PDA

View Full Version : Entry point could not be located



drjohnamy
2014-03-12, 05:29
Registry Mechanic may have run since I was infected

I ran ERUNT but it was unable to create .inf file and got an error on saving all other files

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.51.2
Run by John at 21:30:57 on 2014-03-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1456 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\RightSurf\updateRightSurf.exe
C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Users\John\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\QuickTime\QTTask.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1QzuyC0EtD0FyC0EyD0E0A0FtByBzytCyBzztN0D0Tzu0SyByCtAtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1359330774&ir=
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - <orphaned>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [OCAEBNDVDUpdate] C:\Program Files (x86)\ObjectCube\XXX2Burn DVD Wizard\xxx2burn.exe /update
uRun: [SanDiskSecureAccess_Manager.exe] C:\Users\John\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
uRun: [] C:\Users\John\AppData\Local\Temp\dooi0h2ans.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
dRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{D6927469-24A5-41E6-B6BC-40C4FADE1F7C} : NameServer = 192.168.2.1
TCP: Interfaces\{D6927469-24A5-41E6-B6BC-40C4FADE1F7C} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{D6927469-24A5-41E6-B6BC-40C4FADE1F7C}\2656C6B696E6E2266616 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{D6927469-24A5-41E6-B6BC-40C4FADE1F7C}\84F4D454D244643444 : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1QzuyC0EtD0FyC0EyD0E0A0FtByBzytCyBzztN0D0Tzu0SyByCtAtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1359330774&ir=
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m66xy14s.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1QzuyC0EtD0FyC0EyD0E0A0FtByBzytCyBzztN0D0Tzu0SyByCtAtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1359330774&ir=
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - ExtSQL: 2014-02-05 21:29; {b9a19c25-a741-47e5-91a2-0b62bef307ff}; C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m66xy14s.default\{b9a19c25-a741-47e5-91a2-0b62bef307ff}
.
---- FIREFOX POLICIES ----
.
user_pref(extensions.autoDisableScopes,14);
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1QzuyC0EtD0FyC0EyD0E0A0FtByBzytCyBzztN0D0Tzu0SyByCtAtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1359330774&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=dsites0103&cd=2XzuyEtN2Y1L1QzuyC0EtD0FyC0EyD0E0A0FtByBzytCyBzztN0D0Tzu0SyByCtAtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1359330774&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=dsites0103&cd=2XzuyEtN2Y1L1QzuyC0EtD0FyC0EyD0E0A0FtByBzytCyBzztN0D0Tzu0SyByCtAtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1359330774&ir=&q=
FF - user.js: extensions.mysearchdial.id - 6E0F6E5EAF279178
FF - user.js: extensions.mysearchdial.instlDay - 16102
FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.020:51:41
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - dsites0103
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 1359330774
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzuyC0EtD0FyC0EyD0E0A0FtByBzytCyBzztN0D0Tzu0SyByCtAtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R
FF - user.js: extensions.mysearchdial.AL - 2
FF - user.js: extensions.irmysearch.aflt - dsites0103
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 1359330774
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzuyC0EtD0FyC0EyD0E0A0FtByBzytCyBzztN0D0Tzu0SyByCtAtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R
.
============= SERVICES / DRIVERS ===============
.
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-10-18 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-18 202752]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-11-18 1907896]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-3-14 794272]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-3-14 1153368]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-4-19 399416]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Update RightSurf;Update RightSurf;C:\Program Files (x86)\RightSurf\updateRightSurf.exe [2014-1-31 112416]
R2 Util RightSurf;Util RightSurf;C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe [2014-2-1 112416]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-10-18 245792]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-10-18 38456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-5-14 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-11 111616]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-10-18 347680]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-19 993848]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-30 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-28 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-03-12 00:37:35 -------- d-----w- C:\Users\John\AppData\Local\{3BF0EA9F-67CC-4405-97A8-9E87AA2291B5}
2014-03-12 00:23:34 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-03-12 00:23:30 484864 ----a-w- C:\Windows\System32\wer.dll
2014-03-12 00:23:30 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-03-12 00:23:24 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-03-12 00:18:20 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-12 00:18:20 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-12 00:18:18 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-12 00:18:18 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-12 00:18:11 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{43228BB5-A32A-46A7-9FAD-1658D92E85BB}\mpengine.dll
2014-02-25 18:31:33 -------- d-----w- C:\Windows\Migration
2014-02-25 01:16:01 -------- d-----w- C:\Users\John\AppData\Local\{68259252-73E7-4BBA-BC90-070458EAD6D4}
2014-02-13 02:03:42 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-13 02:03:42 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-13 01:40:18 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-13 01:40:17 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-02-13 01:40:16 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-13 01:40:16 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-02-13 01:20:41 -------- d-----w- C:\Users\John\AppData\Local\{D2F658A5-6960-4434-9994-83ABB83609D7}
.
==================== Find3M ====================
.
2014-03-12 00:04:42 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 00:04:42 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-02 01:54:57 715038 ----a-w- C:\Windows\unins000.exe
2014-02-01 14:02:26 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-02-01 03:29:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-27 14:58:44 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
.
============= FINISH: 21:31:59.29 ===============


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-03-11 21:36:23
-----------------------------
21:36:23.187 OS Version: Windows x64 6.1.7601 Service Pack 1
21:36:23.187 Number of processors: 2 586 0x603
21:36:23.187 ComputerName: JOHN-HP UserName: John
21:36:24.559 Initialize success
21:54:15.825 AVAST engine defs: 14031102
21:54:18.603 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
21:54:18.603 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 11
21:54:18.773 Disk 0 MBR read successfully
21:54:18.773 Disk 0 MBR scan
21:54:18.773 Disk 0 unknown MBR code
21:54:18.783 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
21:54:18.793 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 287180 MB offset 409600
21:54:18.833 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17761 MB offset 588554240
21:54:18.843 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
21:54:19.023 Disk 0 scanning C:\Windows\system32\drivers
21:54:33.505 Service scanning
21:55:38.326 Modules scanning
21:55:38.326 Disk 0 trace - called modules:
21:55:38.356 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
21:55:38.366 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031d8060]
21:55:38.366 3 CLASSPNP.SYS[fffff8800197243f] -> nt!IofCallDriver -> [0xfffffa800317a040]
21:55:38.376 5 amdxata.sys[fffff880010e07a8] -> nt!IofCallDriver -> \Device\0000005c[0xfffffa800305c130]
21:55:40.046 AVAST engine scan C:\Windows
21:55:44.076 AVAST engine scan C:\Windows\system32
21:59:54.000 AVAST engine scan C:\Windows\system32\drivers
22:00:10.492 AVAST engine scan C:\Users\John
22:03:20.913 File: C:\Users\John\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe **INFECTED** Win32:Crypt-QNN [Trj]
22:04:25.300 File: C:\Users\John\Desktop\dds.scr **INFECTED** Win32:Malware-gen
22:07:52.518 AVAST engine scan C:\ProgramData
22:13:13.122 Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\MBR.dat"
22:13:13.132 The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR.txt"


