Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MyPC Backup, FreeRide Games, and We-Care Reminder virus HELP!


  • This topic is locked This topic is locked
32 replies to this topic

#1 ronjovi001

ronjovi001

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 18 June 2013 - 02:54 PM

Hi guys... I am absolutely scared ****less that these virus's have infected my laptop... I am running Windows XP Professional (SP3) and was downloading a new driver for my SigmaTel driver/sound as it was having static problems. I went to the Dell website and then noticed that there were new icons in my tray and then in my list of programs. This is my work laptop. I noticed that the Outlook was behaving funny. So, I am desperate for step by step guidance to get rid of this thing... can you help me??? Please get back to me soon. Thanks, Ron



BC AdBot (Login to Remove)

 


#2 ronjovi001

ronjovi001
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 18 June 2013 - 03:02 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-06-2013 02
Ran by Ron at 2013-06-18 15:55:58 Run:
Running from C:\Documents and Settings\Ron\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

32 Bit HP CIO Components Installer (Version: 7.1.8)
7 Wonders II
Adobe AIR (Version: 3.7.0.1530)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Reader X (10.1.7) (Version: 10.1.7)
Adobe Shockwave Player 11.5 (Version: 11.5.9.615)
AiO_Scan_CDA (Version: 50.0.214.000)
AiOSoftwareNPI (Version: 50.0.214.000)
Apple Application Support (Version: 2.1.5)
Apple Software Update (Version: 2.1.3.127)
ASPCA Reminder by We-Care.com v4.1.22.1 (Version: 4.1.22.1)
Audacity 1.3.14 (Unicode)
AVG 2013 (Version: 13.0.3199)
AVG 2013 (Version: 13.0.3345)
AVG 2013 (Version: 2013.0.3345)
AVG Security Toolbar (Version: 15.2.0.5)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.32)
BlackBerry Device Software Updater (Version: 7.1.0.34)
Broadcom Gigabit Integrated Controller (Version: 8.22.11)
BufferChm (Version: 45.4.157.000)
CCleaner (Version: 4.01)
Chainz 2 Relinked
Cisco WebEx Meetings
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant HDA D110 MDC V.92 Modem
CP_AtenaShokunin1Config (Version: 53.0.13.000)
CP_CalendarTemplates1 (Version: 53.0.13.000)
CP_Package_Basic1 (Version: 53.0.13.000)
CP_Package_Variety1 (Version: 53.0.13.000)
CP_Package_Variety2 (Version: 53.0.13.000)
CP_Package_Variety3 (Version: 53.0.13.000)
CP_Panorama1Config (Version: 53.0.13.000)
CP_PLSBusinessFlyers (Version: 45.4.157.000)
CreativeProjects (Version: 45.4.157.000)
CueTour (Version: 53.0.13.000)
CustomerResearchQFolder (Version: 1.00.0000)
Dell Driver Download Manager (Version: 3.0.0.0)
Dell System Detect (Version: 4.1.2.11)
Dell Wireless WLAN Card (Version: 4.100.15.8)
Destinations (Version: 45.4.157.000)
DeviceFunctionQFolder (Version: 1.00.0000)
Director (Version: 45.4.157.000)
DocProc (Version: 5.2.0.0)
DocumentViewer (Version: 45.4.157.000)
DocumentViewerQFolder (Version: 1.00.0000)
Dropbox (Version: 1.4.7)
EasySolve
Fax_CDA (Version: 50.0.214.000)
FlipShare (Version: 5.10.25.0)
Free Ride Games Player
Free YouTube to MP3 Converter version 3.12.0.128 (Version: 3.12.0.128)
FullDPAppQFolder (Version: 1.00.0000)
Google Chrome (Version: 27.0.1453.110)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.145)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
HitmanPro 3.7 (Version: 3.7.6.201)
HP Color LaserJet 2820/2830/2840 2.0 (Version: 2.0)
HP Image Zone 5.3 (Version: 5.3)
HP Product Assistant (Version: 100.000.001.000)
HP Product Detection (Version: 11.15.0008)
HP PSC & OfficeJet 5.3.A
HP Software Update (Version: 3.0.2.991)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
hppCLJ2800 (Version: 002.000.00004)
hppDustDevil (Version: 002.000.00004)
hppFaxDrv (Version: 002.000.00004)
hppFonts (Version: 002.000.00004)
hppIOFiles (Version: 002.000.00004)
hppManuals2800 (Version: 002.000.00004)
HPProductAssistant (Version: 90.0.146.000)
hppscan2800 (Version: 002.000.00004)
hppScanTo (Version: 002.000.00004)
hppSendFax (Version: 002.000.00004)
hppTooCool (Version: 002.000.00004)
HPSystemDiagnostics (Version: 1.6.0.0)
In Contact (Version: 2.0.0)
ING Presents
ING Presents 2 (Version: 1.1.132.0)
InstantShare (Version: 45.4.157.000)
InstantShareAlert (Version: 1.00.0000)
InstantShareDevices (Version: 53.0.13.000)
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless WiFi Software (Version: 12.04.4000)
iolo technologies' System Mechanic (Version: 11.7.1)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Kies Air Discovery Service
K-Lite Codec Pack 7.1.0 (Full) (Version: 7.1.0)
Laser App Enterprise (Version: 10.0.0.28)
Lexmark Printer Software Uninstall
Logitech Audio Echo Cancellation Component (Version: 10.51.2027)
Logitech Desktop Messenger (Version: 2.52.18)
Logitech QuickCam (Version: 10.51.2029)
Logitech Video Enumerator (Version: 10.51.2027)
Logitech® Camera Driver
Lottso Deluxe
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Media Expressions
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Download Manager (Version: 1.2.1)
Microsoft IntelliPoint 5.2 (Version: 5.20.413.0)
Microsoft IntelliType Pro 8.1 (Version: 8.15.406.0)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (NR2007) (Version: 9.4.5000.00)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MSXML 6.0 Parser (Version: 6.10.1129.0)
MVision (Version: 10.51.2027)
My Dell (Version: 3.3.6261.27)
MyPC Backup  (Version: )
Neat (Version: 5.1.31.16)
Neat ADF Scanner 2008 Driver (Version: 2.0.1.2)
Neat ADF Scanner Driver (Version: 2.0.2.1)
Neat Core Files (Version: 5.1.31.16)
Neat Mobile Scanner (Silver) Driver (Version: 2.0.1.1)
Neat Mobile Scanner 2008 Driver (Version: 2.0.1.1)
Neat Mobile Scanner Driver (Version: 2.0.1.2)
NeatReceipts Database Controller (Version: 3.1.3.183)
NetX360 (Version: 4.0.1181.5)
NewCopy_CDA (Version: 50.0.214.000)
Nuance OmniPage 17 (Version: 17.0.0000)
Nuance PaperPort 12 (Version: 12.1.0000)
Nuance PDF Converter Professional 7 (Version: 7.20.3187)
OZ776 SCR Driver V1.1.4.202 (Version: 1.1.4.202)
PaperPort Image Printer (Version: 1.00.0000)
PhotoGallery (Version: 53.0.13.000)
POOL (Version: 2.3)
POOL (Version: Version 2.3)
POOL Player (Version: 2.4)
POOL Player (Version: Version 2.4)
Prezi Desktop (Version: 3.087)
QuickSet (Version: 8.3.11)
QuickTime (Version: 7.71.80.42)
RandMap (Version: 53.0.13.000)
Readme (Version: 50.0.214.000)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealPlayer (Version: 15.0.4)
RealUpgrade 1.1 (Version: 1.1.0)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.9.0)
Scan (Version: 5.2.0.0)
ScanSoft PaperPort 11 (Version: 11.2.0000)
Scansoft PDF Professional
SecuritiesPro Series 65 (remove only)
Send To Neat (Version: 1.1.0.0)
SigmaTel Audio (Version: 5.10.5210.0)
SkinsHP1 (Version: 53.0.13.000)
Skype Toolbars (Version: 5.3.7280)
Skype™ 6.1 (Version: 6.1.129)
Sonic_PrimoSDK (Version: 53.0.13.000)
Speccy (Version: 1.14)
SUABnR (Version: 1.1.0.13051_2)
SUPERAntiSpyware (Version: 4.55.1000)
TrayApp (Version: 45.4.157.000)
TurboTax 2010
TurboTax 2010 waliper (Version: 010.000.1514)
TurboTax 2010 WinPerFedFormset (Version: 010.000.5108)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0501)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0219)
TurboTax 2010 wpaiper (Version: 010.000.1331)
TurboTax 2010 wrapper (Version: 010.000.0157)
Unload (Version: 5.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VirtualDJ Home FREE (Version: 7.4)
WD SmartWare (Version: 1.1.0.2)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 45.4.157.000)
Windows Defender (Version: 1.1.1593.21)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
WinZip 16.5 (Version: 16.5.10096)
WinZip Courier (Version: 3.5.9658)
YTD Toolbar v6.2 (Version: 6.2)

==================== Restore Points  =========================

09-06-2013 03:04:10 Software Distribution Service 3.0
09-06-2013 06:17:52 Software Distribution Service 3.0
10-06-2013 04:05:16 Removed HP Deskjet 6800
10-06-2013 04:51:10 Installed Microsoft Fix it 50052
10-06-2013 04:52:00 Installed Microsoft Fix it 50052
10-06-2013 15:20:44 Removed HP Product Detection
10-06-2013 15:26:05 Removed Microsoft Silverlight
10-06-2013 16:01:48 Software Distribution Service 3.0
10-06-2013 22:28:57 Removed Verizon Wireless Software Upgrade Assistant - Samsung(ar).
10-06-2013 22:50:04 Removed Verizon Wireless Software Utility Application for Android - Samsung.
10-06-2013 23:26:00 Unsigned printer driver Lexmark E322 installed.
12-06-2013 02:02:45 Software Distribution Service 3.0
12-06-2013 07:03:02 Software Distribution Service 3.0
13-06-2013 04:43:50 Software Distribution Service 3.0
13-06-2013 05:45:40 Printer Driver HP Color LaserJet 2840 PCL 6 Installed
13-06-2013 05:47:30 Printer Driver HP CLJ2840 PCL 6 - Black_White Installed
13-06-2013 05:50:44 Printer Driver HP Color LaserJet 2830_2840 Fax Installed
17-06-2013 19:47:44 Installed AVG 2013
17-06-2013 19:52:29 Removed AVG 2012
17-06-2013 20:06:44 Installed AVG 2013
17-06-2013 21:17:39 Removed AVG 2012
17-06-2013 21:26:07 Removed AVG 2012
17-06-2013 21:32:57 Removed AVG 2012
17-06-2013 21:41:21 Removed AVG 2012
18-06-2013 15:17:22 Configured SigmaTel Audio

==================== Hosts content: ==========================

192.168.1.105 NPI9754C9

127.0.0.1       localhost

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/18/2013 03:17:25 PM) (Source: Microsoft Office 11) (User: )
Description: Faulting application outlook.exe, version 11.0.8326.0, stamp 4c1c2372, faulting module msvbvm60.dll, version 6.0.98.2, stamp 4802a186, debug? 0, fault address 0x000e47f2.

Error: (06/18/2013 10:59:14 AM) (Source: Application on Demand - GPlayer) (User: )
Description: ALoggerFileCyclic:  Failed to delete an old log file Last error code: 32

Type:   
    ERROR
Location:
    ::(0) : error 0:
Computer:
    Id: 0, Name:Null

Error: (06/17/2013 03:40:21 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (06/17/2013 03:35:54 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/17/2013 03:21:19 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/17/2013 03:19:37 PM) (Source: ESENT) (User: )
Description: wuauclt (3824) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (06/17/2013 03:17:10 PM) (Source: ESENT) (User: )
Description: wuauclt (4220) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (06/17/2013 03:15:18 PM) (Source: ESENT) (User: )
Description: wuauclt (4888) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (06/17/2013 03:12:05 PM) (Source: ESENT) (User: )
Description: wuauclt (3632) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (06/17/2013 03:11:15 PM) (Source: ESENT) (User: )
Description: wuauclt (2552) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

System errors:
=============
Error: (06/18/2013 02:47:36 AM) (Source: DCOM) (User: RON-AD46BD8A80F)
Description: DCOM was unable to communicate with the computer ASSISTANT using any of the configured
protocols.

Error: (06/18/2013 02:47:34 AM) (Source: DCOM) (User: RON-AD46BD8A80F)
Description: DCOM was unable to communicate with the computer RON-39AAD0F4D02 using any of the configured
protocols.

Error: (06/18/2013 02:47:29 AM) (Source: DCOM) (User: RON-AD46BD8A80F)
Description: DCOM was unable to communicate with the computer RON-39AAD0F4D02 using any of the configured
protocols.

Error: (06/18/2013 02:44:17 AM) (Source: DCOM) (User: RON-AD46BD8A80F)
Description: DCOM was unable to communicate with the computer http://192.168.0.12 using any of the configured
protocols.

Error: (06/18/2013 02:44:16 AM) (Source: DCOM) (User: RON-AD46BD8A80F)
Description: DCOM was unable to communicate with the computer ASSISTANT using any of the configured
protocols.

Error: (06/18/2013 02:44:13 AM) (Source: DCOM) (User: RON-AD46BD8A80F)
Description: DCOM was unable to communicate with the computer RON-39AAD0F4D02 using any of the configured
protocols.

Error: (06/18/2013 02:43:35 AM) (Source: DCOM) (User: RON-AD46BD8A80F)
Description: DCOM was unable to communicate with the computer ASSISTANT using any of the configured
protocols.

Error: (06/18/2013 02:43:33 AM) (Source: DCOM) (User: RON-AD46BD8A80F)
Description: DCOM was unable to communicate with the computer RON-39AAD0F4D02 using any of the configured
protocols.

Error: (06/18/2013 02:43:30 AM) (Source: DCOM) (User: RON-AD46BD8A80F)
Description: DCOM was unable to communicate with the computer ASSISTANT using any of the configured
protocols.

Error: (06/18/2013 02:43:27 AM) (Source: DCOM) (User: RON-AD46BD8A80F)
Description: DCOM was unable to communicate with the computer RON-39AAD0F4D02 using any of the configured
protocols.

