackgroundContainer => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81d24ea1-3106-46a5-a324-fa96b8178519} => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Value deleted successfully.
HKCR\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Key not found.
C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll not found.
C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc => Moved successfully.
HKCU\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf => Key deleted successfully.
C:\Users\H\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx => Moved successfully.
C:\Windows\System32\Tasks\BackgroundContainer Startup Task => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C5280457-BC6F-4697-AA54-80CE13C9A028} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5280457-BC6F-4697-AA54-80CE13C9A028} => Key deleted successfully.
C:\Windows\System32\Tasks\BackgroundContainer Startup Task not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task => Key deleted successfully.
C:\ProgramData\Temp => ":DFC5A2B2" ADS removed successfully.
==== End of Fixlog ====
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2014.02.03.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
H :: HALIMAB-PC [administrator]
Protection: Disabled
03/02/2014 20:47:38
mbam-log-2014-02-03 (20-47-38).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212845
Time elapsed: 10 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 10
C:\Users\H\Downloads\BestCodecsPackSetup.exe (Adware.InstallBrain) -> Quarantined and deleted successfully.
C:\Users\H\Downloads\bitzipper_513.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\H\Downloads\FinalTorrent2010Setup.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\H\Downloads\FlashPlayerSDM.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\H\Downloads\HSS-1.57-install-anchorfree-238-conduit2.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\H\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\H\Downloads\iLividSetupV1(1).exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\H\Downloads\iLividSetupV1.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\H\Downloads\PublicTransportSetup.exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Users\H\Music\MapsSetup.exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
(end)
C:\Users\H\Downloads\FinalTorrent2010Setup.exe
man, stay away from Torrents, I have seen very little things people have downloaded that wasn't infected with something.
How's your computer now?
~~~~~~~~~~~~
I can check your logs for any other left over for Norton if you wish.
Just run a new FRST scan.
~~~~~~~~~~~~~~~~~~~
Run this online scan first, it's the most through to use. It can take quite a while but it's good. So just be patient and run errands if you have to.
ESET Online Scanner:
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here (http://www.bleepingcomputer.com/forums/topic114351.html).
Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
Please go here (http://www.eset.co.uk/ThreatCenter/OnlineScanner/) to run the scan.
http://www.eset.com/us/online-scanner/run
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
halibrewer
2014-02-04, 02:21
list of threats. (why not click "remove threats" -as you stated in the last instruction?
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AF-HSS\tbAF-H.dll.vir a variant of Win32/Toolbar.Conduit.B application
C:\AdwCleaner\Quarantine\C\Users\H\AppData\Roaming\file scout\filescout.exe.vir Win32/FileScout.A application
C:\FRST\Quarantine\tbuTo2.dll03-02-2014_20-34-11 a variant of Win32/Toolbar.Conduit.B application
C:\Program Files\Uninstaller\Uninstall.exe a variant of MSIL/DomaIQ.A application
C:\Program Files (x86)\PDFCreator\message.exe a variant of Win32/InstallCore.A application
C:\Users\H\Documents\karim\ZipOpenerSetup.exe a variant of Win32/InstallCore.CH application
C:\Users\H\Documents\New folder\Holding file\Mindjet MindManager Pro 6\keygen (2).exe a variant of Win32/Keygen.IH application
C:\Users\H\Documents\New folder\Holding file\Mindjet MindManager Pro 6\keygen.exe a variant of Win32/Keygen.IH application
C:\Users\H\Documents\New folder\Holding file\Mindjet MindManager Pro 6\mindjetmanager\keygen.exe a variant of Win32/Keygen.IH application
C:\Users\H\Documents\New folder\Holding file\Mindjet MindManager Pro 6\mindjetmanager\keyggen\keygen.exe a variant of Win32/Keygen.IH application
C:\Users\H\Downloads\avira_free_antivirus_en.exe a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Users\H\Downloads\Babylon9_setup.exe a variant of Win32/Toolbar.Babylon.C application
C:\Users\H\Downloads\registrybooster.exe Win32/RegistryBooster application
C:\Users\H\Downloads\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D application
C:\Users\H\Downloads\ZipOpenerSetup.exe Win32/InstallCore.BN application
C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D application
C:\Windows\System32\config\systemprofile\AppData\Local\Conduit\CT2765711\AF-HSSAutoUpdaterHelper.exe multiple threats
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\tbedrs[1].dll a variant of Win32/Toolbar.Conduit.B application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\AF-HSS\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll a variant of Win32/PriceGong.A application
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Conduit\CT2765711\AF-HSSAutoUpdaterHelper.exe multiple threats
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\tbedrs[1].dll a variant of Win32/Toolbar.Conduit.B application
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AF-HSS\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll a variant of Win32/PriceGong.A application
halibrewer
2014-02-04, 02:30
sorry, this is the log, the last one was just the list.
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9efe95c32d72fb419b94a8d49e9f4cf9
# engine=16925
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-03 09:20:16
# local_time=2014-02-03 09:20:16 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=772 16777213 66 82 629850 630651 0 0
# compatibility_mode=5893 16776574 100 94 17899651 143927466 0 0
# scanned=23
# found=0
# cleaned=0
# scan_time=1
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9efe95c32d72fb419b94a8d49e9f4cf9
# engine=16925
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-02-03 09:21:59
# local_time=2014-02-03 09:21:59 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=772 16777213 66 82 629953 630754 0 0
# compatibility_mode=5893 16776574 100 94 17899754 143927569 0 0
# scanned=431
# found=1
# cleaned=0
# scan_time=11
sh=0C73CCC63EC56232CA1EF6BF8573B3A9AB323052 ft=1 fh=d014c1be8c7ac6c1 vn="a variant of Win32/Toolbar.Conduit.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AF-HSS\tbAF-H.dll.vir"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9efe95c32d72fb419b94a8d49e9f4cf9
# engine=16925
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-02-04 12:06:35
# local_time=2014-02-04 12:06:35 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=772 16777213 66 82 636229 640630 0 0
# compatibility_mode=5893 16776574 100 94 17909630 143937445 0 0
# scanned=464149
# found=23
# cleaned=0
# scan_time=9810
sh=0C73CCC63EC56232CA1EF6BF8573B3A9AB323052 ft=1 fh=d014c1be8c7ac6c1 vn="a variant of Win32/Toolbar.Conduit.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AF-HSS\tbAF-H.dll.vir"
sh=6D83869D7EB65B6C7DFA54DB8FF6E8C158ADA9EE ft=1 fh=c71c00118b4bdd35 vn="Win32/FileScout.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\H\AppData\Roaming\file scout\filescout.exe.vir"