Disabled TeaTimer

SpyBot flagged these items but could not repair them

--- Search result list ---
BrowseFox: [SBI $EB7ED92C] Settings (Registry value, fixing failed)
HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}\id

BrowseFox: [SBI $EB7ED92C] Settings (Registry value, fixing failed)
HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}\id

BrowseFox: [SBI $A65521ED] Settings (Registry key, fixing failed)
HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

BrowseFox: [SBI $A65521ED] Settings (Registry key, fixing failed)
HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

Toolbar.MySearchDial: [SBI $6485A0A0] Class ID (Registry key, fixing failed)
HKEY_CLASSES_ROOT\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}



Thanks,
John

Dakeyras
2014-03-12, 14:42
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.
Hi and welcome back to Safer Networking. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:


I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.


Please download the installer for Registry Backup from here (http://www.bleepingcomputer.com/download/registry-backup/) or here (http://www.tweaking.com/files/setups/tweaking.com_registry_backup_setup.exe) and save to your desktop.
Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
Once the GUI(graphical user interface) has appeared/loaded:-

http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TCRB-1.jpg


Click on Backup Now >> once the process is complete, similar to the below will displayed in the GUI:-

http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TBRB-2.jpg (http://s280.photobucket.com/user/Dakeyras_album2/media/TBRB-2.jpg.html)


Close Tweaking.com - Registry Backup

Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

A tutorial for Registry Backup explaining the various features can be viewed here (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=61325).

P2P Advice:

I would like for you to read this forum topic please:-

File Sharing, otherwise known as Peer To Peer. (P2P) (http://forums.spybot.info/showthread.php?t=282)

My only condition before I continue assisting you is that you please uninstall uTorrent. If you have used this, you can be fairly confident this is a principal reason your computer is infected.

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Some of the recent infections can turn your machine into a doorstop.
It's also very important to avoid any "cracks" or "Keygens" that allow unauthorized use of programs. Besides being illegal, these files also are loaded with "planted" malware.

To be honest I have lost count of the number of machines I have dealt with over the years that became infected due to the use of P2P software

Scan with Farbar Recovery Scan Tool:

Please download and save Farbar Recovery Scan Tool 64-Bit (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) to your Desktop.


Right-click on FRST.exe and select Run as Administrator to start FRST >> follow the prompt/click on Yes
Under Optional Scan ensure both Drivers MD5 and Addition.txt are selected.
Now click on the Scan button/radio tab >> at the Scan completed prompt click on OK
At the next prompt denoting Addition.txt is saved in the same location FRST tool is run >> click on OK
There will now be two logs on your desktop, Addition.txt and FRST.txt. Post the contents of both in your next reply.

drjohnamy
2014-03-13, 16:24
Uninstalled uTorrent before I rand registry backup

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by John at 2014-03-13 10:04:52
Running from C:\Users\John\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

4500_G510nz_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\{FF2A5498-4EFE-430F-A138-7EB365DBEBAD}) (Version: 11.6.1.629 - Adobe Systems, Inc)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
AMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{ECD0D4B5-FFA9-6E1B-A08D-58E82EA5EEB9}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0617.855.14122 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0617.855.14122 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0617.855.14122 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0617.855.14122 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0617.855.14122 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0617.855.14122 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0617.855.14122 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0617.855.14122 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help English (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help French (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help German (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0617.855.14122 - ATI) Hidden
ccc-utility64 (Version: 2010.0617.855.14122 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Codec Package Packages (HKCU\...\Codec Package Packages) (Version: - ) <==== ATTENTION
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.3003 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1616 - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 5.0.1616 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.1.4217 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2511 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DC-Bass Source 1.3.0 (HKLM-x32\...\DC-Bass Source) (Version: - )
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DirectVobSub 2.40.4209 (HKLM-x32\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
ffdshow v1.1.4399 [2012-03-22] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.4399.0 - )
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FMS (HKLM-x32\...\FMS) (Version: - )
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Documentation (HKLM-x32\...\{5E25081D-9CB4-4B17-AD2B-8DF2DC335E85}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Game Console (x32 Version: - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9452 - HP)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{D0CB24F4-084F-40DE-B6B9-A03626E682F0}) (Version: 2.1.1.3 - Apple Inc.)
Image Plugin (HKLM-x32\...\{FDC8065B-80DE-4466-B90B-2581F6D77DFF}) (Version: 3.04.0226 - Snap-on Business Solutions)
iTunes (HKLM\...\{7FCDABCC-1A1E-4D61-909D-BA9495172774}) (Version: 11.0.3.42 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
Malwarebytes Anti-Malware version 1.65.0.1400 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.65.0.1400 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.1 (HKLM\...\Microsoft IntelliPoint 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0 - Microsoft) Hidden
Microsoft Money 2004 (HKLM-x32\...\{1D643CD7-4DD6-11D7-A4E0-000874180BB3}) (Version: 12.0.50 - Microsoft)
Microsoft Money 2004 System Pack (HKLM-x32\...\{8C64E145-54BA-11D6-91B1-00500462BE80}) (Version: 12.0.80 - Microsoft)
Microsoft Office 365 Home Premium - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
OpenSource Flash Video Splitter 1.0.0.5 (HKLM-x32\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
PC Tools Registry Mechanic 11.1 (HKLM-x32\...\Registry Mechanic_is1) (Version: 11.1 - PC Tools)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6206 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30120 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
RightSurf (HKLM\...\RightSurf) (Version: 2014.02.01.021226 - RightSurf) <==== ATTENTION
Roxio CinemaNow 2.0 (x32 Version: 1.0.278 - Hewlett-Packard) Hidden
RtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)
SanDiskSecureAccess_Manager.exe (HKCU\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.0.0 - DMAILER)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SeaClear II (HKLM-x32\...\SCII_is1) (Version: - Sping)
Secunia PSI (2.0.0.3003) (HKLM-x32\...\Secunia PSI) (Version: - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.10.9560 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.64 - Synaptics Incorporated)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Tunatic (HKLM-x32\...\Tunatic) (Version: - )
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.7.0 - Tweaking.com)
Update for Codec Package (HKCU\...\Digital Sites) (Version: - Update for Codec Package) <==== ATTENTION
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Vsk5Online (HKLM-x32\...\Vsk5Online_is1) (Version: - Nadeo)
Walmart MP3 Music Downloads (HKLM-x32\...\Walmart MP3 Music Downloads) (Version: 1.6.4.4 - Walmart.com)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.1) (Version: 1.3.2 - Xvid Team)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
XXX2Burn DVD Wizard (remove only) (HKLM-x32\...\XXX2Burn DVD Wizard) (Version: - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points =========================