Microsoft Office Sessions:
=========================
Error: (06/18/2013 03:17:25 PM) (Source: Microsoft Office 11)(User: )
Description: outlook.exe11.0.8326.04c1c2372msvbvm60.dll6.0.98.24802a1860000e47f2

Error: (06/18/2013 10:59:14 AM) (Source: Application on Demand - GPlayer)(User: )
Description: ALoggerFileCyclic:  Failed to delete an old log file Last error code: 32

Type:   
    ERROR
Location:
    ::(0) : error 0:
Computer:
    Id: 0, Name:Null

Error: (06/17/2013 03:40:21 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (06/17/2013 03:35:54 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/17/2013 03:21:19 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/17/2013 03:19:37 PM) (Source: ESENT)(User: )
Description: wuauclt3824C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (06/17/2013 03:17:10 PM) (Source: ESENT)(User: )
Description: wuauclt4220C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (06/17/2013 03:15:18 PM) (Source: ESENT)(User: )
Description: wuauclt4888C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (06/17/2013 03:12:05 PM) (Source: ESENT)(User: )
Description: wuauclt3632C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (06/17/2013 03:11:15 PM) (Source: ESENT)(User: )
Description: wuauclt2552C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

==================== Memory info ===========================

Percentage of memory in use: 67%
Total physical RAM: 2038.05 MB
Available physical RAM: 668.9 MB
Total Pagefile: 3930.51 MB
Available Pagefile: 2432.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1938.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.53 GB) (Free:1.15 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: C41145AC)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-06-2013 02
Ran by Ron (administrator) on 18-06-2013 15:53:34
Running from C:\Documents and Settings\Ron\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Two Pilots) C:\WINDOWS\VPDAgent.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\WINDOWS\System32\SCardSvr.exe
(Microsoft Corporation) C:\WINDOWS\system32\netdde.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(iolo technologies, LLC) C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
() C:\Documents and Settings\Ron\Local Settings\Application Data\Mikogo4\Viewer\Service\M4-Service.exe
(The Neat Company) C:\Program Files\Neat\exec\NeatStartupService.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcServiceHost.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(AVG Secure Search) C:\Program Files\AVG Secure Search\vprot.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Western Digital) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
(Hewlett-Packard) C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
(Memeo) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
() C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
() C:\Documents and Settings\Ron\Local Settings\Application Data\Mikogo4\Viewer\Service\M4-Capture.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Dell) C:\Documents and Settings\Ron\Local Settings\Apps\2.0\8B9JLHJN.RH6\0DKDKVG8.WJ8\dell..tion_0f612f649c4a10af_0004.0001_c31aa52bcc853aac\DellSystemDetect.exe
(Microsoft Corporation) C:\WINDOWS\system32\WISPTIS.EXE
(MyPCBackup.com) C:\Program Files\MyPC Backup\MyPC Backup.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(We-Care.com) C:\Documents and Settings\All Users\Application Data\WeCareReminder\ReminderHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Documents and Settings\Ron\Desktop\FRST1.exe
(Hewlett-Packard Company) C:\WINDOWS\system32\hpbpro.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe [1392640 2007-03-16] (Dell Inc.)
HKLM\...\Run: [Nuance PDF Converter Professional 7-reminder] "C:\Program Files\Nuance\PDF Professional 7\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\PDF Converter Professional 7\Ereg\Ereg.ini" [406 2013-06-17] ()
HKLM\...\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide [866584 2006-11-03] (Microsoft Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [1226928 2013-05-20] (AVG Secure Search)
HKLM\...\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe [245760 2004-11-12] (Hewlett-Packard)
HKLM\...\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKCU\...\Run: [OpAgent] "OpAgent.exe" /agent [x]
HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-12-30] (Google Inc.)
HKCU\...\Run: [DellSystemDetect] C:\Documents and Settings\Ron\Start Menu\Programs\Dell\Dell System Detect.appref-ms [x]
HKCU\...\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /schedule 300000 [4973456 2013-03-14] (Exent Technologies Ltd.)
HKCU\...\Runonce: [DependencyCheck] Performed [x]
MountPoints2: {66ba962c-3c03-11e0-9251-00188bcf7c5e} - E:\AutoRun.exe
MountPoints2: {8f9ce1ce-3a89-11e0-9247-00188bcf7c5e} - D:\AutoRun.exe
MountPoints2: {8f9ce1d0-3a89-11e0-9247-00188bcf7c5e} - E:\AutoRun.exe
MountPoints2: {9a23707e-5d53-11e2-8794-001b77209f3c} - F:\VZW_Software_upgrade_assistant_installer.exe
MountPoints2: {e86751ec-fc11-11e0-92f6-001b77209f3c} - "E:\WD SmartWare.exe" autoplay=true
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
Startup: C:\Documents and Settings\Ron\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www2.ing-usa.com/portal/public/login
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
URLSearchHook: (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={4632B2A8-1A1F-4800-A98D-E3FC36ED429B}&mid=eac9318e05d247d6b1a5d151cd2b95ad-7afc43abcdb4584a2c95d57e113be29ec32152f2&lang=en&ds=AVG&pr=pr&d=2011-12-19 19:03:10&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {B6F76DB1-76AB-4239-BA0F-7B58C20E52DA} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\MEDIAE~1\VIDEOD~1\ArcURLRecord.dll (ArcSoft, Inc.)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: WeCareReminder Class - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU -No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU -No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} https://h50203.www5.hp.com/WCLWEB/cabs/HPISWebManager.CAB
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1262.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
Handler: ipp - No CLSID Value -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-08-10] (SuperAdBlocker.com)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\PROGRA~1\WIFD1F~1\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 C:\PROGRA~1\SPEEDB~1\sblsp.dll [268552] (Speedbit Ltd.)
Winsock: Catalog9 02 C:\PROGRA~1\SPEEDB~1\sblsp.dll [268552] (Speedbit Ltd.)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 C:\PROGRA~1\SPEEDB~1\sblsp.dll [268552] (Speedbit Ltd.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (DivX Web Player) - C:\WINDOWS\system32\C2MP\npdivx32.dll No File
CHR Plugin: (RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (AVG Internet Security) - C:\Documents and Settings\Ron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll No File
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (DocuCom PDF Plus) - C:\Program Files\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Motive Extension) - C:\Documents and Settings\Ron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.0_0
CHR Extension: (WinZip Courier) - C:\Documents and Settings\Ron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ilckobikkmajlmhhdenkhonjkoaneclk\3.5.0_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\Ron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (AVG Safe Search) - C:\Documents and Settings\Ron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0
CHR Extension: (AVG Security Toolbar) - C:\Documents and Settings\Ron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-11] (SUPERAntiSpyware.com)
S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Agent; C:\WINDOWS\VPDAgent.exe [192512 2013-02-04] (Two Pilots)
S4 Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [794560 2012-07-26] (Spigot, Inc.)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
R2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1428472 2013-04-10] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
S2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [32808 2013-05-31] (Just Develop It)
S4 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2010-12-15] ()
S4 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2010-12-15] ()
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-06-07] (SurfRight B.V.)
R2 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [1072664 2013-05-29] (iolo technologies, LLC)
S4 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [105248 2007-02-06] (Logitech Inc.)
R2 M4-Service; C:\Documents and Settings\Ron\Local Settings\Application Data\Mikogo4\Viewer\Service\M4-Service.exe [1008032 2013-01-15] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S3 MSSQL$NR2007; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Neat Startup Service; C:\Program Files\Neat\exec\NeatStartupService.exe [5632 2013-02-23] (The Neat Company)
S2 NeatReceipts Database Controller; C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe [228480 2008-02-05] (Digital Business Processes)
S4 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2007-07-20] (Dell Inc.)
R2 pcServiceHost; C:\Program Files\Common Files\Motive\pcServiceHost.exe [342016 2012-06-11] (Alcatel-Lucent)
S4 PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exe [135016 2011-09-09] (Nuance Communications, Inc.)
S4 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-11-03] (Intel® Corporation)
S4 VideoAcceleratorService; C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [313624 2011-12-06] (Speedbit Ltd.)
R2 vToolbarUpdater15.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-20] (AVG Secure Search)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [98304 2009-08-17] (WDC)
R2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
S4 WLANKEEPER; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [348160 2009-11-03] (Intel® Corporation)
S4 wltrysvc; C:\Windows\System32\bcmwltry.exe [1253376 2007-03-16] (Dell Inc.)
S2 HidServ; %SystemRoot%\System32\hidserv.dll [x]

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 APPDRV; C:\Windows\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc)
R3 ArcCD; C:\Windows\System32\Drivers\ArcCD.sys [36224 2007-11-06] (ArcSoft Inc.)
U1 ArcRec; C:\Windows\System32\Drivers\ArcRec.sys [7680 2007-04-24] (ArcSoft Inc.)
S4 ArcUdfs; C:\Windows\System32\Drivers\ArcUdfs.sys [134912 2007-04-25] (ArcSoft Inc.)
R3 Avgfwdx; C:\Windows\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [170808 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [245048 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-05-20] (AVG Technologies)
R3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [142720 2005-10-26] (Broadcom Corporation)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 FilterService; C:\Windows\System32\DRIVERS\lvuvcflt.sys [22560 2007-02-03] (Logitech Inc.)
R3 guardian2; C:\Windows\System32\Drivers\oz776.sys [68696 2007-12-23] (O2Micro)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
S3 HPPLSBULK; C:\Windows\System32\drivers\hpplsbulk.sys [9344 2005-02-02] (Hewlett Packard)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2009-08-26] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2009-08-26] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2009-08-26] (HP)
S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [1691808 2007-02-06] ()
S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [1964064 2007-02-06] (Logitech Inc.)
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25632 2007-02-06] ()
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41504 2007-02-03] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 MREMP50; C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [21248 2012-12-10] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [20096 2012-12-10] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw5x32; C:\Windows\System32\DRIVERS\NETw5x32.sys [4221952 2009-10-26] (Intel Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21792 2011-04-13] (Microsoft Corporation)
R2 PDFsFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [68464 2012-08-02] (Raxco Software, Inc.)
R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-08-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-08-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)
R2 X4HSEx_Pr143; C:\Program Files\Free Ride Games\X4HSEx_Pr143.Sys [58696 2012-08-02] (Exent Technologies Ltd.)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S4 cd20xrnt; No ImagePath
S0 cerc6; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S4 hpn; No ImagePath
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S4 IntelIde; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S3 SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys [x]
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [x]
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
S3 ztemtusbser; system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-18 15:52 - 2013-06-18 15:52 - 01366977 ____A (Farbar) C:\Documents and Settings\Ron\Desktop\FRST.exe
2013-06-18 15:52 - 2013-06-18 15:52 - 00000000 ____D C:\FRST
2013-06-18 15:51 - 2013-06-18 15:51 - 01366977 ____A (Farbar) C:\Documents and Settings\Ron\Desktop\FRST1.exe
2013-06-18 15:33 - 2013-06-18 15:33 - 01366977 ____A (Farbar) C:\Documents and Settings\Ron\Desktop\Farbar Recovery Scan Tool.exe
2013-06-18 11:17 - 2013-06-18 11:17 - 00001917 ____A C:\Documents and Settings\Ron\Desktop\Continue downloading Chainz 2 Relinked.lnk
2013-06-18 11:17 - 2013-06-18 11:17 - 00001891 ____A C:\Documents and Settings\Ron\Desktop\Continue downloading Lottso Deluxe.lnk
2013-06-18 11:16 - 2007-05-10 10:23 - 04952064 ____A (SigmaTel, Inc.) C:\Windows\System32\stacgui.cpl
2013-06-18 11:16 - 2007-05-10 10:22 - 00405504 ____A (SigmaTel, Inc.) C:\Windows\stsystra.exe
2013-06-18 11:16 - 2007-04-10 17:02 - 01601536 ____A (SigmaTel, Inc.) C:\Windows\System32\stlang.dll
2013-06-18 11:15 - 2013-06-18 11:16 - 00000000 ____D C:\Windows\LastGood
2013-06-18 11:14 - 2007-05-10 10:23 - 00270336 ____A (SigmaTel, Inc.) C:\Windows\System32\stacapi.dll
2013-06-18 10:59 - 2013-06-18 11:00 - 00001885 ____A C:\Documents and Settings\Ron\Desktop\Play 7 Wonders II.lnk
2013-06-18 10:58 - 2013-06-18 10:59 - 00000000 ____D C:\Program Files\Free Ride Games
2013-06-18 10:58 - 2013-06-18 10:58 - 00001733 ____A C:\Documents and Settings\All Users\Desktop\Play Free Games.lnk
2013-06-18 10:58 - 2013-06-18 10:58 - 00001112 ____A C:\Documents and Settings\All Users\Desktop\More FREE games.lnk
2013-06-18 10:58 - 2013-06-18 10:58 - 00000064 ____A C:\Windows\GPlrLanc.dat
2013-06-18 10:58 - 2013-06-18 10:58 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Free Ride Games
2013-06-18 10:58 - 2013-03-14 19:22 - 00058264 ____N (Exent Technologies Ltd.) C:\Windows\ExentInfo.exe
2013-06-18 10:58 - 2012-07-17 17:59 - 01132448 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
2013-06-18 10:53 - 2013-06-18 10:54 - 00000000 ____D C:\Program Files\MyPC Backup
2013-06-18 10:53 - 2013-06-18 10:53 - 00000762 ____A C:\Documents and Settings\Ron\Desktop\MyPC Backup.lnk
2013-06-18 10:52 - 2013-06-18 10:52 - 00033958 ____A C:\Documents and Settings\All Users\Application Data\uninstaller.exe
2013-06-18 10:52 - 2013-06-18 10:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WeCareReminder
2013-06-18 01:49 - 2013-06-18 01:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PCDr
2013-06-18 01:49 - 2013-06-18 01:49 - 00000000 ____D C:\Program Files\Dell Support Center
2013-06-18 01:46 - 2013-06-18 05:09 - 00000000 ____D C:\Program Files\My Dell
2013-06-18 01:40 - 2013-06-18 01:50 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\PCDr
2013-06-17 17:47 - 2013-06-17 17:47 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\AVG2013
2013-06-17 16:50 - 2013-06-17 16:50 - 00000702 ____A C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
2013-06-17 15:57 - 2013-06-17 17:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2013
2013-06-17 15:31 - 2013-06-17 17:47 - 00000000 ____D C:\Documents and Settings\Ron\Local Settings\Application Data\Avg2013
2013-06-17 15:31 - 2013-06-17 15:31 - 00000000 ____D C:\Documents and Settings\Ron\Local Settings\Application Data\MFAData
2013-06-13 02:52 - 2013-06-13 02:52 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\New Folder (2)
2013-06-13 02:01 - 2005-02-03 13:31 - 00032768 ____A C:\Windows\System32\compJNI.dll
2013-06-13 02:01 - 2004-08-20 09:02 - 00102400 ____A C:\Windows\System32\PMLJNI.dll
2013-06-13 02:01 - 2004-05-10 16:11 - 00040960 ____A (Hewlett-Packard) C:\Windows\System32\d4channel.dll
2013-06-13 02:01 - 2003-06-20 13:21 - 00036864 ____A (Hewlett-Packard) C:\Windows\System32\hpbmmjno.dll
2013-06-13 02:01 - 2003-06-16 17:52 - 00074752 ____A C:\Windows\System32\jst.dll
2013-06-13 01:58 - 2013-06-13 02:02 - 00000000 ___HD C:\Program Files\Zero G Registry
2013-06-13 01:49 - 2013-06-13 01:50 - 00001071 ____A C:\Windows\System32\msiexec.log
2013-06-13 01:48 - 2004-12-24 11:05 - 00061440 ____A (HP) C:\Windows\System32\HPZinw12.exe
2013-06-13 01:43 - 2013-06-13 01:43 - 00000142 ____A C:\Windows\System32\AddPort.ini
2013-06-13 01:43 - 2005-04-08 09:58 - 00009820 ____A C:\Windows\System32\hpipxmui.hlp
2013-06-13 01:43 - 2001-08-17 13:53 - 00006784 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\serscan.sys
2013-06-13 01:43 - 2001-08-17 13:53 - 00006784 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\serscan.sys
2013-06-13 01:40 - 2013-06-13 01:42 - 00000682 ____A C:\Windows\hpntwksetup.ini
2013-06-13 01:30 - 2013-06-13 02:20 - 00053974 ____A C:\Windows\hppins01.dat
2013-06-13 01:06 - 2005-01-21 13:41 - 00208896 ____A () C:\Windows\System32\HPP2800V.DLL
2013-06-13 01:06 - 2005-01-20 14:18 - 00000484 ____A C:\Windows\System32\HPP2800V.DAT
2013-06-13 01:06 - 2004-12-24 11:12 - 00045056 ____A (HP) C:\Windows\System32\hppapts0.dll
2013-06-13 01:06 - 2004-12-24 11:12 - 00036864 ____A (HP) C:\Windows\System32\hppasnm0.dll
2013-06-13 01:06 - 2004-12-24 11:12 - 00036864 ____A (HP) C:\Windows\System32\hppadt40.dll
2013-06-13 01:06 - 2004-12-24 11:12 - 00032768 ____A (HP) C:\Windows\System32\hppamon0.dll
2013-06-12 03:22 - 2013-06-12 03:22 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-06-12 03:05 - 2013-06-12 03:06 - 00002731 ____A C:\Windows\updspapi.log
2013-06-12 03:03 - 2013-06-12 03:08 - 00011136 ____A C:\Windows\KB2838727-IE8.log
2013-06-11 21:57 - 2013-06-12 03:23 - 00014150 ____A C:\Windows\KB2839229.log
2013-06-10 18:03 - 2013-06-10 18:03 - 00000000 ____D C:\Documents and Settings\Ron\Local Settings\Application Data\Western_Digital
2013-06-10 14:33 - 2013-06-10 14:33 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
2013-06-10 14:32 - 2013-06-10 14:32 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\Western Digital
2013-06-10 14:31 - 2013-06-10 14:31 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
2013-06-10 14:31 - 2013-06-10 14:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Western Digital
2013-06-10 14:31 - 2009-02-13 12:02 - 00011520 ____A (Western Digital Technologies) C:\Windows\System32\Drivers\wdcsam.sys
2013-06-10 14:28 - 2013-06-10 14:28 - 00000000 ____D C:\Program Files\Western Digital
2013-06-10 12:02 - 2013-06-12 03:23 - 00013782 ____A C:\Windows\tsoc.log
2013-06-10 12:02 - 2013-06-12 03:23 - 00012856 ____A C:\Windows\msmqinst.log
2013-06-10 12:02 - 2013-06-12 03:23 - 00005990 ____A C:\Windows\ntdtcsetup.log
2013-06-10 12:02 - 2013-06-12 03:23 - 00004327 ____A C:\Windows\netfxocm.log
2013-06-10 12:02 - 2013-06-12 03:23 - 00002057 ____A C:\Windows\MedCtrOC.log
2013-06-10 12:02 - 2013-06-12 03:23 - 00001569 ____A C:\Windows\ocmsn.log
2013-06-10 12:02 - 2013-06-12 03:23 - 00001495 ____A C:\Windows\msgsocm.log
2013-06-10 12:02 - 2013-06-12 03:23 - 00001374 ____A C:\Windows\imsins.log
2013-06-10 12:02 - 2013-06-12 03:23 - 00000933 ____A C:\Windows\tabletoc.log
2013-06-10 12:02 - 2013-06-12 03:08 - 00001374 ____A C:\Windows\imsins.BAK
2013-06-10 12:01 - 2013-06-12 03:23 - 00064341 ____A C:\Windows\iis6.log
2013-06-10 12:01 - 2013-06-12 03:23 - 00023384 ____A C:\Windows\FaxSetup.log
2013-06-10 12:01 - 2013-06-12 03:23 - 00020290 ____A C:\Windows\ocgen.log
2013-06-10 12:01 - 2013-06-12 03:23 - 00008223 ____A C:\Windows\comsetup.log
2013-06-10 11:38 - 2013-06-10 11:39 - 00003328 ____A C:\Windows\DPINST.LOG
2013-06-10 00:04 - 2012-02-01 16:35 - 00023235 ____A C:\Windows\hpf6800m.hi1
2013-06-10 00:04 - 2012-02-01 16:35 - 00005564 ____A C:\Windows\hpf6800m.bu1
2013-06-10 00:04 - 2012-02-01 16:33 - 00897008 ____A C:\Windows\hpdj6800.hi1
2013-06-10 00:04 - 2012-02-01 16:33 - 00014296 ____A C:\Windows\hpdj6800.bu1
2013-06-09 23:02 - 2013-06-17 16:48 - 00000000 __SHD C:\Windows\CSC
2013-06-09 22:06 - 2013-06-09 22:06 - 00000000 ____D C:\Documents and Settings\All Users\Documents\CrashDump
2013-06-08 12:14 - 2005-04-08 08:52 - 00002392 ____N C:\Windows\hppmdl01.dat
2013-06-08 12:12 - 2013-06-08 12:12 - 00000000 ____D C:\Program Files\Common Files\SWF Studio
2013-06-08 12:08 - 2013-06-08 12:12 - 00000000 ____D C:\hp_CLJ_2820-2840_Full_Solution
2013-06-07 22:38 - 2013-06-07 22:38 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\TuneUp Software
2013-06-07 13:31 - 2013-06-07 13:31 - 43946992 ____A C:\Documents and Settings\Ron\Desktop\lj2820-2840pnp-en.exe
2013-06-07 13:24 - 2013-06-09 21:09 - 00000120 ____A C:\Windows\setupact.log
2013-06-07 13:24 - 2013-06-07 13:24 - 00000000 ____A C:\Windows\setuperr.log
2013-06-07 00:37 - 2013-06-18 11:18 - 00095621 ____A C:\Windows\setupapi.log
2013-06-04 12:01 - 2013-06-04 12:05 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\Optum Bank HSA
2013-05-31 15:25 - 2013-06-17 22:38 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-05-31 14:38 - 2013-05-31 14:41 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\2012 Practice Tracking and Goals
2013-05-31 11:31 - 2013-06-07 17:58 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\Amin
2013-05-28 11:47 - 2013-04-04 05:30 - 00263584 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-05-28 11:46 - 2013-05-28 11:46 - 00000000 ____D C:\Program Files\Common Files\Java
2013-05-28 11:45 - 2013-04-04 05:35 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-05-28 11:45 - 2013-04-04 05:30 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-05-28 11:45 - 2013-04-04 05:29 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-05-28 11:44 - 2013-05-28 11:45 - 00003874 ____A C:\Windows\System32\jupdate-1.7.0_21-b11.log
2013-05-28 11:20 - 2013-05-28 11:20 - 00002178 ____A C:\Documents and Settings\Ron\Desktop\NetX360.lnk
2013-05-23 16:26 - 2013-05-23 16:26 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\Lincoln Financial Group
2013-05-23 16:01 - 2013-05-23 16:02 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\Lincoln Benefit Life
2013-05-22 11:21 - 2013-05-22 11:21 - 04325376 ____A C:\Documents and Settings\All Users\Application Data\ReadOnlyInstaller.msi

