Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

desktop, task bar, start menu shortcuts broken


  • This topic is locked This topic is locked
16 replies to this topic

#1 WOMB

WOMB

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 27 June 2013 - 05:44 PM

All the shortcuts on my desktop no longer open their programs, it is the same with the start menu and the taskbar. It is just the programs, not any text files, folders.
 
When I go into 'program files' and directly activate the program they work, although I have not tested all of them. 
 
Recreating the shortcut doesn't work either
 
I have since run malwarebytes anti rootkit / fixdamage.exe which found 1 threat
as well as Avast Full system scan, that also did a restart-scan before windows and found multiple corrupted files.
 
I am running windows vista
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19437  BrowserJavaVersion: 10.21.2
Run by Colin at 18:24:14 on 2013-06-27
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.1.1033.18.3326.1926 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://websearch.just-browse.info/
mStart Page = hxxp://websearch.just-browse.info/
uProxyOverride = <local>;*.local
uURLSearchHooks: {656461ef-40f6-4115-9ff1-bced9812ccbb} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [HLBackupScheduler] c:\program files\verizon v cast media manager\V CAST Backup Scheduler.exe
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe"  /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [Google Update] "c:\users\colin\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [AdobeBridge] <no file>
mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe
mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"
mRun: [MAFWDITaskbarApp] c:\windows\system32\MAFWdiTray.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABBAC0ATgBKADYAUgA3AC0AQgBXADQANwA3AC0ASwBSAFIAUQBBAC0ASABXADkAOQBCAC0AUgBTAEwARwBVAA"&"inst=NwA2AC0ANQA3ADYAMAA3ADQAMgAzADYALQBVADkAMAArADEALQBYAE8AMwA2ACsAMQAtAFMAVAAxACsAMgAtAFQAQgA5ACsAMgAtAE4AMQBEACsAMQAtAFAATAArADkALQBDAEkAQQA5ADAAKwAyAC0ARABEAFQAKwAxADQANQA2ADgALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAA"&"prod=51"&"ver=9.0.894
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\awu254~1.lnk - c:\program files\azio\awu254\installer\win2k\AWU254 Wireless Client Utility.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna3100\WNA3100.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{097539B7-C156-4010-8789-7E6CCE569B9B} : DHCPNameServer = 68.87.64.150 68.87.75.198
TCP: Interfaces\{370E158A-16BC-49B3-A93D-458E3A66D5D0} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9620C035-537A-4894-9900-7764F80EA005} : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{AB3FAD29-82FC-428B-A537-4A1B78B2B32E} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BBB63CF9-B0A8-4F1D-9F7B-BFC09F9D91DA} : DHCPNameServer = 192.168.1.1
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\colin\appdata\roaming\mozilla\firefox\profiles\wydwn36a.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\users\colin\appdata\local\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: 2013-06-24 21:59; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-6-24 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-6-24 175176]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-6-10 150568]
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2010-11-22 21728]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-6-24 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-6-24 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-6-24 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-6-24 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-6-24 46808]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2010-7-16 16400]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-9-23 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R2 WSWNA3100;WSWNA3100;c:\program files\netgear\wna3100\WifiSvc.exe [2010-11-22 278528]
R3 cmudaxp;ASUS Xonar DX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2008-1-18 1871360]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2012-9-7 501248]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-4-16 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh6.sys [2010-11-22 699896]
S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2010-9-3 20504]
S3 iLokDrvr;Usb Driver;c:\windows\system32\drivers\iLokDrvr.sys [2009-12-23 54328]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2010-11-22 50704]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-4-6 172032]
.
=============== File Associations ===============
.
FileExt: .js: JSFile="c:\program files\adobe\adobe dreamweaver cs5\Dreamweaver.exe","%1"
.
=============== Created Last 30 ================
.
2013-06-27 06:08:22    60872    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{652289ef-cb71-4823-9e59-fe6f5938175a}\offreg.dll
2013-06-26 16:51:47    --------    d-----w-    C:\Tweaking.com_Windows_Repair_Logs
2013-06-25 05:58:09    7068072    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{652289ef-cb71-4823-9e59-fe6f5938175a}\mpengine.dll
2013-06-25 02:00:01    770344    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-06-25 02:00:01    175176    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-06-25 02:00:00    49376    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-06-25 01:59:58    66336    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-06-25 01:59:33    41664    ----a-w-    c:\windows\avastSS.scr
2013-06-25 01:59:19    --------    d-----w-    c:\program files\AVAST Software
2013-06-25 01:58:54    --------    d-----w-    c:\programdata\AVAST Software
2013-06-25 00:09:14    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-25 00:01:19    --------    d-----w-    c:\users\colin\mbar
2013-06-23 20:48:55    --------    d-----w-    c:\program files\iPod
2013-06-23 20:48:53    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-23 20:45:43    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2013-06-23 20:45:43    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2013-06-23 20:45:43    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2013-06-23 20:45:43    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2013-06-23 20:45:43    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin.dll