06-02-2014 02:28:40 Windows Update
08-02-2014 03:07:05 Installed HP Support Assistant
13-02-2014 01:25:23 Windows Update
13-02-2014 02:02:05 Windows Update
20-02-2014 19:55:20 Windows Update
20-02-2014 20:23:49 Windows Update
25-02-2014 07:18:17 Windows Update
25-02-2014 18:23:26 Windows Update
26-02-2014 03:26:43 Windows Update
01-03-2014 04:22:56 Windows Update
04-03-2014 16:30:33 Windows Update
09-03-2014 00:58:16 Windows Update
12-03-2014 00:47:23 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2011-12-25 23:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1DE7790F-9CC7-42D2-BC60-AB98776BAEBF} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1861959596-1531010462-2535973267-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {272CEC7B-8CB1-490D-A1ED-599099D91BE1} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {27991013-53A2-4F82-B526-1D7C81D15BD5} - System32\Tasks\RMAutoUpdate => C:\Program Files (x86)\Registry Mechanic\SULauncher.exe [2012-08-21] (PC Tools)
Task: {27DB4EEA-3BCC-4422-852A-414DA4726C7B} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-08-23] ()
Task: {36C0FA22-F231-4BFC-9911-9C9E719A74DB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {46FF20D8-3514-41F2-969F-DB5721BACE78} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {6748523F-CAF5-4F54-9B11-EE0BE93A5634} - System32\Tasks\MySearchDial => C:\Users\John\AppData\Roaming\MySearchDial\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: {71213B76-B6E8-4B7D-9104-0B2EFF7D4B79} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1861959596-1531010462-2535973267-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {7211A5D3-B7B3-46E3-A798-205C4F272FDF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {8016CD5A-F387-4561-948F-8F2FB97A9BB3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {96D50EBE-D027-4A48-8F3B-5791B3430789} - System32\Tasks\Digital Sites => C:\Users\John\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {A0744F18-1BD7-48A1-A03D-DAF8B528FFCA} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation)
Task: {A281378B-AEF5-47B4-801E-6D825E899EC4} - System32\Tasks\HPCeeScheduleForJohn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {A3C613A3-359B-460F-A320-7261D0222FEB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-01-16] (Microsoft Corporation)
Task: {A5DAE733-4220-45EB-84B5-12E7C25286DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-10] (Google Inc.)
Task: {AC5A68E9-A14F-4B17-8A41-C4AE61A72617} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B2977C0A-C2BA-495B-BFD8-17AB087143EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {D05FE706-85E8-4345-902E-ED9150E64B4D} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1861959596-1531010462-2535973267-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E58C393E-2378-4027-AF7B-1D5DB5B63F2C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-10] (Google Inc.)
Task: {E77E5105-8084-422D-9DD4-AD3B2CA8CE4A} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1861959596-1531010462-2535973267-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E8772EFC-FABC-4839-BA96-EC6C13249C16} - System32\Tasks\{D57D1A57-8432-41C0-B743-0A7A86CA67A1} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\John\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJohn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\John\AppData\Roaming\MySearchDial\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: C:\Windows\Tasks\RMAutoUpdate.job => C:\Program Files (x86)\Registry Mechanic\SULauncher.exe

==================== Loaded Modules (whitelisted) =============

2013-11-18 21:40 - 2013-10-31 10:07 - 00377000 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-11-18 21:40 - 2013-10-31 10:08 - 00520872 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-11-18 21:40 - 2013-10-31 10:07 - 00618152 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-01-31 23:23 - 2014-03-11 20:37 - 00112416 _____ () C:\Program Files (x86)\RightSurf\updateRightSurf.exe
2014-02-01 23:06 - 2014-03-11 20:04 - 00112416 _____ () C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe
2014-01-16 14:05 - 2014-01-16 14:05 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-12-17 17:14 - 2012-12-17 17:14 - 00954848 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2010-06-10 19:42 - 2010-06-10 19:42 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-10-18 04:48 - 2010-10-18 04:48 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-06-18 19:26 - 2010-06-18 19:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2010-06-18 19:26 - 2010-06-18 19:26 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-06-18 19:26 - 2010-06-18 19:26 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-12 06:58 - 2011-05-06 17:21 - 11485824 _____ () C:\Users\John\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll
2014-02-25 22:33 - 2014-03-11 23:06 - 00398112 _____ () C:\Program Files (x86)\RightSurf\bin\RightSurf.BrowserFilter.Helper.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
AlternateDataStreams: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_0favicon-2079221766
AlternateDataStreams: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_1favicon1313128964
AlternateDataStreams: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_2favicon-2092717923

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPAdvisorDock => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: MoneyAgent => "C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe"
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

==================== Faulty Device Manager Devices =============

Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/11/2014 07:59:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 75588491

Error: (03/11/2014 07:59:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 75588491

Error: (03/11/2014 07:59:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/10/2014 10:59:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3183

Error: (03/10/2014 10:59:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3183

Error: (03/10/2014 10:59:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/10/2014 10:59:37 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2013

Error: (03/10/2014 10:59:37 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2013

Error: (03/10/2014 10:59:37 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/10/2014 10:59:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 999


System errors:
=============
Error: (03/13/2014 09:19:14 AM) (Source: DCOM) (User: )
Description: {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775}

Error: (03/12/2014 03:23:42 PM) (Source: DCOM) (User: )
Description: {889CA1C3-E115-47E1-88EC-20DF644E982A}

Error: (03/11/2014 11:19:12 PM) (Source: DCOM) (User: John-HP)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}John-HPJohnS-1-5-21-1861959596-1531010462-2535973267-1000LocalHost (Using LRPC)

Error: (03/11/2014 11:07:49 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (03/11/2014 11:06:49 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ASPI32

Error: (03/11/2014 11:06:22 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (03/11/2014 10:45:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (03/11/2014 10:43:59 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ASPI32

Error: (03/11/2014 10:43:31 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (03/11/2014 10:18:47 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================
Error: (03/11/2014 07:59:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 75588491

Error: (03/11/2014 07:59:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 75588491

Error: (03/11/2014 07:59:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/10/2014 10:59:38 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3183

Error: (03/10/2014 10:59:38 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3183