==================== One Month Modified Files and Folders ========

2013-06-18 15:53 - 2010-12-30 00:15 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-18 15:52 - 2013-06-18 15:52 - 01366977 ____A (Farbar) C:\Documents and Settings\Ron\Desktop\FRST.exe
2013-06-18 15:52 - 2013-06-18 15:52 - 00000000 ____D C:\FRST
2013-06-18 15:51 - 2013-06-18 15:51 - 01366977 ____A (Farbar) C:\Documents and Settings\Ron\Desktop\FRST1.exe
2013-06-18 15:44 - 2012-04-12 08:28 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-18 15:33 - 2013-06-18 15:33 - 01366977 ____A (Farbar) C:\Documents and Settings\Ron\Desktop\Farbar Recovery Scan Tool.exe
2013-06-18 14:20 - 2010-12-30 00:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-06-18 14:13 - 2012-06-12 16:58 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\State College Area School DIstrict 403b
2013-06-18 13:11 - 2011-02-12 02:41 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\Skype
2013-06-18 12:14 - 2013-04-07 22:01 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\James and Karen Brandt
2013-06-18 11:56 - 2011-02-15 14:11 - 00000000 ____D C:\Documents and Settings\Ron\Local Settings\Application Data\Deployment
2013-06-18 11:40 - 2012-07-05 15:13 - 01318032 ____A C:\Windows\WindowsUpdate.log
2013-06-18 11:18 - 2013-06-07 00:37 - 00095621 ____A C:\Windows\setupapi.log
2013-06-18 11:17 - 2013-06-18 11:17 - 00001917 ____A C:\Documents and Settings\Ron\Desktop\Continue downloading Chainz 2 Relinked.lnk
2013-06-18 11:17 - 2013-06-18 11:17 - 00001891 ____A C:\Documents and Settings\Ron\Desktop\Continue downloading Lottso Deluxe.lnk
2013-06-18 11:16 - 2013-06-18 11:15 - 00000000 ____D C:\Windows\LastGood
2013-06-18 11:00 - 2013-06-18 10:59 - 00001885 ____A C:\Documents and Settings\Ron\Desktop\Play 7 Wonders II.lnk
2013-06-18 10:59 - 2013-06-18 10:58 - 00000000 ____D C:\Program Files\Free Ride Games
2013-06-18 10:58 - 2013-06-18 10:58 - 00001733 ____A C:\Documents and Settings\All Users\Desktop\Play Free Games.lnk
2013-06-18 10:58 - 2013-06-18 10:58 - 00001112 ____A C:\Documents and Settings\All Users\Desktop\More FREE games.lnk
2013-06-18 10:58 - 2013-06-18 10:58 - 00000064 ____A C:\Windows\GPlrLanc.dat
2013-06-18 10:58 - 2013-06-18 10:58 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Free Ride Games
2013-06-18 10:58 - 2010-11-24 13:19 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-06-18 10:54 - 2013-06-18 10:53 - 00000000 ____D C:\Program Files\MyPC Backup
2013-06-18 10:53 - 2013-06-18 10:53 - 00000762 ____A C:\Documents and Settings\Ron\Desktop\MyPC Backup.lnk
2013-06-18 10:52 - 2013-06-18 10:52 - 00033958 ____A C:\Documents and Settings\All Users\Application Data\uninstaller.exe
2013-06-18 10:52 - 2013-06-18 10:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WeCareReminder
2013-06-18 10:51 - 2010-11-24 07:30 - 00000000 ____D C:\Windows\Resources
2013-06-18 05:09 - 2013-06-18 01:46 - 00000000 ____D C:\Program Files\My Dell
2013-06-18 02:53 - 2010-12-30 00:15 - 00000876 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-18 01:53 - 2012-07-05 15:15 - 00032494 ____A C:\Windows\SchedLgU.Txt
2013-06-18 01:50 - 2013-06-18 01:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PCDr
2013-06-18 01:50 - 2013-06-18 01:40 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\PCDr
2013-06-18 01:50 - 2011-12-08 10:18 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\Dell
2013-06-18 01:49 - 2013-06-18 01:49 - 00000000 ____D C:\Program Files\Dell Support Center
2013-06-17 22:54 - 2011-12-08 11:18 - 00000000 ____D C:\Program Files\Speccy
2013-06-17 22:48 - 2013-02-14 21:45 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-06-17 22:47 - 2008-04-13 19:00 - 00002206 ____A C:\Windows\System32\wpa.dbl
2013-06-17 22:41 - 2010-11-24 07:41 - 00000159 ____A C:\Windows\wiadebug.log
2013-06-17 22:40 - 2010-11-24 07:41 - 00000049 ____A C:\Windows\wiaservc.log
2013-06-17 22:38 - 2013-05-31 15:25 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-06-17 22:38 - 2012-01-25 02:04 - 00000274 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-57989841-484763869-1417001333-1003.job
2013-06-17 22:37 - 2010-11-24 13:04 - 00000062 __ASH C:\Documents and Settings\Ron\Local Settings\desktop.ini
2013-06-17 22:37 - 2010-11-24 13:03 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-17 22:37 - 2010-11-24 13:03 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-17 22:36 - 2010-11-24 13:00 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-17 17:52 - 2010-11-24 13:04 - 00000278 ___SH C:\Documents and Settings\Ron\ntuser.ini
2013-06-17 17:50 - 2010-12-30 00:44 - 00000000 ____D C:\Program Files\AVG
2013-06-17 17:47 - 2013-06-17 17:47 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\AVG2013
2013-06-17 17:47 - 2013-06-17 15:31 - 00000000 ____D C:\Documents and Settings\Ron\Local Settings\Application Data\Avg2013
2013-06-17 17:03 - 2013-06-17 15:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2013
2013-06-17 16:50 - 2013-06-17 16:50 - 00000702 ____A C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
2013-06-17 16:48 - 2013-06-09 23:02 - 00000000 __SHD C:\Windows\CSC
2013-06-17 15:50 - 2013-02-20 20:08 - 00000000 ____D C:\Documents and Settings\All Users\Documents\Verizon_Android
2013-06-17 15:49 - 2013-02-20 20:08 - 00000000 ____D C:\Verizon_Android
2013-06-17 15:31 - 2013-06-17 15:31 - 00000000 ____D C:\Documents and Settings\Ron\Local Settings\Application Data\MFAData
2013-06-13 03:46 - 2012-10-05 15:06 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\HpUpdate
2013-06-13 03:22 - 2011-02-01 14:31 - 00000000 ____D C:\Program Files\HP
2013-06-13 03:21 - 2011-02-01 14:36 - 00000000 ____D C:\Program Files\Hewlett-Packard
2013-06-13 02:52 - 2013-06-13 02:52 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\New Folder (2)
2013-06-13 02:20 - 2013-06-13 01:30 - 00053974 ____A C:\Windows\hppins01.dat
2013-06-13 02:20 - 2011-02-01 14:30 - 00010924 ____A C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2013-06-13 02:15 - 2010-12-30 00:36 - 00090768 ____A C:\Documents and Settings\Ron\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-06-13 02:10 - 2010-11-24 07:38 - 00343424 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-13 02:02 - 2013-06-13 01:58 - 00000000 ___HD C:\Program Files\Zero G Registry
2013-06-13 01:50 - 2013-06-13 01:49 - 00001071 ____A C:\Windows\System32\msiexec.log
2013-06-13 01:44 - 2010-11-24 07:30 - 00000000 ____D C:\Windows\twain_32
2013-06-13 01:43 - 2013-06-13 01:43 - 00000142 ____A C:\Windows\System32\AddPort.ini
2013-06-13 01:42 - 2013-06-13 01:40 - 00000682 ____A C:\Windows\hpntwksetup.ini
2013-06-12 11:35 - 2011-02-01 14:29 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\HP
2013-06-12 03:23 - 2013-06-11 21:57 - 00014150 ____A C:\Windows\KB2839229.log
2013-06-12 03:23 - 2013-06-10 12:02 - 00013782 ____A C:\Windows\tsoc.log
2013-06-12 03:23 - 2013-06-10 12:02 - 00012856 ____A C:\Windows\msmqinst.log
2013-06-12 03:23 - 2013-06-10 12:02 - 00005990 ____A C:\Windows\ntdtcsetup.log
2013-06-12 03:23 - 2013-06-10 12:02 - 00004327 ____A C:\Windows\netfxocm.log
2013-06-12 03:23 - 2013-06-10 12:02 - 00002057 ____A C:\Windows\MedCtrOC.log
2013-06-12 03:23 - 2013-06-10 12:02 - 00001569 ____A C:\Windows\ocmsn.log
2013-06-12 03:23 - 2013-06-10 12:02 - 00001495 ____A C:\Windows\msgsocm.log
2013-06-12 03:23 - 2013-06-10 12:02 - 00001374 ____A C:\Windows\imsins.log
2013-06-12 03:23 - 2013-06-10 12:02 - 00000933 ____A C:\Windows\tabletoc.log
2013-06-12 03:23 - 2013-06-10 12:01 - 00064341 ____A C:\Windows\iis6.log
2013-06-12 03:23 - 2013-06-10 12:01 - 00023384 ____A C:\Windows\FaxSetup.log
2013-06-12 03:23 - 2013-06-10 12:01 - 00020290 ____A C:\Windows\ocgen.log
2013-06-12 03:23 - 2013-06-10 12:01 - 00008223 ____A C:\Windows\comsetup.log
2013-06-12 03:22 - 2013-06-12 03:22 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-06-12 03:10 - 2010-12-29 21:54 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 03:08 - 2013-06-12 03:03 - 00011136 ____A C:\Windows\KB2838727-IE8.log
2013-06-12 03:08 - 2013-06-10 12:02 - 00001374 ____A C:\Windows\imsins.BAK
2013-06-12 03:06 - 2013-06-12 03:05 - 00002731 ____A C:\Windows\updspapi.log
2013-06-12 03:05 - 2010-12-29 21:56 - 00000000 ____D C:\Windows\ie8updates
2013-06-10 18:50 - 2013-04-02 12:40 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\Verizon
2013-06-10 18:03 - 2013-06-10 18:03 - 00000000 ____D C:\Documents and Settings\Ron\Local Settings\Application Data\Western_Digital
2013-06-10 14:39 - 2010-11-24 12:54 - 00000000 ____D C:\Windows\Registration
2013-06-10 14:33 - 2013-06-10 14:33 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
2013-06-10 14:32 - 2013-06-10 14:32 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\Western Digital
2013-06-10 14:31 - 2013-06-10 14:31 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
2013-06-10 14:31 - 2013-06-10 14:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Western Digital
2013-06-10 14:28 - 2013-06-10 14:28 - 00000000 ____D C:\Program Files\Western Digital
2013-06-10 12:07 - 2010-11-24 07:39 - 00704522 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-10 11:39 - 2013-06-10 11:38 - 00003328 ____A C:\Windows\DPINST.LOG
2013-06-10 10:57 - 2010-11-24 07:30 - 00000000 ____D C:\Windows\Help
2013-06-10 00:11 - 2012-02-01 16:29 - 00003415 ____A C:\Windows\hpf6800m.his
2013-06-10 00:11 - 2012-02-01 16:29 - 00001651 ____A C:\Windows\hpf6800m.ini
2013-06-10 00:06 - 2012-02-01 16:29 - 00037819 ____A C:\Windows\hpdj6800.his
2013-06-10 00:06 - 2012-02-01 16:29 - 00004448 ____A C:\Windows\hpdj6800.ini
2013-06-09 23:19 - 2010-12-20 18:17 - 00000000 __SHD C:\Documents and Settings\Ron\UserData
2013-06-09 22:06 - 2013-06-09 22:06 - 00000000 ____D C:\Documents and Settings\All Users\Documents\CrashDump
2013-06-09 21:09 - 2013-06-07 13:24 - 00000120 ____A C:\Windows\setupact.log
2013-06-09 03:00 - 2012-03-02 23:30 - 00000286 ____A C:\Windows\Tasks\Laser App Enterprise Updates.job
2013-06-09 00:54 - 2011-02-01 14:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HP
2013-06-08 12:12 - 2013-06-08 12:12 - 00000000 ____D C:\Program Files\Common Files\SWF Studio
2013-06-08 12:12 - 2013-06-08 12:08 - 00000000 ____D C:\hp_CLJ_2820-2840_Full_Solution
2013-06-07 22:38 - 2013-06-07 22:38 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\TuneUp Software
2013-06-07 17:58 - 2013-05-31 11:31 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\Amin
2013-06-07 17:58 - 2012-02-28 16:39 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\Youssef
2013-06-07 17:54 - 2011-01-11 13:17 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\ING Financial Partners
2013-06-07 17:53 - 2011-09-26 00:27 - 00001813 ____A C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-06-07 15:17 - 2011-10-17 13:46 - 00000000 ____D C:\Documents and Settings\Ron\Local Settings\Application Data\Pershing
2013-06-07 13:31 - 2013-06-07 13:31 - 43946992 ____A C:\Documents and Settings\Ron\Desktop\lj2820-2840pnp-en.exe
2013-06-07 13:24 - 2013-06-07 13:24 - 00000000 ____A C:\Windows\setuperr.log
2013-06-07 07:28 - 2011-06-10 16:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\iolo
2013-06-07 00:37 - 2011-06-10 16:55 - 00001689 ____A C:\Documents and Settings\Ron\Desktop\System Mechanic.lnk
2013-06-06 12:03 - 2012-03-27 15:01 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\PrintCreations
2013-06-06 12:02 - 2008-04-13 19:00 - 00000873 ____A C:\Windows\win.ini
2013-06-05 19:43 - 2012-01-25 02:04 - 00000282 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-57989841-484763869-1417001333-1003.job
2013-06-05 19:32 - 2011-01-11 03:11 - 00080384 ____A C:\Documents and Settings\Ron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-05 15:50 - 2010-12-30 01:54 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-05 15:41 - 2012-01-11 21:42 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\Caroline
2013-06-05 15:16 - 2013-02-20 20:12 - 00000000 ____D C:\Program Files\SAMSUNG
2013-06-04 12:05 - 2013-06-04 12:01 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\Optum Bank HSA
2013-05-31 15:25 - 2011-12-07 03:06 - 00000000 ____D C:\Program Files\AVG Secure Search
2013-05-31 14:41 - 2013-05-31 14:38 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\2012 Practice Tracking and Goals
2013-05-30 14:51 - 2013-03-14 16:18 - 00000000 ____D C:\lexmark
2013-05-29 17:32 - 2011-10-21 14:24 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\VirtualDJ
2013-05-29 15:41 - 2013-03-12 18:57 - 03300640 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2013-05-29 11:28 - 2011-06-10 16:55 - 00041616 ____A (iolo technologies, LLC) C:\Windows\System32\iolobtdfg.exe
2013-05-29 11:28 - 2011-06-10 16:55 - 00023568 ____A (iolo technologies, LLC) C:\Windows\System32\smrgdf.exe
2013-05-29 11:12 - 2011-06-28 01:00 - 02097472 ____A (iolo technologies, LLC) C:\Windows\System32\Incinerator32.dll
2013-05-28 11:46 - 2013-05-28 11:46 - 00000000 ____D C:\Program Files\Common Files\Java
2013-05-28 11:45 - 2013-05-28 11:44 - 00003874 ____A C:\Windows\System32\jupdate-1.7.0_21-b11.log
2013-05-28 11:45 - 2011-01-04 22:45 - 00000000 ____D C:\Program Files\Java
2013-05-28 11:33 - 2011-01-11 13:32 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\Pershing
2013-05-28 11:20 - 2013-05-28 11:20 - 00002178 ____A C:\Documents and Settings\Ron\Desktop\NetX360.lnk
2013-05-23 16:26 - 2013-05-23 16:26 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\Lincoln Financial Group
2013-05-23 16:02 - 2013-05-23 16:01 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\Lincoln Benefit Life
2013-05-23 11:24 - 2012-02-18 01:47 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\SCASD
2013-05-22 11:21 - 2013-05-22 11:21 - 04325376 ____A C:\Documents and Settings\All Users\Application Data\ReadOnlyInstaller.msi
2013-05-20 15:48 - 2012-01-31 13:03 - 00000000 ____D C:\Windows\System32\cache
2013-05-20 15:47 - 2012-11-11 12:28 - 00037664 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys

Files to move or delete:
====================
C:\Documents and Settings\Ron\GoToAssistDownloadHelper.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-06-2013 02
Ran by Ron (administrator) on 18-06-2013 15:53:34
Running from C:\Documents and Settings\Ron\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Two Pilots) C:\WINDOWS\VPDAgent.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\WINDOWS\System32\SCardSvr.exe
(Microsoft Corporation) C:\WINDOWS\system32\netdde.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(iolo technologies, LLC) C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
() C:\Documents and Settings\Ron\Local Settings\Application Data\Mikogo4\Viewer\Service\M4-Service.exe
(The Neat Company) C:\Program Files\Neat\exec\NeatStartupService.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcServiceHost.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(AVG Secure Search) C:\Program Files\AVG Secure Search\vprot.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Western Digital) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
(Hewlett-Packard) C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
(Memeo) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
() C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
() C:\Documents and Settings\Ron\Local Settings\Application Data\Mikogo4\Viewer\Service\M4-Capture.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Dell) C:\Documents and Settings\Ron\Local Settings\Apps\2.0\8B9JLHJN.RH6\0DKDKVG8.WJ8\dell..tion_0f612f649c4a10af_0004.0001_c31aa52bcc853aac\DellSystemDetect.exe
(Microsoft Corporation) C:\WINDOWS\system32\WISPTIS.EXE
(MyPCBackup.com) C:\Program Files\MyPC Backup\MyPC Backup.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(We-Care.com) C:\Documents and Settings\All Users\Application Data\WeCareReminder\ReminderHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Documents and Settings\Ron\Desktop\FRST1.exe
(Hewlett-Packard Company) C:\WINDOWS\system32\hpbpro.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe [1392640 2007-03-16] (Dell Inc.)
HKLM\...\Run: [Nuance PDF Converter Professional 7-reminder] "C:\Program Files\Nuance\PDF Professional 7\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\PDF Converter Professional 7\Ereg\Ereg.ini" [406 2013-06-17] ()
HKLM\...\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide [866584 2006-11-03] (Microsoft Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [1226928 2013-05-20] (AVG Secure Search)
HKLM\...\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe [245760 2004-11-12] (Hewlett-Packard)
HKLM\...\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKCU\...\Run: [OpAgent] "OpAgent.exe" /agent [x]
HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-12-30] (Google Inc.)
HKCU\...\Run: [DellSystemDetect] C:\Documents and Settings\Ron\Start Menu\Programs\Dell\Dell System Detect.appref-ms [x]
HKCU\...\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /schedule 300000 [4973456 2013-03-14] (Exent Technologies Ltd.)
HKCU\...\Runonce: [DependencyCheck] Performed [x]
MountPoints2: {66ba962c-3c03-11e0-9251-00188bcf7c5e} - E:\AutoRun.exe
MountPoints2: {8f9ce1ce-3a89-11e0-9247-00188bcf7c5e} - D:\AutoRun.exe
MountPoints2: {8f9ce1d0-3a89-11e0-9247-00188bcf7c5e} - E:\AutoRun.exe
MountPoints2: {9a23707e-5d53-11e2-8794-001b77209f3c} - F:\VZW_Software_upgrade_assistant_installer.exe
MountPoints2: {e86751ec-fc11-11e0-92f6-001b77209f3c} - "E:\WD SmartWare.exe" autoplay=true
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
Startup: C:\Documents and Settings\Ron\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www2.ing-usa.com/portal/public/login
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
URLSearchHook: (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={4632B2A8-1A1F-4800-A98D-E3FC36ED429B}&mid=eac9318e05d247d6b1a5d151cd2b95ad-7afc43abcdb4584a2c95d57e113be29ec32152f2&lang=en&ds=AVG&pr=pr&d=2011-12-19 19:03:10&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {B6F76DB1-76AB-4239-BA0F-7B58C20E52DA} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\MEDIAE~1\VIDEOD~1\ArcURLRecord.dll (ArcSoft, Inc.)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: WeCareReminder Class - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU -No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU -No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} https://h50203.www5.hp.com/WCLWEB/cabs/HPISWebManager.CAB
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1262.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
Handler: ipp - No CLSID Value -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-08-10] (SuperAdBlocker.com)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\PROGRA~1\WIFD1F~1\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 C:\PROGRA~1\SPEEDB~1\sblsp.dll [268552] (Speedbit Ltd.)
Winsock: Catalog9 02 C:\PROGRA~1\SPEEDB~1\sblsp.dll [268552] (Speedbit Ltd.)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 C:\PROGRA~1\SPEEDB~1\sblsp.dll [268552] (Speedbit Ltd.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (DivX Web Player) - C:\WINDOWS\system32\C2MP\npdivx32.dll No File
CHR Plugin: (RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (AVG Internet Security) - C:\Documents and Settings\Ron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll No File
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (DocuCom PDF Plus) - C:\Program Files\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Motive Extension) - C:\Documents and Settings\Ron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.0_0
CHR Extension: (WinZip Courier) - C:\Documents and Settings\Ron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ilckobikkmajlmhhdenkhonjkoaneclk\3.5.0_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\Ron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (AVG Safe Search) - C:\Documents and Settings\Ron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0
CHR Extension: (AVG Security Toolbar) - C:\Documents and Settings\Ron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-11] (SUPERAntiSpyware.com)
S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Agent; C:\WINDOWS\VPDAgent.exe [192512 2013-02-04] (Two Pilots)
S4 Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [794560 2012-07-26] (Spigot, Inc.)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
R2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1428472 2013-04-10] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
S2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [32808 2013-05-31] (Just Develop It)
S4 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2010-12-15] ()
S4 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2010-12-15] ()
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-06-07] (SurfRight B.V.)
R2 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [1072664 2013-05-29] (iolo technologies, LLC)
S4 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [105248 2007-02-06] (Logitech Inc.)
R2 M4-Service; C:\Documents and Settings\Ron\Local Settings\Application Data\Mikogo4\Viewer\Service\M4-Service.exe [1008032 2013-01-15] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S3 MSSQL$NR2007; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Neat Startup Service; C:\Program Files\Neat\exec\NeatStartupService.exe [5632 2013-02-23] (The Neat Company)
S2 NeatReceipts Database Controller; C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe [228480 2008-02-05] (Digital Business Processes)
S4 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2007-07-20] (Dell Inc.)
R2 pcServiceHost; C:\Program Files\Common Files\Motive\pcServiceHost.exe [342016 2012-06-11] (Alcatel-Lucent)
S4 PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exe [135016 2011-09-09] (Nuance Communications, Inc.)
S4 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-11-03] (Intel® Corporation)
S4 VideoAcceleratorService; C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [313624 2011-12-06] (Speedbit Ltd.)
R2 vToolbarUpdater15.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-20] (AVG Secure Search)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [98304 2009-08-17] (WDC)
R2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
S4 WLANKEEPER; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [348160 2009-11-03] (Intel® Corporation)
S4 wltrysvc; C:\Windows\System32\bcmwltry.exe [1253376 2007-03-16] (Dell Inc.)
S2 HidServ; %SystemRoot%\System32\hidserv.dll [x]