2013-06-23 20:45:43    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-06-23 20:45:43    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-06-23 20:45:43    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-06-23 20:45:43    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-06-23 20:45:43    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin.dll
2013-06-03 04:51:39    --------    d-----w-    c:\program files\common files\Steam
2013-06-02 04:01:00    --------    d-----w-    c:\users\colin\Bills
2013-06-02 03:59:24    --------    d-----w-    c:\users\colin\cranbrook
2013-05-31 04:49:16    --------    d-----w-    c:\users\colin\appdata\roaming\PeerNetworking
.
==================== Find3M  ====================
.
2013-06-11 20:17:08    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-11 20:17:08    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-17 03:50:49    916480    ----a-w-    c:\windows\system32\wininet.dll
2013-05-17 03:45:15    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-05-17 03:44:52    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-05-17 03:44:39    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2013-05-17 03:44:38    71680    ----a-w-    c:\windows\system32\iesetup.dll
2013-05-17 02:06:08    385024    ----a-w-    c:\windows\system32\html.iec
2013-05-17 00:20:05    133632    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-05-17 00:18:12    1638912    ----a-w-    c:\windows\system32\mshtml.tlb
2013-05-08 04:37:21    905576    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-05-02 22:03:36    3603832    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-05-02 22:03:36    3551096    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-05-02 06:06:08    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-05-02 04:04:25    443904    ----a-w-    c:\windows\system32\win32spl.dll
2013-05-02 04:03:42    37376    ----a-w-    c:\windows\system32\printcom.dll
2013-05-01 07:59:12    94208    ----a-w-    c:\windows\system32\QuickTimeVR.qtx
2013-05-01 07:59:12    69632    ----a-w-    c:\windows\system32\QuickTime.qts
2013-04-24 04:00:30    985600    ----a-w-    c:\windows\system32\crypt32.dll
2013-04-24 04:00:30    98304    ----a-w-    c:\windows\system32\cryptnet.dll
2013-04-24 04:00:30    133120    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-04-24 04:00:24    41984    ----a-w-    c:\windows\system32\certenc.dll
2013-04-24 01:46:29    812544    ----a-w-    c:\windows\system32\certutil.exe
2013-04-17 12:30:06    24576    ----a-w-    c:\windows\system32\cryptdlg.dll
2013-04-15 14:20:04    638328    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56:44    37376    ----a-w-    c:\windows\system32\cdd.dll
2013-04-09 01:36:18    2049024    ----a-w-    c:\windows\system32\win32k.sys
2013-04-04 09:35:08    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 18:24:45.64 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/22/2008 5:09:01 AM
System Uptime: 6/26/2013 2:14:53 PM (28 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5Q-E
Processor: Intel® Core™2 Quad CPU Q9550 @ 2.83GHz | LGA 775 | 2003/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 932 GiB total, 658.208 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM (UDF)
J: is FIXED (NTFS) - 931 GiB total, 635.055 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_81F81043&REV_12\4&8372D40&0&00E5
Manufacturer: Marvell
Name: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_81F81043&REV_12\4&8372D40&0&00E5
Service: yukonwlh
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_14\4&1B359D48&0&10F0
Manufacturer: Marvell
Name: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_14\4&1B359D48&0&10F0
Service: yukonwlh
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP BiDi Channel Components Installer
7-Zip 9.20
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
Adobe Reader X (10.1.7)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS Xonar DX Audio Driver
avast! Free Antivirus
AWU254 Wireless Client Utility
BitTorrent
Bonjour
BufferChm
CCleaner
Destination Component
DeviceDiscovery
DeviceManagementQFolder
EA Installer
Google Chrome
Google Drive
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Color LaserJet CM1312 MFP Series 5.0
HP Imaging Device Functions 10.0
hppCLJCM1312
hppFaxDrvCM1312
hppFaxUtilityCM1312
hppFonts
hppManualsCM1312
hppQFolderCM1312
hppscanCM1312
hppScanToCM1312
hppSendFaxCM1312
hppusgCM1312
iCloud
Image Resizer for Windows
iTunes
Java 7 Update 21
Java Auto Updater
JavaFX 2.1.1
Logitech G11 Keyboard Software 1.03
marvell 61xx
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007 Trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MotoHelper MergeModules
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NETGEAR WNA3100 wireless USB 2.0 adapter
NVIDIA Control Panel 314.22
NVIDIA Display Control Panel
NVIDIA Graphics Driver 314.22
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Update 1.12.12
NVIDIA Update Components
OGA Notifier 2.0.0048.0
OpenAL
PDF Settings CS5
PVSonyDll
QuickTime
Ralink RT7x Wireless LAN Card
Scan
Search Assistant MocaFlix 1.66
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Sid Meier's Civilization 4
SoulSeek 157 NS 13e
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
ViewSonic Windows Vista Signed Files
VLC media player 1.1.11
WD SmartWare
WebReg
Windows Media Encoder 9 Series
.
==== Event Viewer Messages From Past Week ========
.
6/26/2013 2:17:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
6/26/2013 2:17:59 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
6/26/2013 2:17:06 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/26/2013 2:16:54 PM, Error: Service Control Manager [7000] - The Digidesign MME Refresh Service service failed to start due to the following error: The system cannot find the file specified.
6/23/2013 6:54:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSWNA3100 service.
6/23/2013 4:48:03 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
6/23/2013 4:47:02 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/23/2013 4:46:49 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================