Error: (03/10/2014 10:59:38 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/10/2014 10:59:37 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2013

Error: (03/10/2014 10:59:37 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2013

Error: (03/10/2014 10:59:37 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/10/2014 10:59:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 999


CodeIntegrity Errors:
===================================
Date: 2011-12-25 21:52:31.069
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-12-25 21:52:30.959
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 2810.9 MB
Available physical RAM: 1479.86 MB
Total Pagefile: 5619.98 MB
Available Pagefile: 3715.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:280.45 GB) (Free:209.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.34 GB) (Free:2.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive g: () (Removable) (Total:7.39 GB) (Free:7.32 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 82337274)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=280 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

drjohnamy
2014-03-13, 16:29
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by John (administrator) on JOHN-HP on 13-03-2014 10:04:03
Running from C:\Users\John\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\RightSurf\updateRightSurf.exe
() C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Gemalto N.V.) C:\Users\John\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2012-01-16] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SSDMonitor] - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [105120 2012-08-21] (PC Tools)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] - c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-09-02] (RealNetworks, Inc.)
HKU\.DEFAULT\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1861959596-1531010462-2535973267-1000\...\Run: [OCAEBNDVDUpdate] - C:\Program Files (x86)\ObjectCube\XXX2Burn DVD Wizard\xxx2burn.exe [1081344 2006-12-13] (ObjectCube)
HKU\S-1-5-21-1861959596-1531010462-2535973267-1000\...\Run: [SanDiskSecureAccess_Manager.exe] - C:\Users\John\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [27306624 2011-08-06] (Gemalto N.V.)
HKU\S-1-5-21-1861959596-1531010462-2535973267-1000\...\Run: [] - C:\Users\John\AppData\Local\Temp\dooi0h2ans.exe <===== ATTENTION
HKU\S-1-5-21-1861959596-1531010462-2535973267-1000\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59872 2012-12-17] (Apple Inc.)
HKU\S-1-5-21-1861959596-1531010462-2535973267-1000\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59872 2012-12-17] (Apple Inc.)
HKU\S-1-5-21-1861959596-1531010462-2535973267-1000\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59872 2012-12-17] (Apple Inc.)
HKU\S-1-5-21-1861959596-1531010462-2535973267-1000\...\Policies\Explorer: [NoInstrumentation] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1QzuyC0EtD0FyC0EyD0E0A0FtByBzytCyBzztN0D0Tzu0SyByCtAtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1359330774&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1QzuyC0EtD0FyC0EyD0E0A0FtByBzytCyBzztN0D0Tzu0SyByCtAtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1359330774&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {08D018B5-4977-4D8C-BED5-63E8D539A1FC} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {39BA48A3-A958-4E89-8C00-9B3DF3B98B34} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {757AFD8B-5C02-4E88-972E-D84AB837EBDA} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {08D018B5-4977-4D8C-BED5-63E8D539A1FC} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {39BA48A3-A958-4E89-8C00-9B3DF3B98B34} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {757AFD8B-5C02-4E88-972E-D84AB837EBDA} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {08D018B5-4977-4D8C-BED5-63E8D539A1FC} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKCU - {18353179-7EAC-40AB-A4A1-B58A54B002DE} URL = http://websearch.ask.com/redirect?client=ie&tb=FTB&o=41648106&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=9C&apn_dtid=YYYYYYYYUS&apn_uid=5AF67AD7-4E6F-4A24-8D9D-77A7C000FF26&apn_sauid=B8D07FF3-8FD3-44C9-A29E-5BBEF98D4A79
SearchScopes: HKCU - {39BA48A3-A958-4E89-8C00-9B3DF3B98B34} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {757AFD8B-5C02-4E88-972E-D84AB837EBDA} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80470&lng=en
SearchScopes: HKCU - {DE151FBB-C00A-47AA-8BB0-DF6753554122} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1QzuyC0EtD0FyC0EyD0E0A0FtByBzytCyBzztN0D0Tzu0SyByCtAtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1359330774&ir=
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D6927469-24A5-41E6-B6BC-40C4FADE1F7C}: [NameServer]192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m66xy14s.default
FF user.js: detected! => C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m66xy14s.default\user.js
FF Homepage: hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1QzuyC0EtD0FyC0EyD0E0A0FtByBzytCyBzztN0D0Tzu0SyByCtAtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1359330774&ir=
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m66xy14s.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m66xy14s.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\xfinity.xml
FF Extension: No Name - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m66xy14s.default\Extensions\staged [2014-02-01]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-02]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome:
=======
CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1QzuyC0EtD0FyC0EyD0E0A0FtByBzytCyBzztN0D0Tzu0SyByCtAtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1359330774&ir=
CHR RestoreOnStartup: "hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1QzuyC0EtD0FyC0EyD0E0A0FtByBzytCyBzztN0D0Tzu0SyByCtAtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1359330774&ir=", "hxxp://xfinity.comcast.net/?cid=insDate10022013" ],
"restore_on_startup"
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-19]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-19]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-05-19]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-19]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\John\AppData\Local\mysearchdial-speeddial.crx [2014-02-01]
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\John\AppData\Local\mysearchdial-speeddial.crx [2014-02-01]
CHR HKLM-x32\...\Chrome\Extension: [hemjgdpngmhbimofcicjfhibkdbigdmb] - C:\ProgramData\comcastModemRelease\shortcuts\chrome\xfinity.crx [2013-02-08]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\John\AppData\Local\mysearchdial-speeddial.crx [2014-02-01]

==================== Services (Whitelisted) =================

R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-04-19] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-04-19] (Secunia)
R2 Update RightSurf; C:\Program Files (x86)\RightSurf\updateRightSurf.exe [112416 2014-03-11] ()
R2 Util RightSurf; C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe [112416 2014-03-11] ()