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 APPDRV; C:\Windows\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc)
R3 ArcCD; C:\Windows\System32\Drivers\ArcCD.sys [36224 2007-11-06] (ArcSoft Inc.)
U1 ArcRec; C:\Windows\System32\Drivers\ArcRec.sys [7680 2007-04-24] (ArcSoft Inc.)
S4 ArcUdfs; C:\Windows\System32\Drivers\ArcUdfs.sys [134912 2007-04-25] (ArcSoft Inc.)
R3 Avgfwdx; C:\Windows\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [170808 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [245048 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-05-20] (AVG Technologies)
R3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [142720 2005-10-26] (Broadcom Corporation)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 FilterService; C:\Windows\System32\DRIVERS\lvuvcflt.sys [22560 2007-02-03] (Logitech Inc.)
R3 guardian2; C:\Windows\System32\Drivers\oz776.sys [68696 2007-12-23] (O2Micro)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
S3 HPPLSBULK; C:\Windows\System32\drivers\hpplsbulk.sys [9344 2005-02-02] (Hewlett Packard)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2009-08-26] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2009-08-26] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2009-08-26] (HP)
S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [1691808 2007-02-06] ()
S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [1964064 2007-02-06] (Logitech Inc.)
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25632 2007-02-06] ()
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41504 2007-02-03] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 MREMP50; C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [21248 2012-12-10] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [20096 2012-12-10] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw5x32; C:\Windows\System32\DRIVERS\NETw5x32.sys [4221952 2009-10-26] (Intel Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21792 2011-04-13] (Microsoft Corporation)
R2 PDFsFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [68464 2012-08-02] (Raxco Software, Inc.)
R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-08-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-08-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)
R2 X4HSEx_Pr143; C:\Program Files\Free Ride Games\X4HSEx_Pr143.Sys [58696 2012-08-02] (Exent Technologies Ltd.)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S4 cd20xrnt; No ImagePath
S0 cerc6; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S4 hpn; No ImagePath
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S4 IntelIde; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S3 SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys [x]
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [x]
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
S3 ztemtusbser; system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-18 15:52 - 2013-06-18 15:52 - 01366977 ____A (Farbar) C:\Documents and Settings\Ron\Desktop\FRST.exe
2013-06-18 15:52 - 2013-06-18 15:52 - 00000000 ____D C:\FRST
2013-06-18 15:51 - 2013-06-18 15:51 - 01366977 ____A (Farbar) C:\Documents and Settings\Ron\Desktop\FRST1.exe
2013-06-18 15:33 - 2013-06-18 15:33 - 01366977 ____A (Farbar) C:\Documents and Settings\Ron\Desktop\Farbar Recovery Scan Tool.exe
2013-06-18 11:17 - 2013-06-18 11:17 - 00001917 ____A C:\Documents and Settings\Ron\Desktop\Continue downloading Chainz 2 Relinked.lnk
2013-06-18 11:17 - 2013-06-18 11:17 - 00001891 ____A C:\Documents and Settings\Ron\Desktop\Continue downloading Lottso Deluxe.lnk
2013-06-18 11:16 - 2007-05-10 10:23 - 04952064 ____A (SigmaTel, Inc.) C:\Windows\System32\stacgui.cpl
2013-06-18 11:16 - 2007-05-10 10:22 - 00405504 ____A (SigmaTel, Inc.) C:\Windows\stsystra.exe
2013-06-18 11:16 - 2007-04-10 17:02 - 01601536 ____A (SigmaTel, Inc.) C:\Windows\System32\stlang.dll
2013-06-18 11:15 - 2013-06-18 11:16 - 00000000 ____D C:\Windows\LastGood
2013-06-18 11:14 - 2007-05-10 10:23 - 00270336 ____A (SigmaTel, Inc.) C:\Windows\System32\stacapi.dll
2013-06-18 10:59 - 2013-06-18 11:00 - 00001885 ____A C:\Documents and Settings\Ron\Desktop\Play 7 Wonders II.lnk
2013-06-18 10:58 - 2013-06-18 10:59 - 00000000 ____D C:\Program Files\Free Ride Games
2013-06-18 10:58 - 2013-06-18 10:58 - 00001733 ____A C:\Documents and Settings\All Users\Desktop\Play Free Games.lnk
2013-06-18 10:58 - 2013-06-18 10:58 - 00001112 ____A C:\Documents and Settings\All Users\Desktop\More FREE games.lnk
2013-06-18 10:58 - 2013-06-18 10:58 - 00000064 ____A C:\Windows\GPlrLanc.dat
2013-06-18 10:58 - 2013-06-18 10:58 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Free Ride Games
2013-06-18 10:58 - 2013-03-14 19:22 - 00058264 ____N (Exent Technologies Ltd.) C:\Windows\ExentInfo.exe
2013-06-18 10:58 - 2012-07-17 17:59 - 01132448 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
2013-06-18 10:53 - 2013-06-18 10:54 - 00000000 ____D C:\Program Files\MyPC Backup
2013-06-18 10:53 - 2013-06-18 10:53 - 00000762 ____A C:\Documents and Settings\Ron\Desktop\MyPC Backup.lnk
2013-06-18 10:52 - 2013-06-18 10:52 - 00033958 ____A C:\Documents and Settings\All Users\Application Data\uninstaller.exe
2013-06-18 10:52 - 2013-06-18 10:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WeCareReminder
2013-06-18 01:49 - 2013-06-18 01:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PCDr
2013-06-18 01:49 - 2013-06-18 01:49 - 00000000 ____D C:\Program Files\Dell Support Center
2013-06-18 01:46 - 2013-06-18 05:09 - 00000000 ____D C:\Program Files\My Dell
2013-06-18 01:40 - 2013-06-18 01:50 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\PCDr
2013-06-17 17:47 - 2013-06-17 17:47 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\AVG2013
2013-06-17 16:50 - 2013-06-17 16:50 - 00000702 ____A C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
2013-06-17 15:57 - 2013-06-17 17:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2013
2013-06-17 15:31 - 2013-06-17 17:47 - 00000000 ____D C:\Documents and Settings\Ron\Local Settings\Application Data\Avg2013
2013-06-17 15:31 - 2013-06-17 15:31 - 00000000 ____D C:\Documents and Settings\Ron\Local Settings\Application Data\MFAData
2013-06-13 02:52 - 2013-06-13 02:52 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\New Folder (2)
2013-06-13 02:01 - 2005-02-03 13:31 - 00032768 ____A C:\Windows\System32\compJNI.dll
2013-06-13 02:01 - 2004-08-20 09:02 - 00102400 ____A C:\Windows\System32\PMLJNI.dll
2013-06-13 02:01 - 2004-05-10 16:11 - 00040960 ____A (Hewlett-Packard) C:\Windows\System32\d4channel.dll
2013-06-13 02:01 - 2003-06-20 13:21 - 00036864 ____A (Hewlett-Packard) C:\Windows\System32\hpbmmjno.dll
2013-06-13 02:01 - 2003-06-16 17:52 - 00074752 ____A C:\Windows\System32\jst.dll
2013-06-13 01:58 - 2013-06-13 02:02 - 00000000 ___HD C:\Program Files\Zero G Registry
2013-06-13 01:49 - 2013-06-13 01:50 - 00001071 ____A C:\Windows\System32\msiexec.log
2013-06-13 01:48 - 2004-12-24 11:05 - 00061440 ____A (HP) C:\Windows\System32\HPZinw12.exe
2013-06-13 01:43 - 2013-06-13 01:43 - 00000142 ____A C:\Windows\System32\AddPort.ini
2013-06-13 01:43 - 2005-04-08 09:58 - 00009820 ____A C:\Windows\System32\hpipxmui.hlp
2013-06-13 01:43 - 2001-08-17 13:53 - 00006784 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\serscan.sys
2013-06-13 01:43 - 2001-08-17 13:53 - 00006784 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\serscan.sys
2013-06-13 01:40 - 2013-06-13 01:42 - 00000682 ____A C:\Windows\hpntwksetup.ini
2013-06-13 01:30 - 2013-06-13 02:20 - 00053974 ____A C:\Windows\hppins01.dat
2013-06-13 01:06 - 2005-01-21 13:41 - 00208896 ____A () C:\Windows\System32\HPP2800V.DLL
2013-06-13 01:06 - 2005-01-20 14:18 - 00000484 ____A C:\Windows\System32\HPP2800V.DAT
2013-06-13 01:06 - 2004-12-24 11:12 - 00045056 ____A (HP) C:\Windows\System32\hppapts0.dll
2013-06-13 01:06 - 2004-12-24 11:12 - 00036864 ____A (HP) C:\Windows\System32\hppasnm0.dll
2013-06-13 01:06 - 2004-12-24 11:12 - 00036864 ____A (HP) C:\Windows\System32\hppadt40.dll
2013-06-13 01:06 - 2004-12-24 11:12 - 00032768 ____A (HP) C:\Windows\System32\hppamon0.dll
2013-06-12 03:22 - 2013-06-12 03:22 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-06-12 03:05 - 2013-06-12 03:06 - 00002731 ____A C:\Windows\updspapi.log
2013-06-12 03:03 - 2013-06-12 03:08 - 00011136 ____A C:\Windows\KB2838727-IE8.log
2013-06-11 21:57 - 2013-06-12 03:23 - 00014150 ____A C:\Windows\KB2839229.log
2013-06-10 18:03 - 2013-06-10 18:03 - 00000000 ____D C:\Documents and Settings\Ron\Local Settings\Application Data\Western_Digital
2013-06-10 14:33 - 2013-06-10 14:33 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
2013-06-10 14:32 - 2013-06-10 14:32 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\Western Digital
2013-06-10 14:31 - 2013-06-10 14:31 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
2013-06-10 14:31 - 2013-06-10 14:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Western Digital
2013-06-10 14:31 - 2009-02-13 12:02 - 00011520 ____A (Western Digital Technologies) C:\Windows\System32\Drivers\wdcsam.sys
2013-06-10 14:28 - 2013-06-10 14:28 - 00000000 ____D C:\Program Files\Western Digital
2013-06-10 12:02 - 2013-06-12 03:23 - 00013782 ____A C:\Windows\tsoc.log
2013-06-10 12:02 - 2013-06-12 03:23 - 00012856 ____A C:\Windows\msmqinst.log
2013-06-10 12:02 - 2013-06-12 03:23 - 00005990 ____A C:\Windows\ntdtcsetup.log
2013-06-10 12:02 - 2013-06-12 03:23 - 00004327 ____A C:\Windows\netfxocm.log
2013-06-10 12:02 - 2013-06-12 03:23 - 00002057 ____A C:\Windows\MedCtrOC.log
2013-06-10 12:02 - 2013-06-12 03:23 - 00001569 ____A C:\Windows\ocmsn.log
2013-06-10 12:02 - 2013-06-12 03:23 - 00001495 ____A C:\Windows\msgsocm.log
2013-06-10 12:02 - 2013-06-12 03:23 - 00001374 ____A C:\Windows\imsins.log
2013-06-10 12:02 - 2013-06-12 03:23 - 00000933 ____A C:\Windows\tabletoc.log
2013-06-10 12:02 - 2013-06-12 03:08 - 00001374 ____A C:\Windows\imsins.BAK
2013-06-10 12:01 - 2013-06-12 03:23 - 00064341 ____A C:\Windows\iis6.log
2013-06-10 12:01 - 2013-06-12 03:23 - 00023384 ____A C:\Windows\FaxSetup.log
2013-06-10 12:01 - 2013-06-12 03:23 - 00020290 ____A C:\Windows\ocgen.log
2013-06-10 12:01 - 2013-06-12 03:23 - 00008223 ____A C:\Windows\comsetup.log
2013-06-10 11:38 - 2013-06-10 11:39 - 00003328 ____A C:\Windows\DPINST.LOG
2013-06-10 00:04 - 2012-02-01 16:35 - 00023235 ____A C:\Windows\hpf6800m.hi1
2013-06-10 00:04 - 2012-02-01 16:35 - 00005564 ____A C:\Windows\hpf6800m.bu1
2013-06-10 00:04 - 2012-02-01 16:33 - 00897008 ____A C:\Windows\hpdj6800.hi1
2013-06-10 00:04 - 2012-02-01 16:33 - 00014296 ____A C:\Windows\hpdj6800.bu1
2013-06-09 23:02 - 2013-06-17 16:48 - 00000000 __SHD C:\Windows\CSC
2013-06-09 22:06 - 2013-06-09 22:06 - 00000000 ____D C:\Documents and Settings\All Users\Documents\CrashDump
2013-06-08 12:14 - 2005-04-08 08:52 - 00002392 ____N C:\Windows\hppmdl01.dat
2013-06-08 12:12 - 2013-06-08 12:12 - 00000000 ____D C:\Program Files\Common Files\SWF Studio
2013-06-08 12:08 - 2013-06-08 12:12 - 00000000 ____D C:\hp_CLJ_2820-2840_Full_Solution
2013-06-07 22:38 - 2013-06-07 22:38 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\TuneUp Software
2013-06-07 13:31 - 2013-06-07 13:31 - 43946992 ____A C:\Documents and Settings\Ron\Desktop\lj2820-2840pnp-en.exe
2013-06-07 13:24 - 2013-06-09 21:09 - 00000120 ____A C:\Windows\setupact.log
2013-06-07 13:24 - 2013-06-07 13:24 - 00000000 ____A C:\Windows\setuperr.log
2013-06-07 00:37 - 2013-06-18 11:18 - 00095621 ____A C:\Windows\setupapi.log
2013-06-04 12:01 - 2013-06-04 12:05 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\Optum Bank HSA
2013-05-31 15:25 - 2013-06-17 22:38 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-05-31 14:38 - 2013-05-31 14:41 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\2012 Practice Tracking and Goals
2013-05-31 11:31 - 2013-06-07 17:58 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\Amin
2013-05-28 11:47 - 2013-04-04 05:30 - 00263584 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-05-28 11:46 - 2013-05-28 11:46 - 00000000 ____D C:\Program Files\Common Files\Java
2013-05-28 11:45 - 2013-04-04 05:35 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-05-28 11:45 - 2013-04-04 05:30 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-05-28 11:45 - 2013-04-04 05:29 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-05-28 11:44 - 2013-05-28 11:45 - 00003874 ____A C:\Windows\System32\jupdate-1.7.0_21-b11.log
2013-05-28 11:20 - 2013-05-28 11:20 - 00002178 ____A C:\Documents and Settings\Ron\Desktop\NetX360.lnk
2013-05-23 16:26 - 2013-05-23 16:26 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\Lincoln Financial Group
2013-05-23 16:01 - 2013-05-23 16:02 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\Lincoln Benefit Life
2013-05-22 11:21 - 2013-05-22 11:21 - 04325376 ____A C:\Documents and Settings\All Users\Application Data\ReadOnlyInstaller.msi