Attached Files


Edited by Oh My, 02 July 2013 - 03:45 PM.
Posted Attach log


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,055 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:08 AM

Posted 02 July 2013 - 03:38 PM

Greetings and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please start with this.

===================================================

Repairing .lnk File Association Windows 7/Vista

--------------------
  • Please download lnkfix_vista.zip and save it to your desktop
  • Unzip the folder onto your desktop
  • Double click the lnkfix_vista.reg icon
  • Click Yes on the confirmation screen
  • You should receive a conformation the information was successfully entered into the registry
  • Reboot your computer and test your shortcuts/links
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Do your shortcuts work?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 WOMB

WOMB
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 02 July 2013 - 09:36 PM

Hi Gary,

 

Thanks so much for your assistance!!

 

I have run the infix program and rebooted. It seems to have worked on the 'start menu' and 'task bar,' where all my shortcuts have been restored. Although my desktop shortcuts are still not working. I tried replaceing them, but no luck.

 

thanks again,

dante



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,055 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:08 AM

Posted 02 July 2013 - 09:44 PM

Hi dante and I am glad you are here. That is a good start at least. Please run these programs for me now.

===================================================

Rkill

-------------------
  • Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:

Link 1
Link 2
Link 3
Link 4

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Rkill log
  • FRST log
  • Addition log
  • Notice any difference?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 WOMB

WOMB
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 02 July 2013 - 11:14 PM

Rkill 2.5.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Invalid arguments ignored: /S

Program started at: 07/03/2013 12:04:31 AM in x86 mode.
Windows Version: Windows Vista ™ Ultimate Service Pack 2

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1 localhost
  127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
  127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
  127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
  127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
  127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
  127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net

Program finished at: 07/03/2013 12:05:53 AM
Execution time: 0 hours(s), 1 minute(s), and 22 seconds(s)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-07-2013
Ran by Colin (administrator) on 03-07-2013 00:07:56
Running from C:\Users\Colin\Desktop
Microsoft® Windows Vista™ Ultimate  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
() C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AZiO Corporation ) C:\Program Files\AZiO\AWU254\Installer\Win2k\AWU254 Wireless Client Utility.exe
() C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Western Digital) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe [x]
HKLM\...\Run: []  [x]
HKLM\...\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\" [24576 2009-05-11] (Hewlett-Packard Company)
HKLM\...\Run: [MAFWDITaskbarApp] C:\Windows\system32\MAFWdiTray.exe [x]
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABBAC0ATgBKADYAUgA3AC0AQgBXADQANwA3AC0ASwBSAFIAUQBBAC0ASABXADkAOQBCAC0AUgBTAEwARwBVAA"&"inst=NwA2AC0ANQA3ADYAMAA3ADQAMgAzADYALQBVADkAMAArADEALQBYAE8AMwA2ACsAMQAtAFMAVAAxACsAMgAtAFQAQgA5ACsAMgAtAE4AMQBEACsAMQAtAFAATAArADkALQBDAEkAQQA5ADAAKwAyAC0ARABEAFQAKwAxADQANQA2ADgALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAA"&"prod=51"&"ver=9.0.894 [x]
HKCU\...\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe [x]
HKCU\...\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe"  /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden [x]
HKCU\...\Run: [Google Update] "C:\Users\Colin\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-09-08] (Google Inc.)
HKCU\...\Run: [AdobeBridge]  [x]
HKCU\...\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
MountPoints2: I - I:\wd_windows_tools\WDEULA.exe
MountPoints2: K - K:\wd_windows_tools\WDEULA.exe
MountPoints2: {383dca2c-4110-11e0-ab5d-002215f8c28c} - I:\setup.exe -a
MountPoints2: {581a363b-a269-11e0-877b-002215f8c28c} - K:\setup.exe -a
MountPoints2: {5879b70a-e569-11e0-b003-806e6f6e6963} - "I:\WD SmartWare.exe" autoplay=true
MountPoints2: {597bb863-faf0-11de-a765-002215f8c28c} - J:\LaunchU3.exe -a
MountPoints2: {671ded7c-91b1-11df-8b75-002215f8c28c} - E:\setup.exe -a
MountPoints2: {89f7c4a4-f852-11df-8844-002215f8c28c} - I:\Installer.exe
MountPoints2: {cc0bf75c-92e4-11e0-a78f-002215f8c28c} - J:\setup.exe -a
MountPoints2: {d83d2e0c-709c-11df-9cdf-002215f8c28c} - I:\mri.exe
MountPoints2: {e7b5612e-6f40-11df-998c-806e6f6e6963} - D:\autorun.exe
Startup: C:\ProgramData\Start Menu\Programs\Startup\AWU254 Wireless Client Utility.lnk
ShortcutTarget: AWU254 Wireless Client Utility.lnk -> C:\Program Files\AZiO\AWU254\Installer\Win2k\AWU254 Wireless Client Utility.exe (AZiO Corporation )
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
ShortcutTarget: NETGEAR WNA3100 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNA3100\WNA3100.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\ProgramData\Start Menu\Programs\Startup\WDSmartWare.lnk
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.just-browse.info/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.just-browse.info/
URLSearchHook: (No Name) - {656461ef-40f6-4115-9ff1-bced9812ccbb} -  No File
HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3045275
SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.just-browse.info/?l=1&q={searchTerms}
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.just-browse.info/?l=1&q={searchTerms}
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

FireFox:
========
FF ProfilePath: C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\wydwn36a.default
FF SearchEngine: Ask Search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @bittorrent.com/BitTorrentDNA - C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @bittorrent.com/BitTorrentDNA - C:\Users\Colin\Program Files\DNA\plugins\npbtdna.dll No File
FF Plugin HKCU: @doubletwist.com/NPPodcast - C:\Program Files\Common Files\doubleTwist\NPPodcast.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Colin\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Colin\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Users\Colin\AppData\Roaming\Mozilla\Extensions\58282EC3-9AC0-4ab3-9BC3-6362BA4F2F5E
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}] C:\Users\Colin\Program Files\DNA

Chrome:
=======
CHR HomePage: https://www.google.com/
CHR RestoreOnStartup:       "urls_to_restore_on_startup": null
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Colin\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Colin\AppData\Local\Google\Chrome\Application\28.0.1500.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Colin\AppData\Local\Google\Chrome\Application\28.0.1500.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (DNA Plug-in) - C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Colin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [98304 2009-09-23] (WDC)
R2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo)
R2 WSWNA3100; C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe [278528 2010-01-12] ()
S2 DigiRefresh; C:\Program Files\Digidesign\Drivers\MMERefresh.exe -s [x]