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S1 ASPI32; C:\Windows\SysWow64\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CpqDfw; system32\drivers\CpqDfw.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atipmdag.sys 4BFFEAD896AFFBC80C86F62CD18F17C9
C:\Windows\System32\DRIVERS\atikmpag.sys A7155A832F24CF5B048F6048380636EC
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdsata.sys 53D8D46D51D390ABDB54ECA623165CB7
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdxata.sys 75C51148154E34EB3D7BB84749A758D5
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 40734F3A5EEC4C4AC6A1FAF10B293714
C:\Windows\System32\drivers\AtiHdmi.sys 2D648572BA9A610952FCAFBA1E119C2D
C:\Windows\System32\DRIVERS\AtiPcie.sys C07A040D6B5A42DD41EE386CF90974C8
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dc3d.sys 7F61FBE259C18666D8DDF862F13A5EB0
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 07DA62C960DDCCC2D35836AEAB4FC578
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys D311E2DD59A34079D89C249B2A4D9FDB
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netw5v64.sys 64428DFDAF6E88366CB51F45A79C5F69
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\point64.sys 33328FA8A580885AB0065BE6DB266E9F
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\psi_mf.sys FB46E9A827A8799EBD7BFA9128C91F37
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 22D6B47D004A6568C500680BE2972854
C:\Windows\System32\DRIVERS\Rt64win7.sys 4FBDA07EF0A3097CE14C5CABF723B278
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\drivers\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys 2046AA7491DE7EFA4D70E615D9BC9D09
C:\Windows\System32\DRIVERS\Sftplaylh.sys 0E0446BC4D51BE4263ACB7E33491191C
C:\Windows\System32\DRIVERS\Sftredirlh.sys C5FB982CD266E604ED3142102C26D62C
C:\Windows\System32\DRIVERS\Sftvollh.sys 2575511AF67AA1FA068CCC4918E2C2A3
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8
C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04
C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\serscan.sys DECACB6921DED1A38642642685D77DAC
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 961CFAC2A5318E212F459D651F28E0A4
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\system32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbfilter.sys 2C780746DC44A28FE67004DC58173F05
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\yk62x64.sys B3EEACF62445E24FBB2CD4B0FB4DB026

==================== NetSvcs (Whitelisted) ===================

drjohnamy
2014-03-13, 16:30
==================== One Month Created Files and Folders ========

2014-03-13 10:04 - 2014-03-13 10:04 - 00043423 _____ () C:\Users\John\Desktop\FRST.txt
2014-03-13 10:03 - 2014-03-13 10:04 - 00000000 ____D () C:\FRST
2014-03-13 10:01 - 2014-03-13 10:01 - 02157056 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2014-03-13 09:59 - 2014-03-13 09:59 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-JOHN-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-03-13 09:58 - 2014-03-13 09:58 - 00000000 ____D () C:\RegBackup
2014-03-13 09:57 - 2014-03-13 09:57 - 00002259 _____ () C:\Users\John\Desktop\Tweaking.com - Registry Backup.lnk
2014-03-13 09:57 - 2014-03-13 09:57 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-03-13 09:43 - 2014-03-13 09:43 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-03-13 09:42 - 2014-03-13 09:43 - 03944112 _____ () C:\Users\John\Desktop\tweaking.com_registry_backup_setup.exe
2014-03-13 09:10 - 2014-03-13 09:10 - 00000000 ____D () C:\Users\John\AppData\Local\{3A3563BD-08DA-42AD-8890-E0D14B891F8C}
2014-03-12 15:39 - 2014-03-12 15:45 - 00000000 ___HD () C:\Users\John\Documents\PP.TWOPASS
2014-03-12 15:31 - 2014-03-12 15:31 - 00010596 _____ () C:\Users\John\Desktop\animaniacs 1-10.pds
2014-03-12 15:24 - 2014-03-12 15:24 - 00000000 ___HD () C:\Users\John\Documents\PDRMUSIC.TMP
2014-03-12 12:39 - 2014-03-12 12:39 - 00000000 ____D () C:\Users\John\AppData\Local\{96737740-E6C7-4D53-A600-C2D1AE887BB8}
2014-03-11 23:31 - 2014-03-11 23:32 - 00000000 ____D () C:\Users\John\Desktop\Safer Networking 3-11-14
2014-03-11 22:20 - 2014-03-11 23:07 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1861959596-1531010462-2535973267-1000
2014-03-11 21:28 - 2014-03-11 21:28 - 00003258 _____ () C:\Windows\System32\Tasks\{321775A6-36DC-432C-8A0F-ED172F039563}
2014-03-11 21:27 - 2014-03-11 21:29 - 00000909 _____ () C:\Users\Guest\Desktop\ERUNT.lnk
2014-03-11 20:57 - 2014-03-11 23:07 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1861959596-1531010462-2535973267-1000
2014-03-11 20:37 - 2014-03-11 20:37 - 00000000 ____D () C:\Users\John\AppData\Local\{3BF0EA9F-67CC-4405-97A8-9E87AA2291B5}
2014-03-11 20:26 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-11 20:26 - 2014-03-01 01:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-11 20:26 - 2014-03-01 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-11 20:26 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-11 20:26 - 2014-03-01 00:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-11 20:26 - 2014-03-01 00:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-11 20:26 - 2014-03-01 00:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-11 20:26 - 2014-03-01 00:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-11 20:26 - 2014-03-01 00:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-11 20:26 - 2014-03-01 00:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-11 20:26 - 2014-03-01 00:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-11 20:26 - 2014-03-01 00:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-11 20:26 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-11 20:26 - 2014-03-01 00:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-11 20:26 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-11 20:26 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-11 20:26 - 2014-03-01 00:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-11 20:26 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-11 20:26 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-11 20:26 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-11 20:26 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-11 20:26 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-11 20:26 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-11 20:26 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-11 20:26 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-11 20:26 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-11 20:26 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-11 20:26 - 2014-02-28 23:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-11 20:26 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-11 20:26 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-11 20:26 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-11 20:26 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-11 20:26 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-11 20:26 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-11 20:26 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-11 20:26 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-11 20:26 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-11 20:26 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-11 20:26 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-11 20:26 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-11 20:23 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-11 20:23 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-11 20:23 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-11 20:23 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-11 20:18 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-11 20:18 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-11 20:18 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-11 20:18 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-10 13:14 - 2014-03-13 09:19 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-10 13:14 - 2014-03-12 15:00 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-10 13:14 - 2014-03-10 13:14 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-10 13:14 - 2014-03-10 13:14 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-26 21:41 - 2014-02-26 21:41 - 02949120 _____ () C:\Users\Guest\s-1-5-21-1861959596-1531010462-2535973267-501.rrr
2014-02-24 21:16 - 2014-02-24 21:16 - 00000000 ____D () C:\Users\John\AppData\Local\{68259252-73E7-4BBA-BC90-070458EAD6D4}
2014-02-24 20:51 - 2014-02-26 21:41 - 10534912 _____ () C:\Users\John\s-1-5-21-1861959596-1531010462-2535973267-1000.rrr
2014-02-20 16:21 - 2014-02-20 16:21 - 00000000 ____D () C:\Users\Guest\AppData\Local\Apple Computer
2014-02-20 15:59 - 2014-02-20 15:59 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla
2014-02-20 15:52 - 2014-02-20 16:22 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\vlc
2014-02-20 15:51 - 2014-02-20 15:51 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\dvdcss
2014-02-12 22:03 - 2013-12-21 05:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 22:03 - 2013-12-21 04:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 21:40 - 2013-12-31 19:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 21:40 - 2013-12-31 19:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 21:40 - 2013-12-05 22:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 21:40 - 2013-12-05 22:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 21:40 - 2013-12-05 22:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 21:40 - 2013-12-05 22:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 21:39 - 2013-12-24 19:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 21:39 - 2013-12-24 18:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 21:39 - 2013-12-03 22:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 21:39 - 2013-12-03 22:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 21:39 - 2013-12-03 22:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 21:39 - 2013-12-03 22:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 21:39 - 2013-12-03 22:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 21:39 - 2013-12-03 22:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 21:39 - 2013-12-03 22:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 21:39 - 2013-12-03 22:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 21:39 - 2013-12-03 22:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 21:39 - 2013-12-03 22:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 21:39 - 2013-12-03 22:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 21:39 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 21:39 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 21:39 - 2013-12-03 22:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 21:39 - 2013-12-03 21:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 21:39 - 2013-12-03 21:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 21:39 - 2013-12-03 21:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 21:39 - 2013-12-03 21:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 21:39 - 2013-11-26 04:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 21:39 - 2013-11-22 18:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 21:20 - 2014-02-12 21:20 - 00000000 ____D () C:\Users\John\AppData\Local\{D2F658A5-6960-4434-9994-83ABB83609D7}
2014-02-11 14:32 - 2014-02-11 14:32 - 00010680 _____ () C:\Users\John\Desktop\Tools Design Engineer_JTL.xlsx
2014-02-11 14:00 - 2014-02-11 14:00 - 00010434 _____ () C:\Users\John\Desktop\Tools Design Engineer.xlsx