sh=33457E2F2405727124C107D6DEAF24C94E992463 ft=1 fh=e719e166edfd7994 vn="a variant of Win32/Toolbar.Conduit.B application" ac=I fn="C:\FRST\Quarantine\tbuTo2.dll03-02-2014_20-34-11"
sh=3E370E371FABAABF8A6B74826EB8EAAFBC696E50 ft=1 fh=dfbc752766eb1ac2 vn="a variant of MSIL/DomaIQ.A application" ac=I fn="C:\Program Files\Uninstaller\Uninstall.exe"
sh=D957B0EC634B5C52AA2B8934223A6248D5152807 ft=1 fh=4c2491a4bea30714 vn="a variant of Win32/InstallCore.A application" ac=I fn="C:\Program Files (x86)\PDFCreator\message.exe"
sh=97FBA1B899594DC222FAEF74549842BE57D027D6 ft=1 fh=9262da0d079bd583 vn="a variant of Win32/InstallCore.CH application" ac=I fn="C:\Users\H\Documents\karim\ZipOpenerSetup.exe"
sh=C2552B5B450225E396EA44519A055AFD62DB9F55 ft=1 fh=b3c48286b9f7aedf vn="a variant of Win32/Keygen.IH application" ac=I fn="C:\Users\H\Documents\New folder\Holding file\Mindjet MindManager Pro 6\keygen (2).exe"
sh=C2552B5B450225E396EA44519A055AFD62DB9F55 ft=1 fh=b3c48286b9f7aedf vn="a variant of Win32/Keygen.IH application" ac=I fn="C:\Users\H\Documents\New folder\Holding file\Mindjet MindManager Pro 6\keygen.exe"
sh=C2552B5B450225E396EA44519A055AFD62DB9F55 ft=1 fh=b3c48286b9f7aedf vn="a variant of Win32/Keygen.IH application" ac=I fn="C:\Users\H\Documents\New folder\Holding file\Mindjet MindManager Pro 6\mindjetmanager\keygen.exe"
sh=C2552B5B450225E396EA44519A055AFD62DB9F55 ft=1 fh=b3c48286b9f7aedf vn="a variant of Win32/Keygen.IH application" ac=I fn="C:\Users\H\Documents\New folder\Holding file\Mindjet MindManager Pro 6\mindjetmanager\keyggen\keygen.exe"
sh=B706EC29F2432B9375A9A1C16D009B67F98C2180 ft=1 fh=7ff62f08a622c067 vn="a variant of Win32/Bundled.Toolbar.Ask.D application" ac=I fn="C:\Users\H\Downloads\avira_free_antivirus_en.exe"
sh=0A1FF4E8ECE13E240FF52B67CD57B0710AF10CBB ft=1 fh=094afa667a6bedfe vn="a variant of Win32/Toolbar.Babylon.C application" ac=I fn="C:\Users\H\Downloads\Babylon9_setup.exe"
sh=7FAB1DC1A9D4CC75A7CBC08495D8F3A3A891776E ft=1 fh=8b62f149f4b90c6c vn="Win32/RegistryBooster application" ac=I fn="C:\Users\H\Downloads\registrybooster.exe"
sh=44A7AE70AA7AC181E962591F263CFA55C823B4FC ft=1 fh=cf972a16567b49c6 vn="Win32/Bundled.Toolbar.Google.D application" ac=I fn="C:\Users\H\Downloads\Shockwave_Installer_Slim.exe"
sh=9388B2D178E5DDA724D18CAE65AC02CEEAC82340 ft=1 fh=b459eba1609539f6 vn="Win32/InstallCore.BN application" ac=I fn="C:\Users\H\Downloads\ZipOpenerSetup.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D application" ac=I fn="C:\Windows\System32\Adobe\Shockwave 12\gt.exe"
sh=8EE9FB5AE2B8B6679E36388F102438C3C72C628E ft=1 fh=fc1817d8cca0d243 vn="multiple threats" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Conduit\CT2765711\AF-HSSAutoUpdaterHelper.exe"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="a variant of Win32/Toolbar.Conduit.B application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\tbedrs[1].dll"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="a variant of Win32/PriceGong.A application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\AF-HSS\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D application" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe"
sh=8EE9FB5AE2B8B6679E36388F102438C3C72C628E ft=1 fh=fc1817d8cca0d243 vn="multiple threats" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Conduit\CT2765711\AF-HSSAutoUpdaterHelper.exe"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="a variant of Win32/Toolbar.Conduit.B application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\tbedrs[1].dll"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="a variant of Win32/PriceGong.A application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AF-HSS\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll"
ESETSmartInstaller@High as downloader log:
all ok
why not click "remove threats" -as you stated in the last instruction?
Sometimes it can screw up removing the quarantine folders from the tools we've used and, if you had a patched file, guess what, I can't guarantee it can find a clean copy and replace it.
OK, let's remove some bad files
~~~~~~~~~~~~~~~
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
start
C:\Program Files\Uninstaller\Uninstall.exe
C:\Program Files (x86)\PDFCreator\message.exe
C:\Users\H\Documents\karim\ZipOpenerSetup.exe
C:\Users\H\Documents\New folder\Holding file\Mindjet MindManager Pro 6\keygen (2).exe
C:\Users\H\Documents\New folder\Holding file\Mindjet MindManager Pro 6\keygen.exe
C:\Users\H\Documents\New folder\Holding file\Mindjet MindManager Pro 6\mindjetmanager\keygen.exe
C:\Users\H\Documents\New folder\Holding file\Mindjet MindManager Pro 6\mindjetmanager\keyggen\keygen.exe
C:\Users\H\Downloads\avira_free_antivirus_en.exe
C:\Users\H\Downloads\Babylon9_setup.exe
C:\Users\H\Downloads\registrybooster.exe
C:\Users\H\Downloads\Shockwave_Installer_Slim.exe
C:\Users\H\Downloads\ZipOpenerSetup.exe
C:\Windows\System32\Adobe\Shockwave 12\gt.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Conduit\CT2765711\AF-HSSAutoUpdaterHelper.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\tbedrs[1].dll
C:\Windows\System32\config\systemprofile\AppData\LocalLow\AF-HSS\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Conduit\CT2765711\AF-HSSAutoUpdaterHelper.exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\tbedrs[1].dll
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AF-HSS\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll
end
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Please post the Fixlog.txt
I need comments on how the computer is at the moment.
halibrewer
2014-02-04, 03:36
ix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2014 04
Ran by H at 2014-02-04 01:35:26 Run:2
Running from C:\Users\H\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
why not click "remove threats" -as you stated in the last instruction?
Sometimes it can screw up removing the quarantine folders from the tools we've used and, if you had a patched file, guess what, I can't guarantee it can find a clean copy and replace it.
OK, let's remove some bad files
~~~~~~~~~~~~~~~
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
start
C:\Program Files\Uninstaller\Uninstall.exe
C:\Program Files (x86)\PDFCreator\message.exe
C:\Users\H\Documents\karim\ZipOpenerSetup.exe
C:\Users\H\Documents\New folder\Holding file\Mindjet MindManager Pro 6\keygen (2).exe
C:\Users\H\Documents\New folder\Holding file\Mindjet MindManager Pro 6\keygen.exe
C:\Users\H\Documents\New folder\Holding file\Mindjet MindManager Pro 6\mindjetmanager\keygen.exe
C:\Users\H\Documents\New folder\Holding file\Mindjet MindManager Pro 6\mindjetmanager\keyggen\keygen.exe
C:\Users\H\Downloads\avira_free_antivirus_en.exe
C:\Users\H\Downloads\Babylon9_setup.exe
C:\Users\H\Downloads\registrybooster.exe
C:\Users\H\Downloads\Shockwave_Installer_Slim.exe
C:\Users\H\Downloads\ZipOpenerSetup.exe
C:\Windows\System32\Adobe\Shockwave 12\gt.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Conduit\CT2765711\AF-HSSAutoUpdaterHelper.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\tbedrs[1].dll
C:\Windows\System32\config\systemprofile\AppData\LocalLow\AF-HSS\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Conduit\CT2765711\AF-HSSAutoUpdaterHelper.exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\tbedrs[1].dll
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AF-HSS\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll
end
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Please post the Fixlog.txt
I need comments on how the computer is at the moment.