==================== Drivers (Whitelisted) ====================

R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [20747 2012-09-07] (Meetinghouse Data Communications)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-27] ()
S3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [699896 2009-11-06] (Broadcom Corporation)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [1871360 2008-01-18] (C-Media Inc)
R2 DigiNet; C:\Windows\System32\DRIVERS\diginet.sys [16400 2009-12-18] (Avid, Inc. All rights reserved.)
S3 ENTECH; C:\Windows\system32\DRIVERS\ENTECH.sys [27672 2008-04-22] (EnTech Taiwan)
S3 HPFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [17432 2007-07-16] (Hewlett Packard)
S3 HPFXFAX; C:\Windows\System32\drivers\hpfxfax.sys [20504 2007-07-16] (Hewlett Packard)
S3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [54328 2009-12-23] (PACE Anti-Piracy, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [150568 2008-06-10] (Marvell Semiconductor, Inc.)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
S3 RT73; C:\Windows\System32\DRIVERS\rt73.sys [252928 2006-01-12] (Ralink Technology, Corp.)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2009-03-04] ()
S3 ALSysIO; \??\C:\Users\Colin\AppData\Local\Temp\ALSysIO.sys [x]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 LVRS; system32\DRIVERS\lvrs.sys [x]
S3 LVUSBSta; system32\drivers\LVUSBSta.sys [x]
S3 LVUVC; system32\DRIVERS\lvuvc.sys [x]
S3 MAFW; system32\DRIVERS\mafw.sys [x]
S3 MAFWDICE; system32\DRIVERS\mafwdi.sys [x]
S3 MA_CMIDI; system32\drivers\ma_cmidi.sys [x]
S3 motccgp; system32\DRIVERS\motccgp.sys [x]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [x]
S3 motmodem; system32\DRIVERS\motmodem.sys [x]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [x]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [x]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-03 00:07 - 2013-07-03 00:07 - 01372429 ____A (Farbar) C:\Users\Colin\Desktop\FRST.exe
2013-07-03 00:07 - 2013-07-03 00:07 - 00000000 ____D C:\FRST
2013-07-03 00:04 - 2013-07-03 00:05 - 00004172 ____A C:\Users\Colin\Desktop\Rkill.txt
2013-07-03 00:00 - 2013-07-03 00:00 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Colin\Desktop\rkill.scr
2013-07-02 22:19 - 2013-05-11 18:26 - 00920472 ____A (Mozilla Corporation) C:\Users\Colin\Desktop\firefox.exe
2013-07-02 22:06 - 2013-07-02 22:06 - 00000000 ____D C:\Users\Colin\Desktop\lnkfix_vista
2013-07-02 22:02 - 2013-07-02 22:02 - 00000990 ____A C:\Users\Colin\Desktop\lnkfix_vista.zip
2013-06-29 21:03 - 2013-06-29 21:03 - 00000000 ____D C:\ProgramData\APN
2013-06-29 21:01 - 2013-06-29 21:01 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-29 21:01 - 2013-06-29 21:01 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-29 21:01 - 2013-06-29 21:01 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-29 21:01 - 2013-06-29 21:01 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-27 18:25 - 2013-06-27 18:26 - 00000000 ____D C:\Users\Colin\Desktop\dds
2013-06-27 18:25 - 2013-06-27 18:25 - 00015358 ____A C:\Users\Colin\Documents\DDS.txt
2013-06-27 18:20 - 2013-06-27 18:20 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-26 14:23 - 2011-08-02 00:04 - 00000000 ____D C:\Users\Colin\Desktop\Tweaking.com - Repair .lnk (Shortcuts) File Association
2013-06-26 14:22 - 2013-06-27 18:20 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-26 14:22 - 2013-06-27 18:20 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-26 12:51 - 2013-06-26 14:24 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-06-26 12:51 - 2013-06-26 12:51 - 00999517 ____A C:\Users\Colin\Desktop\Tweaking.com-RepairlnkFileAssociation.exe
2013-06-26 12:51 - 2011-08-02 00:04 - 00000000 ____D C:\Users\Colin\Downloads\Tweaking.com - Repair .lnk (Shortcuts) File Association
2013-06-24 22:01 - 2013-06-24 22:01 - 00000000 ____D C:\Users\Colin\AppData\LocalGoogle
2013-06-24 22:01 - 2013-06-24 22:01 - 00000000 ____A C:\Windows\setuperr.log
2013-06-24 22:01 - 2013-06-24 22:01 - 00000000 ____A C:\Windows\setupact.log
2013-06-24 22:00 - 2013-07-02 23:09 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-24 22:00 - 2013-07-02 22:12 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-24 22:00 - 2013-06-27 18:20 - 00770344 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-06-24 22:00 - 2013-06-27 18:20 - 00369584 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-06-24 22:00 - 2013-06-27 18:20 - 00175176 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-06-24 22:00 - 2013-06-24 22:00 - 00001789 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-06-24 22:00 - 2013-05-09 04:59 - 00056080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-06-24 22:00 - 2013-05-09 04:59 - 00049760 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2013-06-24 22:00 - 2013-05-09 04:59 - 00049376 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-06-24 22:00 - 2013-05-09 04:59 - 00029816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-06-24 21:59 - 2013-06-24 21:59 - 00000000 ____D C:\Program Files\AVAST Software
2013-06-24 21:59 - 2013-05-09 04:59 - 00066336 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-06-24 21:59 - 2013-05-09 04:58 - 00229648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-06-24 21:59 - 2013-05-09 04:58 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-06-24 21:58 - 2013-06-24 21:59 - 00000000 ____D C:\ProgramData\AVAST Software
2013-06-24 21:56 - 2013-06-24 21:57 - 117478104 ____A C:\Users\Colin\Downloads\avast_free_antivirus_setup.exe
2013-06-24 20:09 - 2013-06-24 21:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-24 20:01 - 2013-06-24 20:01 - 00000000 ____D C:\Users\Colin\mbar