==================== One Month Modified Files and Folders ========

2013-06-18 15:53 - 2010-12-30 00:15 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-18 15:52 - 2013-06-18 15:52 - 01366977 ____A (Farbar) C:\Documents and Settings\Ron\Desktop\FRST.exe
2013-06-18 15:52 - 2013-06-18 15:52 - 00000000 ____D C:\FRST
2013-06-18 15:51 - 2013-06-18 15:51 - 01366977 ____A (Farbar) C:\Documents and Settings\Ron\Desktop\FRST1.exe
2013-06-18 15:44 - 2012-04-12 08:28 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-18 15:33 - 2013-06-18 15:33 - 01366977 ____A (Farbar) C:\Documents and Settings\Ron\Desktop\Farbar Recovery Scan Tool.exe
2013-06-18 14:20 - 2010-12-30 00:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-06-18 14:13 - 2012-06-12 16:58 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\State College Area School DIstrict 403b
2013-06-18 13:11 - 2011-02-12 02:41 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\Skype
2013-06-18 12:14 - 2013-04-07 22:01 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\James and Karen Brandt
2013-06-18 11:56 - 2011-02-15 14:11 - 00000000 ____D C:\Documents and Settings\Ron\Local Settings\Application Data\Deployment
2013-06-18 11:40 - 2012-07-05 15:13 - 01318032 ____A C:\Windows\WindowsUpdate.log
2013-06-18 11:18 - 2013-06-07 00:37 - 00095621 ____A C:\Windows\setupapi.log
2013-06-18 11:17 - 2013-06-18 11:17 - 00001917 ____A C:\Documents and Settings\Ron\Desktop\Continue downloading Chainz 2 Relinked.lnk
2013-06-18 11:17 - 2013-06-18 11:17 - 00001891 ____A C:\Documents and Settings\Ron\Desktop\Continue downloading Lottso Deluxe.lnk
2013-06-18 11:16 - 2013-06-18 11:15 - 00000000 ____D C:\Windows\LastGood
2013-06-18 11:00 - 2013-06-18 10:59 - 00001885 ____A C:\Documents and Settings\Ron\Desktop\Play 7 Wonders II.lnk
2013-06-18 10:59 - 2013-06-18 10:58 - 00000000 ____D C:\Program Files\Free Ride Games
2013-06-18 10:58 - 2013-06-18 10:58 - 00001733 ____A C:\Documents and Settings\All Users\Desktop\Play Free Games.lnk
2013-06-18 10:58 - 2013-06-18 10:58 - 00001112 ____A C:\Documents and Settings\All Users\Desktop\More FREE games.lnk
2013-06-18 10:58 - 2013-06-18 10:58 - 00000064 ____A C:\Windows\GPlrLanc.dat
2013-06-18 10:58 - 2013-06-18 10:58 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Free Ride Games
2013-06-18 10:58 - 2010-11-24 13:19 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-06-18 10:54 - 2013-06-18 10:53 - 00000000 ____D C:\Program Files\MyPC Backup
2013-06-18 10:53 - 2013-06-18 10:53 - 00000762 ____A C:\Documents and Settings\Ron\Desktop\MyPC Backup.lnk
2013-06-18 10:52 - 2013-06-18 10:52 - 00033958 ____A C:\Documents and Settings\All Users\Application Data\uninstaller.exe
2013-06-18 10:52 - 2013-06-18 10:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WeCareReminder
2013-06-18 10:51 - 2010-11-24 07:30 - 00000000 ____D C:\Windows\Resources
2013-06-18 05:09 - 2013-06-18 01:46 - 00000000 ____D C:\Program Files\My Dell
2013-06-18 02:53 - 2010-12-30 00:15 - 00000876 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-18 01:53 - 2012-07-05 15:15 - 00032494 ____A C:\Windows\SchedLgU.Txt
2013-06-18 01:50 - 2013-06-18 01:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PCDr
2013-06-18 01:50 - 2013-06-18 01:40 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\PCDr
2013-06-18 01:50 - 2011-12-08 10:18 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\Dell
2013-06-18 01:49 - 2013-06-18 01:49 - 00000000 ____D C:\Program Files\Dell Support Center
2013-06-17 22:54 - 2011-12-08 11:18 - 00000000 ____D C:\Program Files\Speccy
2013-06-17 22:48 - 2013-02-14 21:45 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-06-17 22:47 - 2008-04-13 19:00 - 00002206 ____A C:\Windows\System32\wpa.dbl
2013-06-17 22:41 - 2010-11-24 07:41 - 00000159 ____A C:\Windows\wiadebug.log
2013-06-17 22:40 - 2010-11-24 07:41 - 00000049 ____A C:\Windows\wiaservc.log
2013-06-17 22:38 - 2013-05-31 15:25 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-06-17 22:38 - 2012-01-25 02:04 - 00000274 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-57989841-484763869-1417001333-1003.job
2013-06-17 22:37 - 2010-11-24 13:04 - 00000062 __ASH C:\Documents and Settings\Ron\Local Settings\desktop.ini
2013-06-17 22:37 - 2010-11-24 13:03 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-17 22:37 - 2010-11-24 13:03 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-17 22:36 - 2010-11-24 13:00 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-17 17:52 - 2010-11-24 13:04 - 00000278 ___SH C:\Documents and Settings\Ron\ntuser.ini
2013-06-17 17:50 - 2010-12-30 00:44 - 00000000 ____D C:\Program Files\AVG
2013-06-17 17:47 - 2013-06-17 17:47 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\AVG2013
2013-06-17 17:47 - 2013-06-17 15:31 - 00000000 ____D C:\Documents and Settings\Ron\Local Settings\Application Data\Avg2013
2013-06-17 17:03 - 2013-06-17 15:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2013
2013-06-17 16:50 - 2013-06-17 16:50 - 00000702 ____A C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
2013-06-17 16:48 - 2013-06-09 23:02 - 00000000 __SHD C:\Windows\CSC
2013-06-17 15:50 - 2013-02-20 20:08 - 00000000 ____D C:\Documents and Settings\All Users\Documents\Verizon_Android
2013-06-17 15:49 - 2013-02-20 20:08 - 00000000 ____D C:\Verizon_Android
2013-06-17 15:31 - 2013-06-17 15:31 - 00000000 ____D C:\Documents and Settings\Ron\Local Settings\Application Data\MFAData
2013-06-13 03:46 - 2012-10-05 15:06 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\HpUpdate
2013-06-13 03:22 - 2011-02-01 14:31 - 00000000 ____D C:\Program Files\HP
2013-06-13 03:21 - 2011-02-01 14:36 - 00000000 ____D C:\Program Files\Hewlett-Packard
2013-06-13 02:52 - 2013-06-13 02:52 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\New Folder (2)
2013-06-13 02:20 - 2013-06-13 01:30 - 00053974 ____A C:\Windows\hppins01.dat
2013-06-13 02:20 - 2011-02-01 14:30 - 00010924 ____A C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2013-06-13 02:15 - 2010-12-30 00:36 - 00090768 ____A C:\Documents and Settings\Ron\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-06-13 02:10 - 2010-11-24 07:38 - 00343424 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-13 02:02 - 2013-06-13 01:58 - 00000000 ___HD C:\Program Files\Zero G Registry
2013-06-13 01:50 - 2013-06-13 01:49 - 00001071 ____A C:\Windows\System32\msiexec.log
2013-06-13 01:44 - 2010-11-24 07:30 - 00000000 ____D C:\Windows\twain_32
2013-06-13 01:43 - 2013-06-13 01:43 - 00000142 ____A C:\Windows\System32\AddPort.ini
2013-06-13 01:42 - 2013-06-13 01:40 - 00000682 ____A C:\Windows\hpntwksetup.ini
2013-06-12 11:35 - 2011-02-01 14:29 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\HP
2013-06-12 03:23 - 2013-06-11 21:57 - 00014150 ____A C:\Windows\KB2839229.log
2013-06-12 03:23 - 2013-06-10 12:02 - 00013782 ____A C:\Windows\tsoc.log
2013-06-12 03:23 - 2013-06-10 12:02 - 00012856 ____A C:\Windows\msmqinst.log
2013-06-12 03:23 - 2013-06-10 12:02 - 00005990 ____A C:\Windows\ntdtcsetup.log
2013-06-12 03:23 - 2013-06-10 12:02 - 00004327 ____A C:\Windows\netfxocm.log
2013-06-12 03:23 - 2013-06-10 12:02 - 00002057 ____A C:\Windows\MedCtrOC.log
2013-06-12 03:23 - 2013-06-10 12:02 - 00001569 ____A C:\Windows\ocmsn.log
2013-06-12 03:23 - 2013-06-10 12:02 - 00001495 ____A C:\Windows\msgsocm.log
2013-06-12 03:23 - 2013-06-10 12:02 - 00001374 ____A C:\Windows\imsins.log
2013-06-12 03:23 - 2013-06-10 12:02 - 00000933 ____A C:\Windows\tabletoc.log
2013-06-12 03:23 - 2013-06-10 12:01 - 00064341 ____A C:\Windows\iis6.log
2013-06-12 03:23 - 2013-06-10 12:01 - 00023384 ____A C:\Windows\FaxSetup.log
2013-06-12 03:23 - 2013-06-10 12:01 - 00020290 ____A C:\Windows\ocgen.log
2013-06-12 03:23 - 2013-06-10 12:01 - 00008223 ____A C:\Windows\comsetup.log
2013-06-12 03:22 - 2013-06-12 03:22 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-06-12 03:10 - 2010-12-29 21:54 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 03:08 - 2013-06-12 03:03 - 00011136 ____A C:\Windows\KB2838727-IE8.log
2013-06-12 03:08 - 2013-06-10 12:02 - 00001374 ____A C:\Windows\imsins.BAK
2013-06-12 03:06 - 2013-06-12 03:05 - 00002731 ____A C:\Windows\updspapi.log
2013-06-12 03:05 - 2010-12-29 21:56 - 00000000 ____D C:\Windows\ie8updates
2013-06-10 18:50 - 2013-04-02 12:40 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\Verizon
2013-06-10 18:03 - 2013-06-10 18:03 - 00000000 ____D C:\Documents and Settings\Ron\Local Settings\Application Data\Western_Digital
2013-06-10 14:39 - 2010-11-24 12:54 - 00000000 ____D C:\Windows\Registration
2013-06-10 14:33 - 2013-06-10 14:33 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
2013-06-10 14:32 - 2013-06-10 14:32 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\Western Digital
2013-06-10 14:31 - 2013-06-10 14:31 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
2013-06-10 14:31 - 2013-06-10 14:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Western Digital
2013-06-10 14:28 - 2013-06-10 14:28 - 00000000 ____D C:\Program Files\Western Digital
2013-06-10 12:07 - 2010-11-24 07:39 - 00704522 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-10 11:39 - 2013-06-10 11:38 - 00003328 ____A C:\Windows\DPINST.LOG
2013-06-10 10:57 - 2010-11-24 07:30 - 00000000 ____D C:\Windows\Help
2013-06-10 00:11 - 2012-02-01 16:29 - 00003415 ____A C:\Windows\hpf6800m.his
2013-06-10 00:11 - 2012-02-01 16:29 - 00001651 ____A C:\Windows\hpf6800m.ini
2013-06-10 00:06 - 2012-02-01 16:29 - 00037819 ____A C:\Windows\hpdj6800.his
2013-06-10 00:06 - 2012-02-01 16:29 - 00004448 ____A C:\Windows\hpdj6800.ini
2013-06-09 23:19 - 2010-12-20 18:17 - 00000000 __SHD C:\Documents and Settings\Ron\UserData
2013-06-09 22:06 - 2013-06-09 22:06 - 00000000 ____D C:\Documents and Settings\All Users\Documents\CrashDump
2013-06-09 21:09 - 2013-06-07 13:24 - 00000120 ____A C:\Windows\setupact.log
2013-06-09 03:00 - 2012-03-02 23:30 - 00000286 ____A C:\Windows\Tasks\Laser App Enterprise Updates.job
2013-06-09 00:54 - 2011-02-01 14:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HP
2013-06-08 12:12 - 2013-06-08 12:12 - 00000000 ____D C:\Program Files\Common Files\SWF Studio
2013-06-08 12:12 - 2013-06-08 12:08 - 00000000 ____D C:\hp_CLJ_2820-2840_Full_Solution
2013-06-07 22:38 - 2013-06-07 22:38 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\TuneUp Software
2013-06-07 17:58 - 2013-05-31 11:31 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\Amin
2013-06-07 17:58 - 2012-02-28 16:39 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\Youssef
2013-06-07 17:54 - 2011-01-11 13:17 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\ING Financial Partners
2013-06-07 17:53 - 2011-09-26 00:27 - 00001813 ____A C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-06-07 15:17 - 2011-10-17 13:46 - 00000000 ____D C:\Documents and Settings\Ron\Local Settings\Application Data\Pershing
2013-06-07 13:31 - 2013-06-07 13:31 - 43946992 ____A C:\Documents and Settings\Ron\Desktop\lj2820-2840pnp-en.exe
2013-06-07 13:24 - 2013-06-07 13:24 - 00000000 ____A C:\Windows\setuperr.log
2013-06-07 07:28 - 2011-06-10 16:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\iolo
2013-06-07 00:37 - 2011-06-10 16:55 - 00001689 ____A C:\Documents and Settings\Ron\Desktop\System Mechanic.lnk
2013-06-06 12:03 - 2012-03-27 15:01 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\PrintCreations
2013-06-06 12:02 - 2008-04-13 19:00 - 00000873 ____A C:\Windows\win.ini
2013-06-05 19:43 - 2012-01-25 02:04 - 00000282 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-57989841-484763869-1417001333-1003.job
2013-06-05 19:32 - 2011-01-11 03:11 - 00080384 ____A C:\Documents and Settings\Ron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-05 15:50 - 2010-12-30 01:54 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-05 15:41 - 2012-01-11 21:42 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\Caroline
2013-06-05 15:16 - 2013-02-20 20:12 - 00000000 ____D C:\Program Files\SAMSUNG
2013-06-04 12:05 - 2013-06-04 12:01 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\Optum Bank HSA
2013-05-31 15:25 - 2011-12-07 03:06 - 00000000 ____D C:\Program Files\AVG Secure Search
2013-05-31 14:41 - 2013-05-31 14:38 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\2012 Practice Tracking and Goals
2013-05-30 14:51 - 2013-03-14 16:18 - 00000000 ____D C:\lexmark
2013-05-29 17:32 - 2011-10-21 14:24 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\VirtualDJ
2013-05-29 15:41 - 2013-03-12 18:57 - 03300640 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2013-05-29 11:28 - 2011-06-10 16:55 - 00041616 ____A (iolo technologies, LLC) C:\Windows\System32\iolobtdfg.exe
2013-05-29 11:28 - 2011-06-10 16:55 - 00023568 ____A (iolo technologies, LLC) C:\Windows\System32\smrgdf.exe
2013-05-29 11:12 - 2011-06-28 01:00 - 02097472 ____A (iolo technologies, LLC) C:\Windows\System32\Incinerator32.dll
2013-05-28 11:46 - 2013-05-28 11:46 - 00000000 ____D C:\Program Files\Common Files\Java
2013-05-28 11:45 - 2013-05-28 11:44 - 00003874 ____A C:\Windows\System32\jupdate-1.7.0_21-b11.log
2013-05-28 11:45 - 2011-01-04 22:45 - 00000000 ____D C:\Program Files\Java
2013-05-28 11:33 - 2011-01-11 13:32 - 00000000 ____D C:\Documents and Settings\Ron\Application Data\Pershing
2013-05-28 11:20 - 2013-05-28 11:20 - 00002178 ____A C:\Documents and Settings\Ron\Desktop\NetX360.lnk
2013-05-23 16:26 - 2013-05-23 16:26 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\Lincoln Financial Group
2013-05-23 16:02 - 2013-05-23 16:01 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\Lincoln Benefit Life
2013-05-23 11:24 - 2012-02-18 01:47 - 00000000 ____D C:\Documents and Settings\Ron\My Documents\SCASD
2013-05-22 11:21 - 2013-05-22 11:21 - 04325376 ____A C:\Documents and Settings\All Users\Application Data\ReadOnlyInstaller.msi
2013-05-20 15:48 - 2012-01-31 13:03 - 00000000 ____D C:\Windows\System32\cache
2013-05-20 15:47 - 2012-11-11 12:28 - 00037664 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys

Files to move or delete:
====================
C:\Documents and Settings\Ron\GoToAssistDownloadHelper.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:46 AM

Posted 18 June 2013 - 11:06 PM


Hello ronjovi001

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 ronjovi001

ronjovi001
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 19 June 2013 - 02:31 AM

Gringo... first, thanks for your prompt response... the step by step so far has been great... I am not technoplaegic, but I am no expert so every little bit helps... I have pasted the two reports below... I ran the computer as Administrator while in Safe Mode... Oh, incidentally, before you responded, I ran an updated MalwareBytes scan and an updated Hitman Pro scan and neither picked up on anything. It seems like both of these scans did pick up on it...

As far as how the machine is running, one time, I did not start in Safe Mode and it went to my user (not Admin)... pop ups were now coming from the MyPC Backup request... two windows opened... one said back up now in the middle of the screen, the other, was more of an ad in the lower right corner of the screen. Also, I noticed that Windows Explorer has been turned off and would not turn back on... I went to go and find the AdwCleaner[S1].txt file and noticed that nothing I did could turn Windows Explorer and Search on either in the startup menu or under the Programs Menu as Windows suggests to turn it on... the sound is crackling as well for the external speakers which was what I was trying to resolve by reloading a SigmaTel driver from the Web when this @#$% infected my machine...


Here are the logs as you requested... it is 3:28 am so I am going to get some shuteye while you review things. Thanks again. Will stand by for next steps with some sleep and lower blood pressure... Ron


# AdwCleaner v2.303 - Logfile created 06/19/2013 at 02:07:43
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - RON-AD46BD8A80F
# Boot Mode : Safe mode
# Running from : C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Application Updater

***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\All Users\Desktop\More FREE games.lnk
File Deleted : C:\Documents and Settings\All Users\Desktop\Play Free Games.lnk
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Free Ride Games
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Speedbit
Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder
Folder Deleted : C:\Documents and Settings\Ron\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Ron\Application Data\dvdvideosoftiehelpers
Folder Deleted : C:\Documents and Settings\Ron\Application Data\Search Settings
Folder Deleted : C:\Documents and Settings\Ron\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Ron\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Ron\Start Menu\Programs\Free Ride Games
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Program Files\Free Ride Games

***** [Registry] *****

Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44d07caa-4fc4-5a84-9951-a485ad808d0e}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3157AA407841454BB0C9BE8D1982BC9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\SpeedBit
Key Deleted : HKU\S-1-5-21-57989841-484763869-1417001333-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKU\S-1-5-21-57989841-484763869-1417001333-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={4632B2A8-1A1F-4800-A98D-E3FC36ED429B}&mid=eac9318e05d247d6b1a5d151cd2b95ad-7afc43abcdb4584a2c95d57e113be29ec32152f2&lang=en&ds=AVG&pr=pr&d=2011-12-19 19:03:10&pid=avg&sg=&v=15.2.0.5&sap=nt --> hxxp://www.google.com

*************************

AdwCleaner[S1].txt - [8631 octets] - [19/06/2013 02:07:43]

########## EOF - C:\AdwCleaner[S1].txt - [8691 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Ron on Wed 06/19/2013 at 2:29:17.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\search settings
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\ytd toolbar"



~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 06/19/2013 at 2:35:34.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#5 ronjovi001

ronjovi001
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 19 June 2013 - 02:37 AM

Gringo... btw- the machine is taking forever to boot it seems as another observation... looks like a lot of HD activity so may be cleaning stuff out still... am waiting to see if pop ups return after this boot as User Ron... then off to snooze... glutton for punishment. R

#6 ronjovi001

ronjovi001
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 19 June 2013 - 02:53 AM

ugh... pop ups still occurring right away... all programs remain in Start Up menu... Shortcut icons still showing on desktop for My PC Backup and Play 7 Wonders II perhaps others... Once All programs menu is activated, Dell program is highlighted and menu hangs for a long time... pop up never goes away...