==================== One Month Modified Files and Folders =======

2014-03-13 10:04 - 2014-03-13 10:04 - 00043423 _____ () C:\Users\John\Desktop\FRST.txt
2014-03-13 10:04 - 2014-03-13 10:03 - 00000000 ____D () C:\FRST
2014-03-13 10:04 - 2012-03-30 22:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-13 10:01 - 2014-03-13 10:01 - 02157056 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2014-03-13 09:59 - 2014-03-13 09:59 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-JOHN-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-03-13 09:58 - 2014-03-13 09:58 - 00000000 ____D () C:\RegBackup
2014-03-13 09:57 - 2014-03-13 09:57 - 00002259 _____ () C:\Users\John\Desktop\Tweaking.com - Registry Backup.lnk
2014-03-13 09:57 - 2014-03-13 09:57 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-03-13 09:56 - 2009-07-14 01:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-13 09:49 - 2014-02-01 21:49 - 00000304 _____ () C:\Windows\Tasks\Digital Sites.job
2014-03-13 09:43 - 2014-03-13 09:43 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-03-13 09:43 - 2014-03-13 09:42 - 03944112 _____ () C:\Users\John\Desktop\tweaking.com_registry_backup_setup.exe
2014-03-13 09:32 - 2010-10-18 04:49 - 01418510 _____ () C:\Windows\WindowsUpdate.log
2014-03-13 09:22 - 2014-02-01 21:51 - 00000304 _____ () C:\Windows\Tasks\MySearchDial.job
2014-03-13 09:19 - 2014-03-10 13:14 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-13 09:10 - 2014-03-13 09:10 - 00000000 ____D () C:\Users\John\AppData\Local\{3A3563BD-08DA-42AD-8890-E0D14B891F8C}
2014-03-13 09:09 - 2014-02-07 23:09 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJohn
2014-03-13 09:09 - 2014-02-07 23:09 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForJohn.job
2014-03-13 09:09 - 2014-02-01 21:49 - 00000081 _____ () C:\Users\John\AppData\Roaming\WB.CFG
2014-03-13 09:09 - 2012-11-07 20:10 - 00000336 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-03-12 15:45 - 2014-03-12 15:39 - 00000000 ___HD () C:\Users\John\Documents\PP.TWOPASS
2014-03-12 15:31 - 2014-03-12 15:31 - 00010596 _____ () C:\Users\John\Desktop\animaniacs 1-10.pds
2014-03-12 15:24 - 2014-03-12 15:24 - 00000000 ___HD () C:\Users\John\Documents\PDRMUSIC.TMP
2014-03-12 15:24 - 2011-01-28 20:10 - 00000000 ____D () C:\Users\John\Documents\CyberLink
2014-03-12 15:24 - 2011-01-26 18:39 - 00000000 ____D () C:\Users\Public\CyberLink
2014-03-12 15:09 - 2010-07-11 00:50 - 00000000 ____D () C:\ProgramData\CyberLink
2014-03-12 15:07 - 2011-01-26 18:39 - 00000000 ____D () C:\Users\John\AppData\Roaming\CyberLink
2014-03-12 15:06 - 2011-07-09 12:38 - 00000000 ____D () C:\Users\John\AppData\Roaming\uTorrent
2014-03-12 15:00 - 2014-03-10 13:14 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-12 12:39 - 2014-03-12 12:39 - 00000000 ____D () C:\Users\John\AppData\Local\{96737740-E6C7-4D53-A600-C2D1AE887BB8}
2014-03-11 23:32 - 2014-03-11 23:31 - 00000000 ____D () C:\Users\John\Desktop\Safer Networking 3-11-14
2014-03-11 23:14 - 2009-07-14 00:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-11 23:14 - 2009-07-14 00:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-11 23:09 - 2011-05-20 23:17 - 00442880 ___SH () C:\Users\John\Desktop\Thumbs.db
2014-03-11 23:07 - 2014-03-11 22:20 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1861959596-1531010462-2535973267-1000
2014-03-11 23:07 - 2014-03-11 20:57 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1861959596-1531010462-2535973267-1000
2014-03-11 23:07 - 2012-12-15 13:52 - 00000264 _____ () C:\Windows\Tasks\RMAutoUpdate.job
2014-03-11 23:06 - 2011-03-14 12:43 - 00000000 ____D () C:\Program Files (x86)\Registry Mechanic
2014-03-11 23:06 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-11 23:06 - 2009-07-14 00:51 - 00131129 _____ () C:\Windows\setupact.log
2014-03-11 22:14 - 2011-03-14 13:12 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-11 21:29 - 2014-03-11 21:27 - 00000909 _____ () C:\Users\Guest\Desktop\ERUNT.lnk
2014-03-11 21:29 - 2011-12-20 20:27 - 00000909 _____ () C:\Users\John\Desktop\ERUNT.lnk
2014-03-11 21:29 - 2011-12-20 20:27 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-03-11 21:28 - 2014-03-11 21:28 - 00003258 _____ () C:\Windows\System32\Tasks\{321775A6-36DC-432C-8A0F-ED172F039563}
2014-03-11 21:28 - 2011-01-26 15:25 - 00000000 ___RD () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-11 20:55 - 2009-07-14 00:45 - 00435288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-11 20:53 - 2012-10-14 19:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-11 20:53 - 2012-10-14 19:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-11 20:37 - 2014-03-11 20:37 - 00000000 ____D () C:\Users\John\AppData\Local\{3BF0EA9F-67CC-4405-97A8-9E87AA2291B5}
2014-03-11 20:04 - 2012-03-30 22:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 20:04 - 2012-03-30 22:19 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 20:04 - 2011-06-12 00:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-10 13:16 - 2011-04-06 12:07 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-10 13:14 - 2014-03-10 13:14 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-10 13:14 - 2014-03-10 13:14 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-05 14:24 - 2011-01-30 22:37 - 10555392 _____ () C:\Users\John\Documents\My Money.mny
2014-03-04 12:31 - 2011-02-01 21:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-04 12:31 - 2010-07-11 00:28 - 00000000 ____D () C:\ProgramData\Skype
2014-03-03 18:08 - 2012-01-17 20:00 - 00061068 _____ () C:\Windows\SysWOW64\AppLog.log