2013-06-24 18:30 - 2013-05-31 11:55 - 09789256 ____A (Apple Inc.) C:\Users\Colin\Desktop\iTunes.exe
2013-06-24 18:29 - 2007-04-30 16:20 - 00602112 ____A (AZiO Corporation ) C:\Users\Colin\Desktop\AWU254 Wireless Client Utility.exe
2013-06-24 13:27 - 2013-06-24 13:27 - 04378864 ____A (Piriform Ltd) C:\Users\Colin\Downloads\ccsetup402.exe
2013-06-24 02:11 - 2013-06-24 02:13 - 00000000 ____D C:\Users\Colin\Downloads\The.Venture.Bros.S05E04.720p.HDTV.x264-2HD [PublicHD]
2013-06-23 16:48 - 2013-06-23 16:49 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-23 16:48 - 2013-06-23 16:48 - 00000000 ____D C:\Program Files\iPod
2013-06-23 16:45 - 2013-06-23 16:45 - 00000000 ____D C:\Program Files\QuickTime
2013-06-23 13:02 - 2013-06-23 13:02 - 00000115 ____A C:\Users\Colin\Desktop\prurient interests.txt
2013-06-20 17:39 - 2013-06-20 17:39 - 00000000 ____D C:\Users\Colin\Downloads\Microsoft Office ProPlus 2013 VL x64 en-US May2013
2013-06-20 00:04 - 2013-06-20 00:05 - 00000000 ____D C:\Users\Colin\Downloads\Let.Me.In.2010.DVDRip.XviD-TWiZTED
2013-06-20 00:02 - 2013-06-20 00:02 - 00000000 ____D C:\Users\Colin\Downloads\Side Effects 2013 1080p BRRip x264 AC3-JYK
2013-06-17 02:37 - 2013-06-17 02:40 - 114620961 ____A C:\Users\Colin\Downloads\The.Venture.Bros.S05E03.HDTV.x264-EVOLVE.mp4
2013-06-12 22:37 - 2013-06-12 22:37 - 00000000 ____A C:\Users\Colin\Desktop\painting with a twist at 1pm.txt
2013-06-12 08:49 - 2013-05-16 23:50 - 01212928 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 08:49 - 2013-05-16 23:50 - 00916480 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 08:49 - 2013-05-16 23:50 - 00105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-12 08:49 - 2013-05-16 23:48 - 00206848 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-12 08:49 - 2013-05-16 23:46 - 06014464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 08:49 - 2013-05-16 23:46 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2013-06-12 08:49 - 2013-05-16 23:46 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-12 08:49 - 2013-05-16 23:45 - 00630272 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 08:49 - 2013-05-16 23:45 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-12 08:49 - 2013-05-16 23:45 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-12 08:49 - 2013-05-16 23:45 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 08:49 - 2013-05-16 23:44 - 11111424 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 08:49 - 2013-05-16 23:44 - 02004992 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 08:49 - 2013-05-16 23:44 - 01469440 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-12 08:49 - 2013-05-16 23:44 - 00387584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-12 08:49 - 2013-05-16 23:44 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-12 08:49 - 2013-05-16 23:44 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 08:49 - 2013-05-16 23:44 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 08:49 - 2013-05-16 23:44 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 08:49 - 2013-05-16 23:44 - 00055808 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 08:49 - 2013-05-16 22:06 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-12 08:49 - 2013-05-16 20:20 - 00133632 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-12 08:49 - 2013-05-16 20:19 - 00174080 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 08:49 - 2013-05-16 20:18 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 08:49 - 2013-05-16 20:18 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-12 08:49 - 2013-05-08 00:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 08:49 - 2013-05-02 18:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 08:49 - 2013-05-02 18:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 08:49 - 2013-05-02 00:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 08:49 - 2013-05-02 00:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-12 08:49 - 2013-04-24 00:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 08:49 - 2013-04-24 00:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 08:49 - 2013-04-24 00:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 08:49 - 2013-04-24 00:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 08:49 - 2013-04-23 21:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 08:49 - 2013-04-17 08:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-11 20:09 - 2013-06-11 20:09 - 00000000 ____D C:\Users\Colin\Documents\My Games
2013-06-10 02:45 - 2013-06-10 02:51 - 00000000 ____D C:\Users\Colin\Downloads\[ www.Torrenting.com ] - The.Venture.Bros.S05E02.HDTV.x264-EVOLVE
2013-06-10 01:55 - 2013-06-10 02:03 - 304978617 ____A C:\Users\Colin\Downloads\The.Venture.Bros.S05E01.REAL.HDTV.x264-EVOLVE.mp4
2013-06-10 01:44 - 2013-06-10 01:45 - 00000000 ____D C:\Users\Colin\Downloads\The.Venture.Bros.S05E01.REAL.720p.HDTV.x264-EVOLVE [PublicHD]
2013-06-10 01:34 - 2013-06-10 01:36 - 00000000 ____D C:\Users\Colin\Downloads\Season 4
2013-06-09 16:50 - 2013-06-12 12:16 - 00000000 ____D C:\Users\Colin\Desktop\mike kelley
2013-06-03 02:00 - 2013-06-03 02:02 - 00011776 __ASH C:\Users\Colin\Downloads\Thumbs.db
2013-06-03 01:34 - 2013-06-03 01:54 - 115886301 ____A C:\Users\Colin\Downloads\The.Venture.Bros.S05E01.A.Very.Venture.Halloween.HDTV.x264-2HD.mp4
2013-06-03 01:03 - 2013-06-03 01:03 - 00000014 ____A C:\Users\Colin\Desktop\steam.txt
2013-06-03 00:51 - 2013-06-07 17:56 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-06-03 00:48 - 2013-06-03 00:48 - 01669632 ____A C:\Users\Colin\Downloads\SteamInstall.msi