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:46 AM

Posted 19 June 2013 - 03:32 AM


Hello ronjovi001

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 ronjovi001

ronjovi001
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 19 June 2013 - 01:25 PM

Hi Gringo...so here is the update... I ran Combofix as you directed... it looked like it was working hard and cleaned out a bunch of things... so far, it looks like functionality is somewhat restored.

 

However, the pop ups keep coming for the back up program... one is shortly after boot up and the other comes up as a reminder by the system tray in the lower left corner.

 

The shorcuts on the desktop remain for the unwanted programs... i

 

In the all programs list after start, the programs are still listed, but before the Dell program always remained highlighted, now it is not...

 

it looks like Windows Search is still not operational even when I go into All Programs and Click on it like it says to do to reactivate it...

 

Sound still is crackling though less when windows boots. I have not tried it with any program like YouTube or anything.

 

 

Here is the Combofix log:

 

ComboFix 13-06-18.02 - Ron 06/19/2013  13:01:34.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2038.1301 [GMT -4:00]
Running from: c:\documents and settings\Ron\Desktop\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: AVG Internet Security 2013 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe
c:\documents and settings\All Users\Application Data\uninstaller.exe
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\Ron\GoToAssistDownloadHelper.exe
c:\documents and settings\Ron\WINDOWS
C:\install.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\0d497b9e2633c885.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\30abfd6ecc7865ad.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\57ea0514fb6475d7.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\7ec839e9574a0331.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\9a8440acc0fc9a50.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\ca3e4c707b77a702.fb
c:\windows\system32\Cache\ccbc7c86fb7cb128.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2c8a690002abc5f.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f2e28f1f156a0452.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PCCMSERVICE
-------\Service_pcCMService
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-19 to 2013-06-19  )))))))))))))))))))))))))))))))
.
.
2013-06-19 06:27 . 2013-06-19 06:27 -------- d-----w- c:\windows\ERUNT
2013-06-19 06:25 . 2013-06-19 07:00 -------- d-----w- C:\JRT and AdwCleaner Logs
2013-06-19 02:34 . 2013-06-19 02:35 -------- d-----w- c:\documents and settings\Administrator
2013-06-19 02:33 . 2013-06-19 02:33 -------- d-----w- c:\documents and settings\NetworkService\Application Data\iolo
2013-06-18 19:52 . 2013-06-18 19:52 -------- d-----w- C:\FRST
2013-06-18 15:16 . 2007-05-10 14:22 405504 ----a-w- c:\windows\stsystra.exe
2013-06-18 14:58 . 2013-06-18 15:16 -------- d-----w- C:\Remote Programs
2013-06-18 14:58 . 2012-07-17 21:59 1132448 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-06-18 14:58 . 2013-03-14 23:22 58264 ------w- c:\windows\ExentInfo.exe
2013-06-18 14:53 . 2013-06-18 14:54 -------- d-----w- c:\program files\MyPC Backup
2013-06-18 05:49 . 2013-06-18 05:50 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2013-06-18 05:49 . 2013-06-18 05:49 -------- d-----w- c:\program files\Dell Support Center
2013-06-18 05:46 . 2013-06-18 09:09 -------- d-----w- c:\program files\My Dell
2013-06-18 05:40 . 2013-06-18 05:50 -------- d-----w- c:\documents and settings\Ron\Application Data\PCDr
2013-06-17 21:47 . 2013-06-17 21:47 -------- d-----w- c:\documents and settings\Ron\Application Data\AVG2013
2013-06-17 21:00 . 2013-06-17 21:00 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVG2013
2013-06-17 20:29 . 2013-06-12 04:18 7068072 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12F9A0D9-4E28-4510-BD4D-BE34944C552A}\mpengine.dll
2013-06-17 19:57 . 2013-06-17 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013
2013-06-17 19:31 . 2013-06-19 16:31 -------- d-----w- c:\documents and settings\Ron\Local Settings\Application Data\Avg2013
2013-06-17 19:31 . 2013-06-17 19:31 -------- d-----w- c:\documents and settings\Ron\Local Settings\Application Data\MFAData
2013-06-13 06:01 . 2005-02-03 17:31 32768 ----a-w- c:\windows\system32\compJNI.dll
2013-06-13 06:01 . 2003-06-20 17:21 36864 ----a-w- c:\windows\system32\hpbmmjno.dll
2013-06-13 06:01 . 2003-06-16 21:52 74752 ----a-w- c:\windows\system32\jst.dll
2013-06-13 06:01 . 2004-05-10 20:11 40960 ----a-w- c:\windows\system32\d4channel.dll
2013-06-13 05:58 . 2013-06-13 06:02 -------- d--h--w- c:\program files\Zero G Registry
2013-06-13 05:48 . 2004-12-24 15:05 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2013-06-13 05:43 . 2001-08-17 17:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2013-06-13 05:06 . 2004-05-13 16:40 51712 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPP034.DLL
2013-06-13 05:06 . 2005-01-21 17:41 208896 ----a-w- c:\windows\system32\HPP2800V.DLL
2013-06-13 05:06 . 2004-12-24 15:12 32768 ----a-w- c:\windows\system32\hppamon0.dll
2013-06-13 05:06 . 2004-12-24 15:12 36864 ----a-w- c:\windows\system32\hppasnm0.dll
2013-06-13 05:06 . 2004-12-24 15:12 45056 ----a-w- c:\windows\system32\hppapts0.dll
2013-06-13 05:06 . 2004-12-24 15:12 36864 ----a-w- c:\windows\system32\hppadt40.dll
2013-06-13 04:44 . 2013-05-13 03:19 7016152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-10 22:03 . 2013-06-10 22:03 -------- d-----w- c:\documents and settings\Ron\Local Settings\Application Data\Western_Digital
2013-06-10 18:33 . 2013-06-10 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\WD_SmartWareCommon
2013-06-10 18:32 . 2013-06-10 18:32 -------- d-----w- c:\documents and settings\Ron\Application Data\Western Digital
2013-06-10 18:31 . 2013-06-18 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital
2013-06-10 18:31 . 2013-06-10 18:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ServiceTest
2013-06-10 18:31 . 2009-02-13 16:02 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2013-06-10 18:28 . 2013-06-10 18:28 -------- d-----w- c:\program files\Western Digital
2013-06-08 16:12 . 2013-06-08 16:12 -------- d-----w- c:\program files\Common Files\SWF Studio
2013-06-08 16:08 . 2013-06-08 16:12 -------- d-----w- C:\hp_CLJ_2820-2840_Full_Solution
2013-06-08 02:38 . 2013-06-08 02:38 -------- d-----w- c:\documents and settings\Ron\Application Data\TuneUp Software
2013-05-28 15:46 . 2013-05-28 15:46 -------- d-----w- c:\program files\Common Files\Java
2013-05-22 15:21 . 2013-05-22 15:21 4325376 ----a-w- c:\documents and settings\All Users\Application Data\ReadOnlyInstaller.msi
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-29 15:28 . 2011-06-10 20:55 41616 ----a-w- c:\windows\system32\iolobtdfg.exe
2013-05-29 15:28 . 2011-06-10 20:55 23568 ----a-w- c:\windows\system32\smrgdf.exe
2013-05-29 15:12 . 2011-06-28 05:00 2097472 ----a-w- c:\windows\system32\Incinerator32.dll
2013-05-20 19:47 . 2012-11-11 16:28 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-05-15 19:30 . 2012-04-12 12:28 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 19:29 . 2011-06-28 05:06 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-07 22:30 . 2008-04-13 23:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30 . 2008-04-13 23:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30 . 2008-04-13 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2008-04-13 23:00 385024 ------w- c:\windows\system32\html.iec
2013-05-03 01:30 . 2008-04-13 23:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2008-04-14 00:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 15:28 . 2012-07-06 12:31 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-10 01:31 . 2008-04-13 23:00 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 18:50 . 2010-12-30 04:35 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-04 09:35 . 2013-05-28 15:45 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-04 09:22 . 2011-01-05 02:45 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-29 06:53 . 2011-12-23 17:32 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2011-03-30 15:40 . 2011-03-30 15:40 517976 ----a-w- c:\program files\DXSETUP.exe
2011-03-30 15:40 . 2011-03-30 15:40 95576 ----a-w- c:\program files\DSETUP.dll
2011-03-30 15:40 . 2011-03-30 15:40 1566040 ----a-w- c:\program files\dsetup32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Ron\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Ron\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Ron\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Ron\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-30 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"Nuance PDF Converter Professional 7-reminder"="c:\program files\Nuance\PDF Professional 7\Ereg\Ereg.exe" [2011-09-06 333672]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]
.
c:\documents and settings\Ron\Start Menu\Programs\Startup\
MyPC Backup.lnk - c:\program files\MyPC Backup\MyPC Backup.exe [2013-5-31 1934376]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-8-17 2043904]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe View=show_in_tray
.
 
View=show_in_tray [2009-8-17 8919040]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-10 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
-scheduler [X]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Documents and Settings\\Ron\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Common Files\\Motive\\pcServiceHost.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"24726:TCP"= 24726:TCP:FlipShareServer
"24727:TCP"= 24727:TCP:FlipShareServer
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/8/2013 4:37 AM 245048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 5:12 AM 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 2:19 PM 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [11/11/2012 12:28 PM 37664]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [5/4/2011 1:54 PM 116608]
R2 Agent;VPDAgent;c:\windows\VPDAgent.exe [3/11/2013 11:33 PM 192512]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2013\avgfws.exe [4/10/2013 11:07 AM 1428472]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [5/14/2013 12:54 AM 4937264]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [4/18/2013 4:34 AM 283136]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [6/10/2011 4:55 PM 1072664]
R2 M4-Service;M4-Service;c:\documents and settings\Ron\Local Settings\Application Data\Mikogo4\Viewer\Service\M4-Service.exe [1/15/2013 8:29 PM 1008032]
R2 Neat Startup Service;Neat Startup Service;c:\program files\Neat\exec\NeatStartupService.exe [2/23/2013 1:12 AM 5632]
R2 NeatReceipts Database Controller;NeatReceipts Database Controller;c:\program files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe [2/5/2008 2:03 PM 228480]
R2 pcServiceHost;pcServiceHost;c:\program files\Common Files\Motive\pcServiceHost.exe [7/6/2012 9:29 AM 342016]
R2 PDFsFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [8/16/2012 9:36 AM 68464]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [8/17/2009 10:52 AM 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 9:58 AM 20480]
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [3/27/2012 2:56 PM 36224]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 5:33 AM 30944]
S0 cerc6;cerc6; [x]
S2 BackupStack;Computer Backup (MyPC Backup);c:\program files\MyPC Backup\BackupStack.exe [5/31/2013 7:19 AM 32808]
S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 X4HSEx_Pr143;X4HSEx_Pr143;\??\c:\program files\Free Ride Games\X4HSEx_Pr143.Sys --> c:\program files\Free Ride Games\X4HSEx_Pr143.Sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2/4/2011 6:06 AM 167264]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 5:33 AM 30944]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [6/13/2011 7:20 PM 45472]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2/20/2013 8:12 PM 83168]
S3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [2/2/2005 5:29 PM 9344]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [12/10/2010 7:29 PM 29293408]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2/20/2013 8:12 PM 181344]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [6/10/2013 2:31 PM 11520]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys --> c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [?]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [3/27/2012 2:56 PM 134912]
S4 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [12/15/2010 1:22 PM 1085440]
S4 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [7/5/2012 2:42 PM 106280]
S4 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 7\PDFProFiltSrv.exe [9/9/2011 2:13 AM 135016]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 1:55 PM 161536]
S4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ArcRec
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-07 21:53 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 19:30]
.
2013-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-30 04:15]
.
2013-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-30 04:15]
.
2013-06-09 c:\windows\Tasks\Laser App Enterprise Updates.job
- c:\windows\Installer\Laser App Enterprise Updates for All Users.lnk [2012-03-03 03:23]
.
2013-06-19 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 16:11]
.
2013-06-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-57989841-484763869-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 22:21]
.
2013-06-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-57989841-484763869-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 22:21]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www2.ing-usa.com/portal/public/login
uInternet Settings,ProxyOverride = <local>
IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Ron\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-OpAgent - OpAgent.exe
HKCU-Run-Exetender - c:\program files\Free Ride Games\GPlayer.exe
HKU-Default-Run-Exetender - c:\program files\Free Ride Games\GPlayer.exe
HKLM_ActiveSetup-Neat ADF Scanner 2008 - reg copy HKLM\Software\The Neat Company\Neat ADF Scanner 2008 HKCU\Software\The Neat Company\Neat ADF Scanner 2008
HKLM_ActiveSetup-Send To Neat - reg copy HKLM\Software\The Neat Company\Send To Neat HKCU\Software\The Neat Company\Send To Neat
AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-19 13:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1324)
c:\windows\System32\BCMLogon.dll
c:\windows\System32\MSVCP71.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(804)
c:\windows\system32\WININET.dll
c:\documents and settings\Ron\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\netdde.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\documents and settings\Ron\Local Settings\Application Data\Mikogo4\Viewer\Service\M4-Capture.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
c:\progra~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
c:\program files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
.
**************************************************************************
.
Completion time: 2013-06-19  14:05:11 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-19 18:04
.
Pre-Run: 1,168,269,312 bytes free
Post-Run: 1,949,769,728 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 29AA83E78250EF067E5D1F5810FA42ED
8F558EB6672622401DA993E1E865C861
 

Let me know if any of this makes sense... I think we are getting close... Thanks again, Ron



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:46 AM

Posted 21 June 2013 - 10:52 PM


Hello Ron

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 ronjovi001

ronjovi001
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 22 June 2013 - 09:29 AM

00:24:14.0265 2360  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
00:24:14.0890 2360  ============================================================
00:24:14.0890 2360  Current date / time: 2013/06/22 00:24:14.0890
00:24:14.0890 2360  SystemInfo:
00:24:14.0890 2360 
00:24:14.0890 2360  OS Version: 5.1.2600 ServicePack: 3.0
00:24:14.0890 2360  Product type: Workstation
00:24:14.0890 2360  ComputerName: RON-AD46BD8A80F
00:24:14.0890 2360  UserName: Ron
00:24:14.0890 2360  Windows directory: C:\WINDOWS
00:24:14.0890 2360  System windows directory: C:\WINDOWS
00:24:14.0890 2360  Processor architecture: Intel x86
00:24:14.0890 2360  Number of processors: 2
00:24:14.0890 2360  Page size: 0x1000
00:24:14.0890 2360  Boot type: Normal boot
00:24:14.0890 2360  ============================================================
00:24:23.0437 2360  BG loaded
00:24:47.0625 2360  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:24:56.0453 2360  ============================================================
00:24:56.0453 2360  \Device\Harddisk0\DR0:
00:24:56.0468 2360  MBR partitions:
00:24:56.0468 2360  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
00:24:56.0468 2360  ============================================================
00:24:56.0937 2360  C: <-> \Device\Harddisk0\DR0\Partition1
00:24:56.0937 2360  ============================================================
00:24:56.0937 2360  Initialize success
00:24:56.0937 2360  ============================================================
00:25:48.0484 3580  ============================================================
00:25:48.0484 3580  Scan started
00:25:48.0484 3580  Mode: Manual; SigCheck; TDLFS;
00:25:48.0484 3580  ============================================================
00:26:11.0031 3580  ================ Scan system memory ========================
00:26:11.0031 3580  System memory - ok
00:26:11.0031 3580  ================ Scan services =============================
00:30:49.0109 3580  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
00:31:14.0781 3580  !SASCORE ( UnsignedFile.Multi.Generic ) - warning
00:31:14.0781 3580  !SASCORE - detected UnsignedFile.Multi.Generic (1)
00:32:40.0062 3580  Abiosdsk - ok
00:32:40.0078 3580  abp480n5 - ok
00:32:40.0953 3580  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
00:34:25.0328 3580  ACDaemon - ok
00:34:50.0750 3580  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:35:05.0453 3580  ACPI - ok
00:35:06.0078 3580  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
00:35:07.0187 3580  ACPIEC - ok
00:35:11.0203 3580  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:35:12.0531 3580  AdobeFlashPlayerUpdateSvc - ok
00:35:12.0531 3580  adpu160m - ok
00:36:05.0937 3580  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
00:36:07.0390 3580  aec - ok
00:36:31.0281 3580  [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc             C:\WINDOWS\system32\drivers\Afc.sys
00:36:32.0359 3580  Afc - ok
00:37:01.0546 3580  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
00:37:03.0109 3580  AFD - ok
00:37:20.0265 3580  [ 65C0CF9924B9017A581C396CFFFBBC9D ] Agent           C:\WINDOWS\VPDAgent.exe
00:37:40.0078 3580  Agent ( UnsignedFile.Multi.Generic ) - warning
00:37:40.0078 3580  Agent - detected UnsignedFile.Multi.Generic (1)
00:37:40.0078 3580  Aha154x - ok
00:37:40.0078 3580  aic78u2 - ok