*****************
C:\Program Files\Uninstaller\Uninstall.exe => Moved successfully.
C:\Program Files (x86)\PDFCreator\message.exe => Moved successfully.
C:\Users\H\Documents\karim\ZipOpenerSetup.exe => Moved successfully.
C:\Users\H\Documents\New folder\Holding file\Mindjet MindManager Pro 6\keygen (2).exe => Moved successfully.
C:\Users\H\Documents\New folder\Holding file\Mindjet MindManager Pro 6\keygen.exe => Moved successfully.
C:\Users\H\Documents\New folder\Holding file\Mindjet MindManager Pro 6\mindjetmanager\keygen.exe => Moved successfully.
C:\Users\H\Documents\New folder\Holding file\Mindjet MindManager Pro 6\mindjetmanager\keyggen\keygen.exe => Moved successfully.
C:\Users\H\Downloads\avira_free_antivirus_en.exe => Moved successfully.
C:\Users\H\Downloads\Babylon9_setup.exe => Moved successfully.
C:\Users\H\Downloads\registrybooster.exe => Moved successfully.
C:\Users\H\Downloads\Shockwave_Installer_Slim.exe => Moved successfully.
C:\Users\H\Downloads\ZipOpenerSetup.exe => Moved successfully.
"C:\Windows\System32\Adobe\Shockwave 12\gt.exe" => File/Directory not found.
"C:\Windows\System32\config\systemprofile\AppData\Local\Conduit\CT2765711\AF-HSSAutoUpdaterHelper.exe" => File/Directory not found.
"C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\tbedrs[1].dll" => File/Directory not found.
"C:\Windows\System32\config\systemprofile\AppData\LocalLow\AF-HSS\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll" => File/Directory not found.
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe => Moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Conduit\CT2765711\AF-HSSAutoUpdaterHelper.exe => Moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\tbedrs[1].dll => Moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AF-HSS\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll => Moved successfully.
==== End of Fixlog ====
halibrewer
2014-02-04, 11:06
Woke up this morning and on startup 04/Feb/2014 got these error messages:
error saving file C:\windows\ERNT\Autobackup\04-02-2014\BCD!
RegCreateKeyEX5-Access denied.
error saving file C:\windows\ERNT\Autobackup\04-02-2014\SYSTEM
RegCreateKeyEX5-Access denied.
error saving file C:\windows\ERNT\Autobackup\04-02-2014\SFTWARE
RegCreateKeyEX5-Access denied.
error saving file C:\windows\ERNT\Autobackup\04-02-2014\SECURITY
RegCreateKeyEX5-Access denied.
error saving file C:\windows\ERNT\Autobackup\04-02-2014\DEFAULT
RegCreateKeyEX5-Access denied.
error saving file C:\windows\ERNT\Autobackup\04-02-2014\SAM!
RegCreateKeyEX5-Access denied.
error saving file C:\windows\ERNT\Autobackup\04-02-2014\users\00000001\ntuser.d
RegCreateKeyEX5-Access denied.
error saving file C:\windows\ERNT\Autobackup\04-02-2014\users\00000002\userClass.d
RegCreateKeyEX5-Access denied.
Not sure if I copied the last two completely correct but can run again if you want to read them.
Ran Malwarebytes quick scan just to check and got:
no malicious items detected.
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2014.02.03.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
H :: HALIMAB-PC [administrator]
Protection: Enabled
04/02/2014 08:10:10
mbam-log-2014-02-04 (08-10-10).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214082
Time elapsed: 10 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
did not want to run the online one again just yet because it takes almost 3 hours. And I have to go out. will do when I get back if you think necessary.
Will do another FRST scan and report – may take up 2 posts for that.
halibrewer
2014-02-04, 11:13
ran FRST this morning:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by H (administrator) on HALIMAB-PC on 04-02-2014 09:07:10
Running from C:\Users\H\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Kodak\CloudPrinting\KCPConnector.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
( ) C:\Windows\System32\lxcycoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [960080 2010-05-25] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [EKStatusMonitor] - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-27] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2413547309-3373987886-2876452647-1000\...\Run: [] - [x]
HKU\S-1-5-21-2413547309-3373987886-2876452647-1000\...\Run: [Google Update] - C:\Users\H\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-24] (Google Inc.)
HKU\S-1-5-21-2413547309-3373987886-2876452647-1000\...\MountPoints2: {53ff305e-d44c-11e2-8194-1c7508051370} - E:\Startme.exe
HKU\S-1-5-21-2413547309-3373987886-2876452647-1000\...\MountPoints2: {84f5167a-4f45-11e2-b84e-1c7508051370} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2413547309-3373987886-2876452647-1000\...\MountPoints2: {86c18bf5-9c04-11e0-8122-1c7508051370} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2413547309-3373987886-2876452647-1000\...\MountPoints2: {c89e4185-900d-11e0-a47e-1c7508051370} - E:\LaunchU3.exe -a
AppInit_DLLs-x32: c:\progra~2\citrix\icacli~1\rshook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [256568 2012-12-14] (Citrix Systems, Inc.)
Startup: C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
==================== Internet (Whitelisted) ====================
ProxyServer: localhost:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=OIE9HP
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564
FF NewTab: www.google.com
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: www.google.com
FF Keyword.URL: hxxp://search.yahoo.com/search?ourmark=3&ei=utf-8&fr=freecause&type=100311&p=
FF NetworkProxy: "autoconfig_url", "https://mediahint.com/default.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\H\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\H\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\H\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\H\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\H\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\H\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\H\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\H\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\H\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\H\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\searchplugins\search-the-web.xml
FF Extension: iCloud Bookmarks - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\Extensions\firefoxdav@icloud.com [2013-12-20]
FF Extension: Pocket - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\Extensions\isreaditlater@ideashower.com [2013-10-21]
FF Extension: Fun Characters - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\Extensions\funcharacters@diegoruiz.info.xpi [2013-06-22]
FF Extension: Grammarly - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\Extensions\grammar.plugin@grammarly.com.xpi [2013-07-29]
FF Extension: Push to Kindle - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\Extensions\jid0-GokC6R49cBZciOKniufAR4QKFWc@jetpack.xpi [2013-05-16]
FF Extension: Media Hint - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\Extensions\mediahint@jetpack.xpi [2013-10-22]
FF Extension: ShareThis - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\Extensions\{1b8cc170-8c85-11db-b606-0800200c9a66}.xpi [2013-07-27]
FF Extension: ShowIP - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\Extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi [2013-05-29]
FF Extension: ShareThis Toolbar - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\Extensions\{5e889f11-3738-6e34-f5ad-ccce03875424}.xpi [2013-11-13]
FF Extension: Modify Headers - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2013-05-16]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-20]
FF HKLM-x32\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ []
FF HKLM-x32\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012-12-18]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-27]
FF HKLM-x32\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ []
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: google.co.uk
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Skype Click to Call) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\H\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Google Talk Plugin) - C:\Users\H\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\H\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\H\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Media Go Detector) - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Translate) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2013-10-21]
CHR Extension: (Media Hint) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja [2013-10-22]
CHR Extension: (AddThis - Share & Bookmark (new)) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde [2013-10-21]
CHR Extension: (Hola Better Internet) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2013-11-10]
CHR Extension: (RealDownloader) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-10-17]
CHR Extension: (Pocket (formerly Read It Later)) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-10-21]
CHR Extension: (Google Wallet) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-21]
CHR Extension: (Push to Kindle) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc [2013-10-21]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-27]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-27] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-01-27] (AVAST Software)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated)
S3 GameConsoleService; C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe [246520 2010-04-03] (WildTangent, Inc.)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 Kodak Cloud Software Connector; C:\Program Files (x86)\Kodak\CloudPrinting\KCPConnector.exe [1526192 2012-06-14] ()
R2 lxcy_device; C:\Windows\system32\lxcycoms.exe [566192 2006-11-29] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MCLIENT; C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-05] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-28] (NewTech Infosystems, Inc.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2014-01-22] (Trusteer Ltd.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)
==================== Drivers (Whitelisted) ====================
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-01-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-27] (AVAST Software)
R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [440672 2014-01-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-27] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-01-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-27] ()
R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
S1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-10-04] (Symantec Corporation)
S3 massfilter; C:\Windows\SysWOW64\drivers\massfilter.sys [9216 2009-09-07] (ZTE Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-10-30] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [282712 2014-01-22] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [316312 2014-01-22] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [397848 2014-01-22] (Trusteer Ltd.)