==================== One Month Modified Files and Folders ========

2013-07-03 00:07 - 2013-07-03 00:07 - 01372429 ____A (Farbar) C:\Users\Colin\Desktop\FRST.exe
2013-07-03 00:07 - 2013-07-03 00:07 - 00000000 ____D C:\FRST
2013-07-03 00:06 - 2006-11-02 08:46 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-03 00:06 - 2006-11-02 08:46 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-03 00:05 - 2013-07-03 00:04 - 00004172 ____A C:\Users\Colin\Desktop\Rkill.txt
2013-07-03 00:00 - 2013-07-03 00:00 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Colin\Desktop\rkill.scr
2013-07-02 23:35 - 2011-09-21 21:55 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-905870239-2676681471-788268361-1000UA.job
2013-07-02 23:17 - 2012-04-13 09:15 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-02 23:09 - 2013-06-24 22:00 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-02 22:17 - 2008-01-20 21:37 - 01272126 ____A C:\Windows\WindowsUpdate.log
2013-07-02 22:17 - 2006-11-02 06:33 - 00703516 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-02 22:12 - 2013-06-24 22:00 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-02 22:12 - 2006-11-02 09:00 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-02 22:08 - 2006-11-02 09:00 - 00032578 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-02 22:06 - 2013-07-02 22:06 - 00000000 ____D C:\Users\Colin\Desktop\lnkfix_vista
2013-07-02 22:02 - 2013-07-02 22:02 - 00000990 ____A C:\Users\Colin\Desktop\lnkfix_vista.zip
2013-07-02 18:35 - 2011-09-21 21:55 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-905870239-2676681471-788268361-1000Core.job
2013-06-29 21:03 - 2013-06-29 21:03 - 00000000 ____D C:\ProgramData\APN
2013-06-29 21:01 - 2013-06-29 21:01 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-29 21:01 - 2013-06-29 21:01 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-29 21:01 - 2013-06-29 21:01 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-29 21:01 - 2013-06-29 21:01 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-29 21:01 - 2012-06-15 10:20 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-29 21:01 - 2011-10-20 23:01 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-27 18:28 - 2013-06-02 00:01 - 00000000 ____D C:\Users\Colin\Bills
2013-06-27 18:28 - 2012-05-08 21:21 - 00000000 ____D C:\Users\Colin\Desktop\camera dump
2013-06-27 18:27 - 2013-01-29 08:33 - 00000000 ____D C:\Users\Colin\Dante's Art
2013-06-27 18:26 - 2013-06-27 18:25 - 00000000 ____D C:\Users\Colin\Desktop\dds
2013-06-27 18:25 - 2013-06-27 18:25 - 00015358 ____A C:\Users\Colin\Documents\DDS.txt
2013-06-27 18:20 - 2013-06-27 18:20 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-27 18:20 - 2013-06-26 14:22 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-27 18:20 - 2013-06-26 14:22 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-27 18:20 - 2013-06-24 22:00 - 00770344 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-06-27 18:20 - 2013-06-24 22:00 - 00369584 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-06-27 18:20 - 2013-06-24 22:00 - 00175176 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-06-26 16:03 - 2008-11-25 15:53 - 00001356 ____A C:\Users\Colin\AppData\Local\d3d9caps.dat
2013-06-26 14:24 - 2013-06-26 12:51 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-06-26 12:51 - 2013-06-26 12:51 - 00999517 ____A C:\Users\Colin\Desktop\Tweaking.com-RepairlnkFileAssociation.exe
2013-06-25 00:01 - 2013-01-07 00:39 - 00000000 ____D C:\Program Files\MocaFlix
2013-06-24 22:01 - 2013-06-24 22:01 - 00000000 ____D C:\Users\Colin\AppData\LocalGoogle
2013-06-24 22:01 - 2013-06-24 22:01 - 00000000 ____A C:\Windows\setuperr.log
2013-06-24 22:01 - 2013-06-24 22:01 - 00000000 ____A C:\Windows\setupact.log
2013-06-24 22:01 - 2009-02-12 19:27 - 00000000 ____D C:\Users\Colin\AppData\Local\Google
2013-06-24 22:01 - 2009-02-12 19:22 - 00000000 ____D C:\Program Files\Google
2013-06-24 22:00 - 2013-06-24 22:00 - 00001789 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-06-24 21:59 - 2013-06-24 21:59 - 00000000 ____D C:\Program Files\AVAST Software
2013-06-24 21:59 - 2013-06-24 21:58 - 00000000 ____D C:\ProgramData\AVAST Software
2013-06-24 21:59 - 2006-11-02 06:23 - 00002577 ____A C:\Windows\System32\config.nt
2013-06-24 21:57 - 2013-06-24 21:56 - 117478104 ____A C:\Users\Colin\Downloads\avast_free_antivirus_setup.exe
2013-06-24 21:32 - 2013-06-24 20:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-24 21:19 - 2008-11-22 06:24 - 00000000 ____D C:\users\Colin
2013-06-24 20:01 - 2013-06-24 20:01 - 00000000 ____D C:\Users\Colin\mbar
2013-06-24 13:27 - 2013-06-24 13:27 - 04378864 ____A (Piriform Ltd) C:\Users\Colin\Downloads\ccsetup402.exe
2013-06-24 13:27 - 2011-11-16 10:36 - 00000000 ____D C:\Program Files\CCleaner
2013-06-24 13:06 - 2009-01-26 00:20 - 00000000 ____D C:\Users\Colin\AppData\Roaming\BitTorrent
2013-06-24 13:03 - 2013-01-07 00:40 - 00000000 ____D C:\ProgramData\DivX
2013-06-24 02:13 - 2013-06-24 02:11 - 00000000 ____D C:\Users\Colin\Downloads\The.Venture.Bros.S05E04.720p.HDTV.x264-2HD [PublicHD]
2013-06-23 16:49 - 2013-06-23 16:48 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-23 16:49 - 2011-02-24 13:07 - 00000000 ____D C:\Program Files\iTunes
2013-06-23 16:48 - 2013-06-23 16:48 - 00000000 ____D C:\Program Files\iPod
2013-06-23 16:48 - 2011-09-23 10:02 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-06-23 16:45 - 2013-06-23 16:45 - 00000000 ____D C:\Program Files\QuickTime
2013-06-23 13:02 - 2013-06-23 13:02 - 00000115 ____A C:\Users\Colin\Desktop\prurient interests.txt
2013-06-22 21:20 - 2011-09-22 00:30 - 00000000 ____D C:\Users\Colin\Desktop\bleepyy source material
2013-06-20 17:39 - 2013-06-20 17:39 - 00000000 ____D C:\Users\Colin\Downloads\Microsoft Office ProPlus 2013 VL x64 en-US May2013
2013-06-20 00:22 - 2012-03-21 19:53 - 00000000 ____D C:\Users\Colin\Downloads\dl movies
2013-06-20 00:22 - 2008-12-03 21:22 - 00079360 ____A C:\Users\Colin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-20 00:05 - 2013-06-20 00:04 - 00000000 ____D C:\Users\Colin\Downloads\Let.Me.In.2010.DVDRip.XviD-TWiZTED
2013-06-20 00:02 - 2013-06-20 00:02 - 00000000 ____D C:\Users\Colin\Downloads\Side Effects 2013 1080p BRRip x264 AC3-JYK
2013-06-17 02:40 - 2013-06-17 02:37 - 114620961 ____A C:\Users\Colin\Downloads\The.Venture.Bros.S05E03.HDTV.x264-EVOLVE.mp4
2013-06-13 10:49 - 2008-12-03 21:47 - 00000000 ____D C:\ProgramData\Soulseek
2013-06-13 03:37 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache
2013-06-13 03:00 - 2006-11-02 06:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-12 22:37 - 2013-06-12 22:37 - 00000000 ____A C:\Users\Colin\Desktop\painting with a twist at 1pm.txt
2013-06-12 12:16 - 2013-06-09 16:50 - 00000000 ____D C:\Users\Colin\Desktop\mike kelley
2013-06-11 20:09 - 2013-06-11 20:09 - 00000000 ____D C:\Users\Colin\Documents\My Games
2013-06-11 16:17 - 2012-04-13 09:15 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 16:17 - 2011-11-05 23:50 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-10 02:51 - 2013-06-10 02:45 - 00000000 ____D C:\Users\Colin\Downloads\[ www.Torrenting.com ] - The.Venture.Bros.S05E02.HDTV.x264-EVOLVE
2013-06-10 02:03 - 2013-06-10 01:55 - 304978617 ____A C:\Users\Colin\Downloads\The.Venture.Bros.S05E01.REAL.HDTV.x264-EVOLVE.mp4
2013-06-10 01:45 - 2013-06-10 01:44 - 00000000 ____D C:\Users\Colin\Downloads\The.Venture.Bros.S05E01.REAL.720p.HDTV.x264-EVOLVE [PublicHD]
2013-06-10 01:36 - 2013-06-10 01:34 - 00000000 ____D C:\Users\Colin\Downloads\Season 4
2013-06-07 17:56 - 2013-06-03 00:51 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-06-03 02:02 - 2013-06-03 02:00 - 00011776 __ASH C:\Users\Colin\Downloads\Thumbs.db
2013-06-03 01:54 - 2013-06-03 01:34 - 115886301 ____A C:\Users\Colin\Downloads\The.Venture.Bros.S05E01.A.Very.Venture.Halloween.HDTV.x264-2HD.mp4
2013-06-03 01:03 - 2013-06-03 01:03 - 00000014 ____A C:\Users\Colin\Desktop\steam.txt
2013-06-03 00:48 - 2013-06-03 00:48 - 01669632 ____A C:\Users\Colin\Downloads\SteamInstall.msi