#11 ronjovi001

ronjovi001
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 22 June 2013 - 09:33 AM

 

00:37:40.0093 3580  aic78xx - ok
00:37:41.0671 3580  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
00:37:43.0578 3580  Alerter - ok
00:37:43.0937 3580  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
00:37:44.0265 3580  ALG - ok
00:37:44.0375 3580  AliIde - ok
00:37:44.0390 3580  amsint - ok
00:37:44.0984 3580  [ EC94E05B76D033B74394E7B2175103CF ] APPDRV          C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
00:37:49.0156 3580  APPDRV ( UnsignedFile.Multi.Generic ) - warning
00:37:49.0156 3580  APPDRV - detected UnsignedFile.Multi.Generic (1)
00:37:51.0640 3580  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
00:37:52.0843 3580  AppMgmt - ok
00:37:53.0250 3580  [ A82F1A1B09593C73EFD02A59DC94920C ] ArcCD           C:\WINDOWS\system32\drivers\ArcCD.sys
00:37:53.0390 3580  ArcCD ( UnsignedFile.Multi.Generic ) - warning
00:37:53.0390 3580  ArcCD - detected UnsignedFile.Multi.Generic (1)
00:37:54.0078 3580  [ 1AF9061B61741A912368AB4DC309D25E ] ArcRec          C:\WINDOWS\system32\drivers\ArcRec.sys
00:37:54.0421 3580  ArcRec ( UnsignedFile.Multi.Generic ) - warning
00:37:54.0421 3580  ArcRec - detected UnsignedFile.Multi.Generic (1)
00:37:54.0750 3580  [ 3EE9E41102A2C6B8F7DBAD5D44ABDA05 ] ArcUdfs         C:\WINDOWS\system32\drivers\ArcUdfs.sys
00:37:55.0531 3580  ArcUdfs ( UnsignedFile.Multi.Generic ) - warning
00:37:55.0531 3580  ArcUdfs - detected UnsignedFile.Multi.Generic (1)
00:37:55.0562 3580  asc - ok
00:37:55.0562 3580  asc3350p - ok
00:37:55.0562 3580  asc3550 - ok
00:38:24.0265 3580  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
00:38:24.0750 3580  aspnet_state - ok
00:38:24.0843 3580  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:38:25.0109 3580  AsyncMac - ok
00:38:25.0265 3580  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
00:38:25.0421 3580  atapi - ok
00:38:25.0421 3580  Atdisk - ok
00:38:25.0687 3580  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:38:26.0046 3580  Atmarpc - ok
00:38:26.0390 3580  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
00:38:26.0781 3580  AudioSrv - ok
00:38:28.0468 3580  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
00:38:31.0828 3580  audstub - ok
00:38:37.0812 3580  [ D45B7995761253A92AB071D576114F28 ] AVG Security Toolbar Service C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
00:38:38.0953 3580  AVG Security Toolbar Service - ok
00:38:39.0640 3580  [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwdx         C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
00:38:39.0687 3580  Avgfwdx - ok
00:38:39.0750 3580  [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwfd         C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
00:38:39.0859 3580  Avgfwfd - ok
00:38:45.0234 3580  [ 6D3A517FE33AD047578BF73BB447EEAD ] avgfws          C:\Program Files\AVG\AVG2013\avgfws.exe
00:38:47.0093 3580  avgfws - ok
00:40:10.0265 3580  [ 50185186719134FA8F307D269106A51C ] AVGIDSAgent     C:\Program Files\AVG\AVG2013\avgidsagent.exe
00:40:14.0343 3580  AVGIDSAgent - ok
00:40:14.0562 3580  [ 4750A2A188D39034F5DDDDAE1BF38BF8 ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
00:40:14.0703 3580  AVGIDSDriver - ok
00:40:15.0078 3580  [ B0DEF92F4E1E6B9242E6C8FAB82703F7 ] AVGIDSHX        C:\WINDOWS\system32\DRIVERS\avgidshx.sys
00:40:15.0140 3580  AVGIDSHX - ok
00:40:15.0328 3580  [ A426B2DC795531D99E2EE1952AEC051A ] AVGIDSShim      C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
00:40:15.0375 3580  AVGIDSShim - ok
00:40:16.0046 3580  [ 08FA13787D77A75DC413E27FD92B44E8 ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
00:40:16.0171 3580  Avgldx86 - ok
00:40:16.0390 3580  [ 3E587EE55C70E6DB78A98D7121D3052E ] Avglogx         C:\WINDOWS\system32\DRIVERS\avglogx.sys
00:40:16.0578 3580  Avglogx - ok
00:40:16.0671 3580  [ 5AC56B2CF8EE751796C5A8FC5C631B66 ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
00:40:16.0953 3580  Avgmfx86 - ok
00:40:17.0046 3580  [ C29E6070396E437FDE184D739CCBA2C7 ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
00:40:17.0125 3580  Avgrkx86 - ok
00:40:17.0250 3580  [ 14370FB29526F593C04FA48B5D69F7F0 ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
00:40:17.0312 3580  Avgtdix - ok
00:40:17.0390 3580  [ 02A43ADBA362B89B7D5715221D5F3010 ] avgtp           C:\WINDOWS\system32\drivers\avgtpx86.sys
00:40:17.0437 3580  avgtp - ok

 

 



00:40:18.0640 3580  [ 3A0977CB68AF13E2579E47EB8984056B ] avgwd           C:\Program Files\AVG\AVG2013\avgwdsvc.exe
00:40:18.0734 3580  avgwd - ok
00:40:21.0203 3580  [ C0ACD392ECE55784884CC208AAFA06CE ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
00:40:21.0609 3580  b57w2k - ok
00:40:21.0734 3580  [ CE5A6AB907758186A5B5536B7ED78323 ] BackupStack     C:\Program Files\MyPC Backup\BackupStack.exe
00:40:21.0968 3580  BackupStack - ok
00:40:22.0250 3580  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
00:40:22.0937 3580  Beep - ok
00:40:23.0875 3580  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
00:40:24.0765 3580  BITS - ok
00:40:24.0953 3580  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
00:40:25.0390 3580  Browser - ok
00:40:25.0484 3580  catchme - ok
00:40:25.0796 3580  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
00:40:26.0437 3580  cbidf2k - ok
00:40:26.0562 3580  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:40:27.0703 3580  CCDECODE - ok
00:40:27.0703 3580  cd20xrnt - ok
00:40:27.0937 3580  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
00:40:28.0484 3580  Cdaudio - ok
00:40:28.0937 3580  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
00:40:29.0218 3580  Cdfs - ok
00:40:29.0937 3580  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:40:30.0437 3580  Cdrom - ok
00:40:30.0453 3580  cerc6 - ok
00:40:30.0453 3580  Changer - ok
00:40:30.0953 3580  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
00:40:34.0000 3580  CiSvc - ok
00:40:34.0515 3580  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
00:40:34.0953 3580  ClipSrv - ok
00:40:40.0218 3580  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:40:43.0062 3580  clr_optimization_v2.0.50727_32 - ok
00:40:43.0671 3580  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:40:45.0515 3580  clr_optimization_v4.0.30319_32 - ok
00:40:45.0718 3580  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
00:40:46.0609 3580  CmBatt - ok
00:40:46.0609 3580  CmdIde - ok
00:40:47.0046 3580  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
00:40:48.0171 3580  Compbatt - ok
00:40:48.0171 3580  COMSysApp - ok
00:40:48.0187 3580  Cpqarray - ok
00:40:48.0734 3580  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
00:40:49.0140 3580  CryptSvc - ok
00:40:49.0203 3580  dac2w2k - ok
00:40:49.0250 3580  dac960nt - ok
00:40:49.0984 3580  [ 13F87920B684B23D1FA803E1BB017507 ] dc3d            C:\WINDOWS\system32\DRIVERS\dc3d.sys
00:40:50.0265 3580  dc3d - ok
00:40:50.0781 3580  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
00:40:51.0218 3580  DcomLaunch - ok
00:40:51.0578 3580  [ 7BEF2E2159EDB03105BC7A8BABE04726 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
00:40:51.0765 3580  dg_ssudbus - ok
00:40:52.0031 3580  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
00:40:52.0281 3580  Dhcp - ok
00:40:52.0765 3580  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
00:40:53.0296 3580  Disk - ok
00:40:53.0296 3580  dmadmin - ok
00:40:55.0015 3580  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
00:40:57.0125 3580  dmboot - ok
00:40:58.0828 3580  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
00:40:59.0281 3580  dmio - ok
00:41:00.0187 3580  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
00:41:00.0421 3580  dmload - ok
00:41:00.0484 3580  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
00:41:00.0968 3580  dmserver - ok
00:41:01.0140 3580  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
00:41:01.0359 3580  DMusic - ok
00:41:01.0609 3580  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
00:41:02.0171 3580  Dnscache - ok
00:41:02.0609 3580  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
00:41:03.0062 3580  Dot3svc - ok
00:41:03.0078 3580  dpti2o - ok
00:41:03.0265 3580  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
00:41:03.0531 3580  drmkaud - ok
00:41:03.0781 3580  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
00:41:04.0031 3580  EapHost - ok
00:41:04.0203 3580  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
00:41:04.0437 3580  ERSvc - ok
00:41:04.0656 3580  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
00:41:04.0890 3580  Eventlog - ok
00:41:05.0328 3580  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
00:41:05.0937 3580  EventSystem - ok
00:41:08.0703 3580  [ C37B83B51CDF10E5BB6F78A7E4FED11A ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
00:41:09.0421 3580  EvtEng - ok
00:41:09.0859 3580  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
00:41:10.0421 3580  Fastfat - ok
00:41:12.0265 3580  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
00:41:13.0296 3580  FastUserSwitchingCompatibility - ok
00:41:13.0859 3580  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
00:41:14.0656 3580  Fdc - ok
00:41:15.0156 3580  [ 5C329E2AB8DD62310213CBFAC0178539 ] FilterService   C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
00:41:15.0312 3580  FilterService - ok
00:41:15.0421 3580  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
00:41:15.0734 3580  Fips - ok
00:41:17.0781 3580  [ 869BDE240B7FE9C7B25BD80DF85641C8 ] FlipShare Service C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
00:41:19.0078 3580  FlipShare Service - ok
00:41:21.0000 3580  [ 9C330B7DDEE9492373041E75DA01F80C ] FlipShareServer C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
00:41:23.0875 3580  FlipShareServer ( UnsignedFile.Multi.Generic ) - warning
00:41:23.0875 3580  FlipShareServer - detected UnsignedFile.Multi.Generic (1)
00:41:24.0671 3580  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
00:41:25.0281 3580  Flpydisk - ok
00:41:25.0546 3580  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
 



#12 ronjovi001

ronjovi001
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 22 June 2013 - 12:56 PM

RogueKiller V8.6.1 [Jun 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Ron [Admin rights]
Mode : Remove -- Date : 06/22/2013 13:53:23
| ARK || FAK || MBR |

¤¤¤ Bad processes : 3 ¤¤¤
[SUSP PATH] VPDAgent.exe -- C:\WINDOWS\VPDAgent.exe [-] -> KILLED [TermProc]
[SUSP PATH] M4-Service.exe -- C:\Documents and Settings\Ron\Local Settings\Application Data\Mikogo4\Viewer\Service\M4-Service.exe [7] -> KILLED [TermProc]
[SUSP PATH] M4-Capture.exe -- C:\Documents and Settings\Ron\Local Settings\Application Data\Mikogo4\Viewer\Service\M4-Capture.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST980825AS +++++
--- User ---
[MBR] 2c22c81246858c1a82606fab16eceda1
[BSP] 2233152371074842d5f92bb0bbc67eab : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_06222013_135323.txt >>
RKreport[0]_S_06222013_135300.txt



#13 ronjovi001

ronjovi001
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 22 June 2013 - 12:58 PM

Gringo.... I started to copy and paste TDKKiller log, but it is too long... I don't see how to attach a file here... can you tell me how to do that? I will send it promptly... Thanks. Ron



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:46 AM

Posted 22 June 2013 - 07:12 PM

just send me the part after


==================
Scan finished
==================


and how are things running?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 ronjovi001

ronjovi001
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 23 June 2013 - 07:41 PM

Gringo... here is everything after the Scan Finished.

00:54:38.0765 0732  Detected object count: 21
00:54:38.0765 0732  Actual detected object count: 21
00:55:14.0265 0732  !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
00:55:14.0265 0732  !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:55:14.0265 0732  Agent ( UnsignedFile.Multi.Generic ) - skipped by user
00:55:14.0265 0732  Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:55:14.0265 0732  APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user
00:55:14.0265 0732  APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:55:14.0265 0732  ArcCD ( UnsignedFile.Multi.Generic ) - skipped by user
00:55:14.0265 0732  ArcCD ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:55:14.0265 0732  ArcRec ( UnsignedFile.Multi.Generic ) - skipped by user
00:55:14.0265 0732  ArcRec ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:55:14.0265 0732  ArcUdfs ( UnsignedFile.Multi.Generic ) - skipped by user
00:55:14.0265 0732  ArcUdfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:55:14.0265 0732  FlipShareServer ( UnsignedFile.Multi.Generic ) - skipped by user
00:55:14.0265 0732  FlipShareServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:55:14.0281 0732  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
00:55:14.0281 0732  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:55:14.0281 0732  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
00:55:14.0281 0732  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:55:14.0281 0732  MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
00:55:14.0281 0732  MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:55:14.0281 0732  MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
00:55:14.0281 0732  MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:55:14.0281 0732  Neat Startup Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:55:14.0281 0732  Neat Startup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:55:14.0281 0732  NeatReceipts Database Controller ( UnsignedFile.Multi.Generic ) - skipped by user
00:55:14.0281 0732  NeatReceipts Database Controller ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:55:14.0281 0732  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:55:14.0281 0732  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:55:14.0312 0732  NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - skipped by user
00:55:14.0328 0732  NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:55:14.0328 0732  pcServiceHost ( UnsignedFile.Multi.Generic ) - skipped by user
00:55:14.0328 0732  pcServiceHost ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:55:14.0328 0732  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:55:14.0328 0732  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:55:14.0328 0732  S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
00:55:14.0328 0732  S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:55:14.0328 0732  WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
00:55:14.0328 0732  WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:55:14.0328 0732  WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - skipped by user
00:55:14.0328 0732  WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:55:14.0328 0732  WLANKEEPER ( UnsignedFile.Multi.Generic ) - skipped by user
00:55:14.0328 0732  WLANKEEPER ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:55:40.0265 2276  Deinitialize success
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users