S3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [13168 2012-03-21] (SMART Technologies ULC)
S3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [16368 2012-03-21] (SMART Technologies ULC)
S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [24944 2012-03-21] (SMART Technologies ULC)
S3 ZTEusbmdm6k; C:\Windows\SysWOW64\DRIVERS\ZTEusbmdm6k.sys [119680 2009-09-07] (ZTE Incorporated)
S3 ZTEusbnmea; C:\Windows\SysWOW64\DRIVERS\ZTEusbnmea.sys [119680 2009-09-07] (ZTE Incorporated)
S3 ZTEusbser6k; C:\Windows\SysWOW64\DRIVERS\ZTEusbser6k.sys [119680 2009-09-07] (ZTE Incorporated)
halibrewer
2014-02-04, 11:14
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-04 00:24 - 2014-02-04 00:24 - 02347384 _____ (ESET) C:\Users\H\Desktop\esetsmartinstaller_enu.exe
2014-02-03 21:18 - 2014-02-03 21:18 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-03 21:02 - 2014-02-03 21:02 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2413547309-3373987886-2876452647-1000
2014-02-03 21:02 - 2014-02-03 21:02 - 00003194 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2413547309-3373987886-2876452647-1000
2014-02-03 20:46 - 2014-02-03 20:46 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-03 20:46 - 2014-02-03 20:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-03 20:41 - 2014-02-04 08:43 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2413547309-3373987886-2876452647-1000
2014-02-03 20:35 - 2014-02-03 20:35 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\H\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-03 19:33 - 2014-02-03 19:33 - 00036172 _____ () C:\Users\H\Desktop\Addition.txt
2014-02-03 19:32 - 2014-02-04 09:07 - 00036021 _____ () C:\Users\H\Desktop\FRST.txt
2014-02-03 19:32 - 2014-02-04 09:07 - 00000000 ____D () C:\FRST
2014-02-03 19:31 - 2014-02-03 19:31 - 02080256 _____ (Farbar) C:\Users\H\Desktop\FRST64.exe
2014-02-03 19:27 - 2014-02-03 19:27 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HALIMAB-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-02-03 19:25 - 2014-02-03 19:25 - 00000000 ____D () C:\RegBackup
2014-02-03 19:24 - 2014-02-03 19:24 - 00002251 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-02-03 19:24 - 2014-02-03 19:24 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-02-03 19:19 - 2014-02-03 19:19 - 03936992 _____ () C:\Users\H\Desktop\tweaking.com_registry_backup_setup.exe
2014-02-03 19:09 - 2014-02-04 09:04 - 00000000 ____D () C:\Users\H\Desktop\spybot tools from forum
2014-02-03 19:05 - 2014-02-03 19:07 - 00000000 ____D () C:\Users\H\Desktop\various
2014-02-03 18:50 - 2014-02-04 08:43 - 00003216 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2413547309-3373987886-2876452647-1000
2014-02-03 18:23 - 2014-02-03 18:23 - 00000000 ____D () C:\Windows\ERUNT
2014-02-03 17:43 - 2014-02-03 21:00 - 00027920 _____ () C:\Windows\PFRO.log
2014-02-03 17:38 - 2014-02-03 17:42 - 00000000 ____D () C:\AdwCleaner
2014-02-03 08:58 - 2014-02-04 08:47 - 00000000 ____D () C:\Windows\ERDNT
2014-02-03 08:56 - 2014-02-03 08:56 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-02-02 13:35 - 2014-02-04 08:42 - 00001120 _____ () C:\Windows\setupact.log
2014-02-02 13:35 - 2014-02-02 13:35 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-02 10:24 - 2014-02-02 10:24 - 00450712 ____R () C:\Windows\system32\Drivers\etc\hosts.20140202-102447.backup
2014-02-02 10:24 - 2014-02-02 10:23 - 00450712 ____R () C:\Windows\system32\Drivers\etc\hosts.20140202-102434.backup
2014-02-02 10:23 - 2014-02-02 10:22 - 00450712 ____R () C:\Windows\system32\Drivers\etc\hosts.20140202-102303.backup
2014-01-27 16:37 - 2014-01-27 16:37 - 00002962 _____ () C:\Windows\System32\Tasks\{25C68268-E81B-4740-8445-A0E990FDEBF4}
2014-01-27 16:37 - 2014-01-27 16:37 - 00002962 _____ () C:\Windows\System32\Tasks\{01CE5DFF-93BC-433A-A3A2-AD28A565E4CC}
2014-01-27 16:36 - 2014-01-27 16:36 - 00002962 _____ () C:\Windows\System32\Tasks\{4811AC6E-E0BA-42D1-AE43-79B6A205DA26}
2014-01-27 16:30 - 2014-01-27 16:30 - 00000000 ____D () C:\Users\H\New folder
2014-01-27 16:29 - 2014-01-27 18:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-27 16:07 - 2014-01-27 16:07 - 00002962 _____ () C:\Windows\System32\Tasks\{3C68EB6A-E311-4A85-9BB8-3A43DAC36A9A}
2014-01-27 16:05 - 2014-01-27 16:05 - 00002962 _____ () C:\Windows\System32\Tasks\{C8BC8C04-C892-4F10-AC08-EE3F6DDDF68A}
2014-01-27 16:03 - 2014-01-27 16:03 - 00002962 _____ () C:\Windows\System32\Tasks\{EC44D2C3-C8F6-40EE-93F5-97CDDAA88076}
2014-01-27 15:43 - 2014-01-27 15:43 - 00282992 _____ (Mozilla) C:\Users\H\Downloads\Firefox Setup Stub 26.0.exe
2014-01-27 15:19 - 2014-01-27 15:19 - 00002044 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-01-27 15:19 - 2014-01-27 15:19 - 00001984 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-01-27 15:18 - 2014-01-27 15:18 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-01-27 15:17 - 2014-01-27 15:17 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-01-27 15:10 - 2014-02-04 07:54 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-27 15:10 - 2014-01-27 15:10 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-27 15:10 - 2014-01-27 15:10 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-27 15:10 - 2014-01-27 15:10 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-27 15:10 - 2014-01-27 15:10 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-01-27 15:10 - 2014-01-27 15:10 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-27 15:10 - 2014-01-27 15:10 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-01-27 15:10 - 2014-01-27 15:10 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-27 15:10 - 2014-01-27 15:10 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-27 15:10 - 2014-01-27 15:10 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-27 12:34 - 2014-01-27 12:34 - 00000000 ___HD () C:\Users\H\AppData\Roaming\AVAST Software
2014-01-27 12:28 - 2014-01-27 12:28 - 00000000 ____D () C:\Program Files\AVAST Software
2014-01-27 12:27 - 2014-01-27 12:27 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-01-25 18:06 - 2014-01-25 18:06 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-25 18:06 - 2014-01-25 18:06 - 00000000 ____D () C:\Program Files\iTunes
2014-01-25 18:06 - 2014-01-25 18:06 - 00000000 ____D () C:\Program Files\iPod
2014-01-25 18:06 - 2014-01-25 18:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-25 18:04 - 2014-01-25 18:04 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-01-25 18:04 - 2014-01-25 18:04 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-01-25 18:03 - 2014-01-25 18:03 - 00000000 ____D () C:\Program Files\Bonjour