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-02 22:19

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-07-2013
Ran by Colin at 2013-07-03 00:08:32
Running from C:\Users\Colin\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
32 Bit HP BiDi Channel Components Installer (Version: 1.1.0.2)
7-Zip 9.20
Adobe AIR (Version: 2.5.1.17730)
Adobe Community Help (Version: 3.4.980)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Photoshop CS5.1 (Version: 12.1)
Adobe Reader X (10.1.7) (Version: 10.1.7)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ASUS Xonar DX Audio Driver
avast! Free Antivirus (Version: 8.0.1489.0)
AWU254 Wireless Client Utility (Version: 1.00.00)
BitTorrent (Version: 7.6.1)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 100.0.170.000)
CCleaner (Version: 4.02)
Destination Component (Version: 100.0.0.0)
DeviceDiscovery (Version: 100.0.190.000)
DeviceManagementQFolder (Version: 1.00.0000)
EA Installer (Version: 2.2.0.62)
Google Chrome (HKCU Version: 28.0.1500.63)
Google Drive (Version: 1.10.4769.632)
Google Update Helper (Version: 1.3.21.145)
HP Color LaserJet CM1312 MFP Series 5.0 (Version: 5.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
hppCLJCM1312 (Version: 001.000.00131)
hppFaxDrvCM1312 (Version: 005.000.00001)
hppFaxUtilityCM1312 (Version: 001.000.00130)
hppFonts (Version: 001.001.00061)
hppManualsCM1312 (Version: 001.000.00135)
hppQFolderCM1312 (Version: 1.00.0000)
hppscanCM1312 (Version: 001.000.00131)
hppScanToCM1312 (Version: 001.000.00128)
hppSendFaxCM1312 (Version: 005.000.00001)
hppusgCM1312 (Version: 1.1.0.1)
iCloud (Version: 2.1.2.8)
Image Resizer for Windows (Version: 3.0.4319.33193)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
JavaFX 2.1.1 (Version: 2.1.1)
Logitech G11 Keyboard Software 1.03 (Version: 1.3.166.0)
marvell 61xx (Version: 1.2.1.57)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 Trial (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 1.00.0000)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
MotoHelper MergeModules (Version: 1.0.0)
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NETGEAR WNA3100 wireless USB 2.0 adapter (Version: 1.01.206)
NVIDIA Control Panel 314.22 (Version: 314.22)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Graphics Driver 314.22 (Version: 314.22)
NVIDIA Install Application (Version: 2.1002.115.743)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenAL
PDF Settings CS5 (Version: 10.0)
PVSonyDll (Version: 1.00.0001)
QuickTime (Version: 7.74.80.86)
Ralink RT7x Wireless LAN Card (Version: 1.5.4.0)
Scan (Version: 10.1.0.0)
Search Assistant MocaFlix 1.66
Sid Meier's Civilization 4 (Version: 1.61)
Sid Meier's Civilization 4 (Version: 1.74)
SoulSeek 157 NS 13e
TrayApp (Version: 100.0.170.000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
ViewSonic Windows Vista Signed Files
VLC media player 1.1.11 (Version: 1.1.11)
WD SmartWare (Version: 1.1.1.4)
WebReg (Version: 100.0.170.000)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.3374)

==================== Restore Points  =========================


==================== Hosts content: ==========================
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net