2014-03-01 02:05 - 2014-03-11 20:26 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 01:17 - 2014-03-11 20:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 01:16 - 2014-03-11 20:26 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 00:58 - 2014-03-11 20:26 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 00:52 - 2014-03-11 20:26 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 00:51 - 2014-03-11 20:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 00:42 - 2014-03-11 20:26 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 00:40 - 2014-03-11 20:26 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 00:37 - 2014-03-11 20:26 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 00:33 - 2014-03-11 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 00:33 - 2014-03-11 20:26 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 00:32 - 2014-03-11 20:26 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 00:30 - 2014-03-11 20:26 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 00:23 - 2014-03-11 20:26 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 00:17 - 2014-03-11 20:26 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 00:11 - 2014-03-11 20:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 00:02 - 2014-03-11 20:26 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 23:54 - 2014-03-11 20:26 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 23:52 - 2014-03-11 20:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 23:51 - 2014-03-11 20:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 23:47 - 2014-03-11 20:26 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 23:43 - 2014-03-11 20:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 23:43 - 2014-03-11 20:26 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 23:42 - 2014-03-11 20:26 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 23:40 - 2014-03-11 20:26 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 23:38 - 2014-03-11 20:26 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 23:37 - 2014-03-11 20:26 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 23:35 - 2014-03-11 20:26 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 23:18 - 2014-03-11 20:26 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 23:16 - 2014-03-11 20:26 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 23:14 - 2014-03-11 20:26 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 23:10 - 2014-03-11 20:26 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 23:03 - 2014-03-11 20:26 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 23:00 - 2014-03-11 20:26 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 22:57 - 2014-03-11 20:26 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 22:38 - 2014-03-11 20:26 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 22:32 - 2014-03-11 20:26 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 22:27 - 2014-03-11 20:26 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 22:25 - 2014-03-11 20:26 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 22:25 - 2014-03-11 20:26 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-26 21:43 - 2009-07-13 22:34 - 97779712 _____ () C:\Windows\system32\config\software.rmbak
2014-02-26 21:43 - 2009-07-13 22:34 - 05079040 _____ () C:\Windows\system32\config\default.rmbak
2014-02-26 21:41 - 2014-02-26 21:41 - 02949120 _____ () C:\Users\Guest\s-1-5-21-1861959596-1531010462-2535973267-501.rrr
2014-02-26 21:41 - 2014-02-24 20:51 - 10534912 _____ () C:\Users\John\s-1-5-21-1861959596-1531010462-2535973267-1000.rrr
2014-02-26 21:41 - 2011-10-31 09:46 - 00000000 ____D () C:\Users\Guest
2014-02-26 21:41 - 2011-01-26 15:16 - 00000000 ____D () C:\Users\John
2014-02-26 21:19 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-25 23:34 - 2011-02-02 11:13 - 00776014 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-25 22:33 - 2014-02-01 21:51 - 00000000 ____D () C:\Program Files (x86)\RightSurf
2014-02-25 21:02 - 2011-01-26 22:01 - 00411322 _____ () C:\Windows\PFRO.log
2014-02-24 21:22 - 2014-02-01 21:51 - 00003240 _____ () C:\Windows\System32\Tasks\MySearchDial
2014-02-24 21:16 - 2014-02-24 21:16 - 00000000 ____D () C:\Users\John\AppData\Local\{68259252-73E7-4BBA-BC90-070458EAD6D4}
2014-02-24 21:16 - 2011-01-27 15:11 - 00000000 ____D () C:\Users\John\AppData\Local\Windows Live
2014-02-24 21:12 - 2009-07-14 01:08 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-23 21:34 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-02-20 16:28 - 2013-08-14 02:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-20 16:24 - 2011-01-28 15:37 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-20 16:22 - 2014-02-20 15:52 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\vlc
2014-02-20 16:21 - 2014-02-20 16:21 - 00000000 ____D () C:\Users\Guest\AppData\Local\Apple Computer
2014-02-20 16:13 - 2012-05-07 19:47 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Real
2014-02-20 15:59 - 2014-02-20 15:59 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla
2014-02-20 15:59 - 2011-10-31 09:46 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla
2014-02-20 15:51 - 2014-02-20 15:51 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\dvdcss
2014-02-12 21:20 - 2014-02-12 21:20 - 00000000 ____D () C:\Users\John\AppData\Local\{D2F658A5-6960-4434-9994-83ABB83609D7}
2014-02-11 14:32 - 2014-02-11 14:32 - 00010680 _____ () C:\Users\John\Desktop\Tools Design Engineer_JTL.xlsx
2014-02-11 14:00 - 2014-02-11 14:00 - 00010434 _____ () C:\Users\John\Desktop\Tools Design Engineer.xlsx

Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\vlc-2.1.3-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64


LastRegBack: 2014-03-03 19:42

==================== End Of Log ============================

Dakeyras
2014-03-13, 17:33
Hi,

I have bad news I'm afraid. :sad:

One or more of the identified infections is a variant of the extremely severe Zero Access Rootkit plus undoubtedly other comprising malware!

OK since we are dealing with the aforementioned infection(s) I would be providing your good self with a disservice if I did not make you aware of the ramifications below:

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Although an attempt could be made to clean this machine, it could never be considered to be truly clean, secure, or trustworthy. We could not say definitively that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damage it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat. Therefore, your best and safest course of action is a reformat and reinstallation of the Windows Operating System, and that is the course I strongly recommend.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)

When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)

Next:

I can attempt to clean this machine(anything I try may not be successful and the machine may loose internet connectivity) but I can't guarantee that it will be at all secure afterwards.