2014-01-25 18:03 - 2014-01-25 18:03 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-01-25 17:52 - 2014-01-25 17:55 - 148904784 _____ (Apple Inc.) C:\Users\H\Downloads\iTunes64Setup.exe
2014-01-25 09:55 - 2014-01-25 09:55 - 05341472 _____ (Dll-Files.com ) C:\Users\H\Downloads\dffsetup-msvcr80.exe
2014-01-20 17:26 - 2014-01-20 17:27 - 00000017 _____ () C:\Windows\SysWOW64\shortcut_ex.dat
2014-01-20 09:58 - 2014-01-20 10:27 - 00000000 ___HD () C:\Users\H\AppData\Local\LogMeIn Rescue Applet
2014-01-17 18:50 - 2014-01-27 14:48 - 00000000 ____D () C:\Users\H\AppData\Roaming\Oxford University Press
2014-01-17 18:50 - 2014-01-17 18:50 - 00000000 ___HD () C:\Users\H\AppData\Local\Oxford University Press
2014-01-17 18:09 - 2014-01-17 18:09 - 00001629 _____ () C:\Users\Public\Desktop\English File third edition Elementary.lnk
2014-01-17 18:08 - 2014-01-17 18:08 - 00000000 ____D () C:\Program Files (x86)\Oxford University Press
2014-01-16 01:51 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-16 01:50 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-16 01:50 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-16 01:50 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-16 01:49 - 2014-01-16 01:50 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 08:56 - 2013-11-27 01:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 08:56 - 2013-11-27 01:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 08:56 - 2013-11-27 01:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 08:56 - 2013-11-27 01:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 08:56 - 2013-11-27 01:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 08:56 - 2013-11-27 01:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 08:56 - 2013-11-27 01:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 08:55 - 2013-11-26 11:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 08:55 - 2013-11-26 10:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-07 07:59 - 2014-01-27 14:58 - 00000000 ____D () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-06 19:23 - 2014-01-06 19:23 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
==================== One Month Modified Files and Folders =======
2014-02-04 09:07 - 2014-02-03 19:32 - 00036021 _____ () C:\Users\H\Desktop\FRST.txt
2014-02-04 09:07 - 2014-02-03 19:32 - 00000000 ____D () C:\FRST
2014-02-04 09:07 - 2012-02-04 10:55 - 00000296 _____ () C:\Windows\Tasks\PrintProjects Communicator.job
2014-02-04 09:04 - 2014-02-03 19:09 - 00000000 ____D () C:\Users\H\Desktop\spybot tools from forum
2014-02-04 08:59 - 2011-12-24 14:26 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2413547309-3373987886-2876452647-1000UA.job
2014-02-04 08:52 - 2009-07-14 04:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-04 08:52 - 2009-07-14 04:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-04 08:47 - 2014-02-03 08:58 - 00000000 ____D () C:\Windows\ERDNT
2014-02-04 08:47 - 2012-04-05 06:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-04 08:47 - 2010-10-13 06:22 - 01454923 _____ () C:\Windows\WindowsUpdate.log
2014-02-04 08:43 - 2014-02-03 20:41 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2413547309-3373987886-2876452647-1000
2014-02-04 08:43 - 2014-02-03 18:50 - 00003216 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2413547309-3373987886-2876452647-1000
2014-02-04 08:42 - 2014-02-02 13:35 - 00001120 _____ () C:\Windows\setupact.log
2014-02-04 08:42 - 2011-05-31 18:08 - 00000000 ____D () C:\ProgramData\Kodak
2014-02-04 08:42 - 2010-12-20 07:02 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-04 08:41 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-04 08:36 - 2010-12-20 07:02 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-04 07:54 - 2014-01-27 15:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-04 07:54 - 2012-11-21 16:49 - 00000912 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2413547309-3373987886-2876452647-1000UA.job
2014-02-04 01:35 - 2013-01-25 10:30 - 00000000 ____D () C:\Users\H\Documents\karim
2014-02-04 01:35 - 2012-04-04 15:22 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-02-04 00:24 - 2014-02-04 00:24 - 02347384 _____ (ESET) C:\Users\H\Desktop\esetsmartinstaller_enu.exe
2014-02-03 23:59 - 2011-12-24 14:26 - 00000840 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2413547309-3373987886-2876452647-1000Core.job
2014-02-03 21:18 - 2014-02-03 21:18 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-03 21:02 - 2014-02-03 21:02 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2413547309-3373987886-2876452647-1000
2014-02-03 21:02 - 2014-02-03 21:02 - 00003194 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2413547309-3373987886-2876452647-1000
2014-02-03 21:00 - 2014-02-03 17:43 - 00027920 _____ () C:\Windows\PFRO.log
2014-02-03 20:46 - 2014-02-03 20:46 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-03 20:46 - 2014-02-03 20:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-03 20:35 - 2014-02-03 20:35 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\H\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-03 19:33 - 2014-02-03 19:33 - 00036172 _____ () C:\Users\H\Desktop\Addition.txt
2014-02-03 19:31 - 2014-02-03 19:31 - 02080256 _____ (Farbar) C:\Users\H\Desktop\FRST64.exe
2014-02-03 19:27 - 2014-02-03 19:27 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HALIMAB-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-02-03 19:25 - 2014-02-03 19:25 - 00000000 ____D () C:\RegBackup
2014-02-03 19:24 - 2014-02-03 19:24 - 00002251 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-02-03 19:24 - 2014-02-03 19:24 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-02-03 19:19 - 2014-02-03 19:19 - 03936992 _____ () C:\Users\H\Desktop\tweaking.com_registry_backup_setup.exe
2014-02-03 19:08 - 2013-06-13 20:06 - 00000000 ____D () C:\Users\H\Documents\Media Go
2014-02-03 19:07 - 2014-02-03 19:05 - 00000000 ____D () C:\Users\H\Desktop\various
2014-02-03 19:07 - 2013-01-25 10:26 - 00000000 ____D () C:\Users\H\Desktop\greensquare
2014-02-03 19:06 - 2013-11-23 18:59 - 00000000 ____D () C:\Users\H\Desktop\Crisis and CIEH
2014-02-03 18:46 - 2010-08-03 06:07 - 00000000 ____D () C:\ProgramData\Norton
2014-02-03 18:23 - 2014-02-03 18:23 - 00000000 ____D () C:\Windows\ERUNT
2014-02-03 17:50 - 2009-07-14 05:13 - 00727334 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-03 17:42 - 2014-02-03 17:38 - 00000000 ____D () C:\AdwCleaner
2014-02-03 17:32 - 2012-02-28 20:57 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-03 16:54 - 2012-11-21 16:49 - 00000890 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2413547309-3373987886-2876452647-1000Core.job