Should you have any questions, please feel free to ask.

Please let myself know what you have decided to do in your next post.

drjohnamy
2014-03-15, 18:21
Ok, first, thanks for your time!

I have turned off that computer. I have started the identity theft reporting process.
I believe this computer is clean, can I run the scans on this one (Acer) and have you verify it for me? SpyBot found something but was able to clean it.
I confess I haven't read all the links included in your last post. but intend to go back and go through them step by step.
I will start to back-up the first computer (HP), any suggestions on the best way to do that will be greatly appreciated.
I will then reformat the hard drive and try to reinstall my software. Again an help will be greatly appreciated

Thanks again,
John

Dakeyras
2014-03-15, 21:37
Hi. :)


Ok, first, thanks for your time!
You're welcome!


can I run the scans on this one (Acer) and have you verify it for me? SpyBot found something but was able to clean it.
By all means I will check the machine for you, what exact Operating System is in use please ? Merely let myself know and I in turn will provide the appropriate instructions etc. Plus post the Spybot' log also for my review.


any suggestions on the best way to do that will be greatly appreciated
Aye, see below...


I will then reformat the hard drive and try to reinstall my software. Again an help will be greatly appreciated
How to do so can be read here (http://h10025.www1.hp.com/ewfrf/wc/document?cc=uk&lc=en&docname=c01867418).

Download/Install & Run Panda USB Vaccine:

Please download the installer for Panda USB Vaccine from here (http://www.majorgeeks.com/Panda_USB_and_AutoRun_Vaccine_d6029.html) to the desktop.


Right-click on USBVaccineSetup.exe and and select Run as Administrator >> follow the prompts in the installation wizard.
At the configuration screen(settings)...
Ensure both Run Panda USB Vaccine automatically when computer boots (/resident mode) & Automatically vaccinate any newly inserted USB key are selected >> plus NTFS support
Now click on Next> >> ensure Launch Panda USB Vaccine is selected >> click on Finish.
Connect your USB Drive to your machine...it will be automatically vaccinated.
Now transfer the files and documents etc what you want too backup to your USB Drive.

Scan your USB Drive:

Click on Computer >> locate your USB Drive >> right click on it and scan with your presently installed security software.

Then safely remove the USB Drive from your machine via right-clicking on the Safely Remove Hardware and Eject Media system tray icon and then select Eject USB Mass Storage Device.

drjohnamy
2014-03-19, 03:37
I have an Acer running Windows 7 Home Premium This is the clean computer.
I've attached the SpyBot report from this computer (Acer), it appears to be clean.
Do I run Panda from my dirty computer (HP)? I have not connected that computer (HP) to the internet since I found out it was infected.

Thanks again,
John

Dakeyras
2014-03-19, 11:35
Hi. :)


Do I run Panda from my dirty computer (HP)? I have not connected that computer (HP) to the internet since I found out it was infected.
Use your Acer machine to secure the USB Drive first if you so wish.


I've attached the SpyBot report from this computer (Acer), it appears to be clean.
Aye indeed it does which is a good sign. Lets flush out the temp' files and perform one multi-purpose scan as follows to double check...

TFC(Temp File Cleaner):


Please download TFC (http://oldtimer.geekstogo.com/TFC.exe) to the desktop,
Save any unsaved work. TFC will close all open application windows.
Right-click on TFC.exe and select Run as Administrator to run the program.
Click the Start button in the bottom left of the GUI(graphical user interface)'
If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

I advise you keep TFC on the desktop after I give the all clear and run it say at least once per week as it is a very effective piece of software for cleaning out temp' files etc.

Norman Malware Cleaner:

Please download Norman Malware Cleaner (http://normanasa.vo.llnwd.net/o29/public/Norman_Malware_Cleaner.exe) and save it to your desktop.

Alternate download location is here (http://majorgeeks.com/Norman_Malware_Cleaner__d5450.html).


Right-click on Norman_Malware_Cleaner.exe and select Run as Administrator >> Accept.
Click on the Options tab >> General Options and deselect the following:
Enable Norman Protection Community

Now click on Cleaning Options and deselect the following:
Enable Cleaning
Quarantine objects before cleaning

Click on Apply >> then the Scan tab >> ensure the Quick scan is selected only.
Then click on Start
Once the scan has completed a log will be created on your desktop named: NFix_Year-Month-Day-Time.Log
Click on the Quit tab.
Post the aforementioned log in your next reply

drjohnamy
2014-03-22, 02:16
Yes this computer looks clean.

Norman Malware Cleaner v2.08.08
Copyright © 1990 - 2013, Norman Shark AS.

Norman Scanner Engine Version: 7.02.06
nvcbin.def: Version: 7.02.7486, Date: 2014/03/20 11:13:29, Variants: 27127804

Operating System: Windows 7 Service Pack 1

Switches: /iagree /noclean /noquarantine
Running without NSAK

Scan started: 2014/03/20 23:06:04

Running pre-scan cleanup routine...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 0s

Scanning system for active rootkit activity...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 1s

Scanning running processes and process memory...

Number of files found: 740
Number of objects found: 7447
Number of objects scanned: 7447
Number of objects not scanned: 0
Number of malicious memory objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 4m 33s

Scanning system for FakeAV...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 0s

Running quick scan...

Number of files found: 4312
Number of archives unpacked: 2
Number of objects found: 4314
Number of objects scanned: 4314
Number of objects not scanned: 0
Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 9m 12s

Running post-scan cleanup routine...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 1s

Results:
Total number of files found: 5052
Total number of archives unpacked: 2
Total number of objects found: 11761
Total number of objects scanned: 11761
Total number of objects not scanned: 0
Total number of malicious objects found: 0
Total scanning time: 13m 48s


I will clean my jump drives and backup my infected computer. This could take a few days.
Is there anything else I need to do before I format the infected drive?


Again, thanks!
John

Dakeyras
2014-03-22, 12:31
Hi. :)


Yes this computer looks clean.
Aye indeed it does, feel free to delete Norman Malware Cleaner and the log created etc.


Is there anything else I need to do before I format the infected drive?
The below is worthwhile information to read/bookmark etc:-

So how did I get infected in the first place? (http://forums.spybot.info/showthread.php?279-So-how-did-I-get-infected-in-the-first-place)

As is:-

Computer Security - a short guide to staying safer online (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=54766)

Next:

Any questions? Feel free to ask, if not stay safe!

Dakeyras
2014-03-24, 11:07
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)