2014-02-03 08:56 - 2014-02-03 08:56 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-02-03 08:56 - 2010-12-20 02:27 - 00000000 ___RD () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-02 19:47 - 2012-04-05 06:43 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-02 19:47 - 2012-04-05 06:43 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-02 19:47 - 2011-06-02 17:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-02 13:35 - 2014-02-02 13:35 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-02 10:24 - 2014-02-02 10:24 - 00450712 ____R () C:\Windows\system32\Drivers\etc\hosts.20140202-102447.backup
2014-02-02 10:23 - 2014-02-02 10:24 - 00450712 ____R () C:\Windows\system32\Drivers\etc\hosts.20140202-102434.backup
2014-02-02 10:22 - 2014-02-02 10:23 - 00450712 ____R () C:\Windows\system32\Drivers\etc\hosts.20140202-102303.backup
2014-01-31 16:39 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-27 22:35 - 2010-12-20 23:02 - 00000000 ____D () C:\Users\H\AppData\Local\Apple
2014-01-27 18:07 - 2014-01-27 16:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-27 16:37 - 2014-01-27 16:37 - 00002962 _____ () C:\Windows\System32\Tasks\{25C68268-E81B-4740-8445-A0E990FDEBF4}
2014-01-27 16:37 - 2014-01-27 16:37 - 00002962 _____ () C:\Windows\System32\Tasks\{01CE5DFF-93BC-433A-A3A2-AD28A565E4CC}
2014-01-27 16:36 - 2014-01-27 16:36 - 00002962 _____ () C:\Windows\System32\Tasks\{4811AC6E-E0BA-42D1-AE43-79B6A205DA26}
2014-01-27 16:30 - 2014-01-27 16:30 - 00000000 ____D () C:\Users\H\New folder
2014-01-27 16:29 - 2013-12-20 23:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-27 16:07 - 2014-01-27 16:07 - 00002962 _____ () C:\Windows\System32\Tasks\{3C68EB6A-E311-4A85-9BB8-3A43DAC36A9A}
2014-01-27 16:05 - 2014-01-27 16:05 - 00002962 _____ () C:\Windows\System32\Tasks\{C8BC8C04-C892-4F10-AC08-EE3F6DDDF68A}
2014-01-27 16:04 - 2011-02-27 18:36 - 00000000 ____D () C:\Program Files\CCleaner
2014-01-27 16:03 - 2014-01-27 16:03 - 00002962 _____ () C:\Windows\System32\Tasks\{EC44D2C3-C8F6-40EE-93F5-97CDDAA88076}
2014-01-27 15:43 - 2014-01-27 15:43 - 00282992 _____ (Mozilla) C:\Users\H\Downloads\Firefox Setup Stub 26.0.exe
2014-01-27 15:19 - 2014-01-27 15:19 - 00002044 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-01-27 15:19 - 2014-01-27 15:19 - 00001984 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-01-27 15:18 - 2014-01-27 15:18 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-01-27 15:17 - 2014-01-27 15:17 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-01-27 15:10 - 2014-01-27 15:10 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-27 15:10 - 2014-01-27 15:10 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-27 15:10 - 2014-01-27 15:10 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-27 15:10 - 2014-01-27 15:10 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-01-27 15:10 - 2014-01-27 15:10 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-27 15:10 - 2014-01-27 15:10 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-01-27 15:10 - 2014-01-27 15:10 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-27 15:10 - 2014-01-27 15:10 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-27 15:10 - 2014-01-27 15:10 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-27 14:59 - 2013-12-29 11:15 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-01-27 14:59 - 2013-03-10 16:53 - 00000000 ___SD () C:\Users\H\Google Drive
2014-01-27 14:59 - 2012-02-04 12:44 - 00000000 ___RD () C:\Users\H\Dropbox
2014-01-27 14:59 - 2011-11-02 08:05 - 00000000 ____D () C:\Windows\system32\Drivers\MCLIENTx64
2014-01-27 14:59 - 2011-01-07 19:49 - 00000000 ____D () C:\Users\H\Downloads\Tor Browser
2014-01-27 14:59 - 2010-08-03 06:07 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-01-27 14:58 - 2014-01-07 07:59 - 00000000 ____D () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-27 14:58 - 2014-01-04 16:50 - 00000000 ____D () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-01-27 14:58 - 2013-10-23 16:28 - 00000000 ____D () C:\Users\H\Downloads\OpenOffice 4.0.1 (en-US) Installation Files
2014-01-27 14:58 - 2013-09-22 09:59 - 00000000 ____D () C:\Users\H\Documents\Data from Baoji University Arts and Sciiences Advance Knowledge in Nanoelectronics and Optoelectronics - HispanicBusiness.com_files
2014-01-27 14:58 - 2013-07-28 13:53 - 00000000 ____D () C:\Users\H\Downloads\OpenOffice 4.0.0 (en-US) Installation Files
2014-01-27 14:58 - 2013-06-14 08:13 - 00000000 ____D () C:\Users\H\AppData\Local\Viber
2014-01-27 14:58 - 2013-05-30 11:43 - 00000000 ____D () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript
2014-01-27 14:58 - 2013-05-30 11:05 - 00000000 ____D () C:\Users\H\AppData\Roaming\Scribus
2014-01-27 14:58 - 2013-05-16 18:32 - 00000000 ____D () C:\Users\H\Documents\Old Firefox Data
2014-01-27 14:58 - 2013-04-07 11:33 - 00000000 ____D () C:\Users\H\AppData\Roaming\vlc
2014-01-27 14:58 - 2012-12-04 07:27 - 00000000 ____D () C:\Users\H\AppData\Roaming\ICAClient
2014-01-27 14:58 - 2012-10-15 05:55 - 00000000 ____D () C:\Users\H\Downloads\OpenOffice.org 3.4.1 (en-US) Installation Files
2014-01-27 14:58 - 2012-09-28 09:51 - 00000000 ____D () C:\Users\H\AppData\Roaming\SMART Technologies
2014-01-27 14:58 - 2012-07-12 15:19 - 00000000 ____D () C:\Users\H\Downloads\OpenOffice.org 3.4 (en-US) Installation Files
2014-01-27 14:58 - 2012-07-04 07:58 - 00000000 ____D () C:\Users\H\AppData\Local\{BD52D38F-4F0D-4325-BB9E-32223CCB54AA}
2014-01-27 14:58 - 2012-06-29 05:14 - 00000000 ____D () C:\Users\H\Documents\computer and tech stuff
2014-01-27 14:58 - 2012-03-23 08:37 - 00000000 ____D () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Cloud Networks
2014-01-27 14:58 - 2012-03-23 08:37 - 00000000 ____D () C:\Users\H\AppData\Local\The_Cloud_Networks
2014-01-27 14:58 - 2012-03-04 19:58 - 00000000 ____D () C:\Users\H\Downloads\iolo
2014-01-27 14:58 - 2012-02-24 22:02 - 00000000 ___RD () C:\Users\H\Documents\Insync
2014-01-27 14:58 - 2012-02-24 22:00 - 00000000 ____D () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Insync
2014-01-27 14:58 - 2012-02-15 01:34 - 00000000 ____D () C:\Users\H\AppData\Local\{FFFA2FB9-4857-4475-8379-F36343DA5801}
2014-01-27 14:58 - 2012-02-04 12:42 - 00000000 ____D () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-27 14:58 - 2012-02-04 11:20 - 00000000 ____D () C:\Users\H\Documents\greensquare_brain
2014-01-27 14:58 - 2011-12-24 14:25 - 00000000 ____D () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Talk
2014-01-27 14:58 - 2011-11-18 10:42 - 00000000 ____D () C:\Users\H\AppData\Roaming\ASUS WebStorage
2014-01-27 14:58 - 2011-11-09 08:43 - 00000000 ____D () C:\Users\H\AppData\Local\{485D00B3-DB2C-480C-A96B-106D9BBEF1D9}
2014-01-27 14:58 - 2011-11-01 17:34 - 00000000 ____D () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-01-27 14:58 - 2011-09-29 09:43 - 00000000 ____D () C:\Users\H\Documents\ESOL
2014-01-27 14:58 - 2011-05-07 01:53 - 00000000 ____D () C:\Users\H\Downloads\DeDRM_WinApp_v1.8
2014-01-27 14:58 - 2011-03-21 06:19 - 00000000 ____D () C:\Users\H\Downloads\OpenOffice.org 3.3 (en-US) Installation Files
2014-01-27 14:58 - 2011-03-20 21:18 - 00000000 ____D () C:\Users\H\AppData\Roaming\Tor
2014-01-27 14:58 - 2011-03-11 18:16 - 00000000 ____D () C:\Users\H\Documents\kindle docs
2014-01-27 14:58 - 2011-03-01 20:08 - 00000000 ____D () C:\Users\H\AppData\Roaming\Spotify
2014-01-27 14:58 - 2011-02-12 08:31 - 00000000 ____D () C:\Users\H\AppData\Roaming\Real
2014-01-27 14:58 - 2010-12-22 08:50 - 00000000 ____D () C:\Users\H\Downloads\avast
2014-01-27 14:58 - 2010-12-21 06:00 - 00000000 ____D () C:\Users\H\AppData\Roaming\SNS
2014-01-27 14:58 - 2010-12-20 07:02 - 00000000 ____D () C:\Users\H\AppData\Roaming\Skype
2014-01-27 14:58 - 2010-12-20 04:32 - 00000000 ____D () C:\Users\H\AppData\Roaming\Thunderbird
2014-01-27 14:58 - 2010-12-20 04:25 - 00000000 ____D () C:\Users\H\AppData\Roaming\Mozilla
2014-01-27 14:58 - 2010-12-20 04:14 - 00000000 ____D () C:\Users\H\AppData\Roaming\Google
2014-01-27 14:58 - 2010-12-20 02:27 - 00000000 ___RD () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-27 14:58 - 2010-12-20 02:26 - 00000000 ___RD () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-27 14:58 - 2010-12-20 02:26 - 00000000 ___RD () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-27 14:58 - 2010-12-19 22:27 - 00000000 ____D () C:\Users\H\Documents\redist
2014-01-27 14:58 - 2010-12-19 22:25 - 00000000 ____D () C:\Users\H\Documents\inserts for docs
2014-01-27 14:57 - 2011-11-02 08:05 - 00000000 ____D () C:\Program Files (x86)\Norton Management
2014-01-27 14:57 - 2010-08-03 06:34 - 00000000 ___HD () C:\OEM
2014-01-27 14:57 - 2010-08-03 06:05 - 00000000 ____D () C:\ProgramData\Symantec
2014-01-27 14:57 - 2010-08-03 06:05 - 00000000 ____D () C:\Program Files (x86)\Symantec
2014-01-27 14:57 - 2010-08-03 05:46 - 00000000 ____D () C:\Intel
2014-01-27 14:54 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration
2014-01-27 14:52 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\AppCompat
2014-01-27 14:49 - 2010-12-19 22:26 - 00000000 ____D () C:\Users\H\Documents\ptlls
2014-01-27 14:48 - 2014-01-17 18:50 - 00000000 ____D () C:\Users\H\AppData\Roaming\Oxford University Press
2014-01-27 14:48 - 2013-07-28 14:08 - 00000000 ____D () C:\Users\H\AppData\Roaming\OpenOffice
2014-01-27 14:48 - 2012-07-08 14:07 - 00000000 ____D () C:\Users\H\AppData\Roaming\RealNetworks
2014-01-27 14:48 - 2012-02-04 11:42 - 00000000 ____D () C:\Users\H\AppData\Roaming\XMind
2014-01-27 14:48 - 2012-01-12 10:02 - 00000000 ____D () C:\Users\H\Documents\ESOL EFL CD
2014-01-27 14:48 - 2012-01-08 10:51 - 00000000 ____D () C:\Users\H\Documents\New folder
2014-01-27 14:48 - 2011-11-08 10:48 - 00000000 ____D () C:\Users\H\AppData\Roaming\SoftGrid Client
2014-01-27 14:48 - 2011-10-20 20:39 - 00000000 ____D () C:\Users\H\Documents\Fax
2014-01-27 14:48 - 2011-04-26 18:43 - 00000000 ____D () C:\Users\H\AppData\Roaming\Transparent
2014-01-27 14:48 - 2011-01-25 03:21 - 00000000 ____D () C:\Users\H\Documents\CLASSWORK
2014-01-27 14:48 - 2010-12-21 04:15 - 00000000 ____D () C:\Users\H\AppData\Roaming\Trusteer
2014-01-27 14:48 - 2010-12-20 04:51 - 00000000 ____D () C:\Users\H\AppData\Roaming\OpenOffice.org
2014-01-27 14:48 - 2010-12-19 22:26 - 00000000 ____D () C:\Users\H\Documents\javamail-1.4.3
2014-01-27 14:46 - 2013-11-21 21:19 - 00000000 ____D () C:\Users\H\AppData\Local\TomTom
2014-01-27 14:46 - 2012-02-24 22:00 - 00000000 ____D () C:\Users\H\AppData\Roaming\Insync
2014-01-27 14:46 - 2012-02-04 12:41 - 00000000 ____D () C:\Users\H\AppData\Roaming\Dropbox
2014-01-27 14:46 - 2011-04-21 06:20 - 00000000 ____D () C:\Users\H\AppData\Local\Trusteer
2014-01-27 14:46 - 2010-12-22 23:46 - 00000000 ____D () C:\Users\H\AppData\Roaming\Hemera
2014-01-27 14:46 - 2010-12-20 04:03 - 00000000 ____D () C:\Users\H\AppData\Roaming\Adobe
2014-01-27 14:46 - 2010-12-20 02:27 - 00000000 ____D () C:\Users\H\AppData\Roaming\Macromedia
2014-01-27 14:46 - 2010-12-20 02:27 - 00000000 ____D () C:\Users\H\AppData\Local\VirtualStore
2014-01-27 14:43 - 2011-02-12 08:42 - 00000000 ____D () C:\ProgramData\Real
2014-01-27 12:34 - 2014-01-27 12:34 - 00000000 ___HD () C:\Users\H\AppData\Roaming\AVAST Software
2014-01-27 12:28 - 2014-01-27 12:28 - 00000000 ____D () C:\Program Files\AVAST Software
2014-01-27 12:27 - 2014-01-27 12:27 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-01-25 18:06 - 2014-01-25 18:06 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-25 18:06 - 2014-01-25 18:06 - 00000000 ____D () C:\Program Files\iTunes
2014-01-25 18:06 - 2014-01-25 18:06 - 00000000 ____D () C:\Program Files\iPod
2014-01-25 18:06 - 2014-01-25 18:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-25 18:04 - 2014-01-25 18:04 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-01-25 18:04 - 2014-01-25 18:04 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-01-25 18:03 - 2014-01-25 18:03 - 00000000 ____D () C:\Program Files\Bonjour
2014-01-25 18:03 - 2014-01-25 18:03 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-01-25 18:02 - 2010-12-20 23:02 - 00000000 ____D () C:\ProgramData\Apple
2014-01-25 17:55 - 2014-01-25 17:52 - 148904784 _____ (Apple Inc.) C:\Users\H\Downloads\iTunes64Setup.exe
2014-01-25 17:32 - 2011-02-27 14:02 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-01-25 09:55 - 2014-01-25 09:55 - 05341472 _____ (Dll-Files.com ) C:\Users\H\Downloads\dffsetup-msvcr80.exe
2014-01-23 08:29 - 2010-12-20 23:04 - 00000000 ___HD () C:\Users\H\AppData\Roaming\Apple Computer
2014-01-22 20:37 - 2010-12-21 04:15 - 00316312 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys
2014-01-20 17:27 - 2014-01-20 17:26 - 00000017 _____ () C:\Windows\SysWOW64\shortcut_ex.dat
2014-01-20 10:27 - 2014-01-20 09:58 - 00000000 ___HD () C:\Users\H\AppData\Local\LogMeIn Rescue Applet
2014-01-18 16:55 - 2010-12-21 04:53 - 00000000 ___HD () C:\Users\H\AppData\Local\Adobe
2014-01-18 10:33 - 2014-01-04 16:50 - 00000000 ____D () C:\Users\H\AppData\Local\Amazon Cloud Player
2014-01-17 18:50 - 2014-01-17 18:50 - 00000000 ___HD () C:\Users\H\AppData\Local\Oxford University Press
2014-01-17 18:09 - 2014-01-17 18:09 - 00001629 _____ () C:\Users\Public\Desktop\English File third edition Elementary.lnk
2014-01-17 18:08 - 2014-01-17 18:08 - 00000000 ____D () C:\Program Files (x86)\Oxford University Press
2014-01-16 08:02 - 2009-07-14 04:45 - 00338160 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-16 01:53 - 2013-10-17 20:57 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-16 01:50 - 2014-01-16 01:49 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-16 01:50 - 2011-01-03 08:25 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-15 21:43 - 2013-07-16 05:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 21:33 - 2010-12-20 02:52 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-13 11:44 - 2011-11-08 10:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-01-06 19:23 - 2014-01-06 19:23 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-01-05 17:43 - 2009-07-14 05:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-29 09:55
==================== End Of Log ============================
The error from ERUNT is because you have a link in your START UP group for a backup. This gets launched without Admin rights so it fails. You can either modify the shortcut to have Admin rights or remove the shortcut and that should get rid of the error.
I see Tweaking.com Registry Backup, have you used this?
halibrewer
2014-02-04, 13:39
I think I would prefer to modify the shortcut so it does not get launched at start up and only opens if I decide to open it at some later date, for example, when asking for help and needing it. (how do I do that, exactly?)
as for the tweaking registry, was that not something you requested I use some posts back? must go through and check. Otherwise, no, I have not used it -nor the NTRGOP tool on my desktop and do not know what it is.
just checked, yes you sent me an instruction that said download tweaking.com Registry backup and install, and told me to press backup. so I did. that is the only time I have used it.
sorry for the delay but taking 2 steps forwards and then 3 steps back, have a 4 year old and he was sick.
NTREGOPT is not a registry cleaner. It's a registry compactor
"Note" that the program NTREGOPT does NOT change the contents of the registry in any way, nor does it physically defrag the registry files on the drive. The optimization done by NTREGOPT is simply compacting the registry hives to the minimum size possible.
You can right click on that NTREGOPT shortcut and choose delete to remove it from the desktop.
ERUNT can be used to restore a registry from within the RE, and unlike a windows registry backup (which is useless) all of the registry is backed up.
A great tutorial showing exactly how to do this can be found
http://www.winhelponline.com/blog/backup-windows-vista-registry-daily-using-erunt/
Any more issues?
I think we're ready to remove the quarantine folders and list preventive tips now?
halibrewer
2014-02-04, 19:42
thank you - I believe that covers all the issues. my little computer seems a lot faster now and easier. I guess we can put spybot back to "resident"? and do final checking, but it seems good to me. you have been marvellous and wonderful. Good luck with your child (I had 4, the youngest over 30 now, so I sympathise.) Should I do one more scan with that online scanner? would have to leave the computer for about 3 hours, but can do tonight.
You are an angel.
Thank you for the kind words.:)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.
start
DeleteQuarantine:
end
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Download and Run OTC
We will now remove the tools we used during this fix using OTC.
Download OTC (http://oldtimer.geekstogo.com/OTC.exe) by OldTimer and save it to your desktop.
Double click http://i517.photobucket.com/albums/u338/Eextremeboy/OTC_Icon.jpg icon to start the program. If you are using Vista, please right-click and choose run as administrator
Then Click the big http://i517.photobucket.com/albums/u338/Eextremeboy/CleanUp.jpg button.
You will get a prompt saying "Being Cleanup Process". Please select Yes.
Restart your computer when prompted.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If you see any other tools we used and files just delete those..
re-enable your computer protection now.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Your good to go, good job!
Please take the time to read over a few of my preventive tips.
Computer Security
http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Be prepared for CryptoLocker:
Cryptolocker Ransomware: What You Need To Know (http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/#)
CryptoLocker Ransomware Information Guide and FAQ (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates (http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us) and download all the "Critical Updates" for Windows.
Firefox 3 (http://www.mozilla.com/en-US/firefox/)
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript (http://www.noscript.net) - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.
AdblockPlus
AdblockPlus, Surf the web without annoying ads!
Blocks banners, pop-ups and video ads - even on Facebook and YouTube
Protects your online privacy
Two-click installation, It's free!
click the icon that corresponds to your browser and download.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT (http://www.mywot.com/) Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
Green should be good to go
Yellow for caution
Red to stop
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
How to prevent Malware: Created by Miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/
and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/ (null)))
Avoid P2P
P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.
Please read these short reports on the dangers of peer-2-peer programs and file sharing.
FBI Cyber Education Letter (http://www.fbi.gov/cyberinvest/cyberedletter.htm)
File sharing infects 500,000 computers (http://www.itpro.co.uk/195672/file-sharing-infects-500-000-computers)
USAToday (http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm)
infoworld (http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html)
*********************************************
Secure My Computer: A Layered Approach (http://www.dslreports.com/faq/8463)
Free Antivirus-AntiSpyware-Firewall Software (http://www.geekstogo.com/forum/Free-Antivirus-Antispyware-Software-t38.html)
Extra note:
Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif
Since this issue appears resolved ... this Topic is closed.