==================== Scheduled Tasks (whitelisted) =============

Task: {075F7B0C-8858-426A-81EA-5161F4D13E82} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {0ED43C79-92D1-44A7-B602-2D35FE2ADE14} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2CEB93DC-2128-4744-8590-F9150E4191DA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {2D1106CC-7D21-4F93-8046-5577926FC8C3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-905870239-2676681471-788268361-1000UA => C:\Users\Colin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-08] (Google Inc.)
Task: {2EF1A2C3-210D-4AFD-BEB7-E51E7FD69C0C} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3A950610-5351-4CF3-89BD-526A7E64AA8B} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {3ED41489-88D0-49CD-80B4-158FD317F193} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-20] (Microsoft Corporation)
Task: {45AD4B5D-D591-4070-A497-894ED7E51AA2} - System32\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C} => C:\Users\Colin\AppData\Local\Temp\Lnq.exe No File
Task: {49B582D3-0D77-4C2E-901F-4FD6D6E348B4} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {5A6D9831-D95C-4713-B4E9-F03D1644498F} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {637CD7D7-4794-4116-8498-CDE400E8AA7A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {6C037656-52FD-40BF-8DB0-5F349A5C26CB} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-20] (Microsoft Corp.)
Task: {742FFFF8-DE04-44BA-ABAE-019573E96C46} - System32\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3} => C:\Users\Colin\AppData\Local\Temp\Lnr.exe No File
Task: {8F77EA2A-95DF-4E70-B759-F4698285EEEA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {B1B49AD8-EFCA-4021-BB85-551E3A8D25C4} - System32\Tasks\4682 => C:\Windows\System32\wscript.exe [2009-04-11] (Microsoft Corporation)
Task: {B25D4244-6254-4542-9A54-D5A933EC915A} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {DC9312E3-4B8A-4B92-9E0E-C165E54A724D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-24] (Google Inc.)
Task: {E03371FC-C1BE-4ABC-AE13-74B12D73C42E} - System32\Tasks\0 => c:\program files\internet explorer\iexplore.exe [2013-05-16] (Microsoft Corporation)
Task: {E2DE0AF4-6F96-4653-8518-2A98D31B4673} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-20] (Microsoft Corporation)
Task: {E96331E7-C50F-433E-8200-51137D0A5FC4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-905870239-2676681471-788268361-1000Core => C:\Users\Colin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-08] (Google Inc.)
Task: {F45B6E95-67CD-42BE-8C7E-648743411C19} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-24] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-905870239-2676681471-788268361-1000Core.job => C:\Users\Colin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-905870239-2676681471-788268361-1000UA.job => C:\Users\Colin\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonwlh
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonwlh
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/02/2013 11:00:49 PM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x80070422).

Error: (07/02/2013 10:15:16 PM) (Source: Application Error) (User: )
Description: Faulting application AWU254 Wireless Client Utility.exe, version 1.1.6.0, time stamp 0x4635a6a6, faulting module AegisE5.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000135, fault offset 0x00009f5d,
process id 0x1618, application start time 0xAWU254 Wireless Client Utility.exe0.

Error: (07/02/2013 10:13:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2013 07:47:20 AM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\msiexec.exe /V; Descripton = Removed Ask Toolbar; Hr = 0x80070422).

Error: (07/02/2013 07:47:13 AM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\msiexec.exe /V; Descripton = Removed Ask Toolbar; Hr = 0x80070422).

Error: (07/02/2013 02:07:07 AM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\svchost.exe -k netsvcs; Descripton = Windows Update; Hr = 0x80070422).

Error: (07/02/2013 00:00:01 AM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x80070422).

Error: (07/01/2013 00:00:01 AM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x80070422).

Error: (06/30/2013 00:00:01 AM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x80070422).

Error: (06/29/2013 09:01:13 PM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\msiexec.exe /V; Descripton = Removed Java 7 Update 21; Hr = 0x80070422).


System errors:
=============
Error: (07/02/2013 10:15:55 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (07/02/2013 10:15:55 PM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (07/02/2013 10:13:52 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (07/02/2013 10:13:52 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (07/02/2013 10:13:29 PM) (Source: Service Control Manager) (User: )
Description: Digidesign MME Refresh Service%%2

Error: (07/02/2013 10:13:18 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/28/2013 09:31:37 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer WEEDENVY
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9620C035-537A-4894-9900-7764F80EA.
The master browser is stopping or an election is being forced.

Error: (06/28/2013 09:19:38 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer WEEDENVY
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9620C035-537A-4894-9900-7764F80EA.
The master browser is stopping or an election is being forced.

Error: (06/26/2013 02:17:59 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (06/26/2013 02:17:59 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service


Microsoft Office Sessions:
=========================
Error: (06/09/2013 05:42:37 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3392 seconds with 1020 seconds of active time.  This session ended with a crash.

Error: (06/07/2013 04:23:47 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 827 seconds with 660 seconds of active time.  This session ended with a crash.

Error: (05/21/2013 09:15:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 205372 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (03/18/2013 03:36:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 10601 seconds with 5940 seconds of active time.  This session ended with a crash.

Error: (03/18/2013 11:51:22 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 17 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/18/2013 11:50:57 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 12 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/18/2013 11:50:29 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 27 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/13/2013 00:20:30 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 11438 seconds with 420 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2011-05-31 19:16:50.727
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-31 19:16:14.986
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-31 19:15:02.251
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-31 19:05:39.791
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-31 19:03:43.296
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-31 19:01:40.131
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-04-18 18:17:05.409
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-04-18 18:15:54.378
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-04-18 18:15:40.029
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-04-18 18:13:29.306
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 3326.12 MB
Available physical RAM: 1837.84 MB
Total Pagefile: 6875.21 MB
Available Pagefile: 5368.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:657.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (CIV4DISC1) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS
Drive i: (WD SmartWare) (CDROM) (Total:0.62 GB) (Free:0 GB) UDF
Drive j: (My Book) (Fixed) (Total:930.86 GB) (Free:635.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 3ACE7CDC)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 931 GB) (Disk ID: 0002AE3F)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Thanks Gary! I gotta go to bed and and then to work, but i might be able to get the next instructions done before work.



no differences by the way



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,055 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:08 AM

Posted 03 July 2013 - 08:09 AM

Greetings Dante,

Thanks for letting me know of the possible delay. When you get a chance could you run these for me please. I am also providing some caution about Peer to Peer programs and pirated software.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have Bit Torrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again. There is also evidence of pirated software on your computer.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Bit Torrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM\...\Run: []  [x]
HKCU\...\Run: [AdobeBridge]  [x]
MountPoints2: I - I:\wd_windows_tools\WDEULA.exe
MountPoints2: K - K:\wd_windows_tools\WDEULA.exe
MountPoints2: {383dca2c-4110-11e0-ab5d-002215f8c28c} - I:\setup.exe -a
MountPoints2: {581a363b-a269-11e0-877b-002215f8c28c} - K:\setup.exe -a
MountPoints2: {5879b70a-e569-11e0-b003-806e6f6e6963} - "I:\WD SmartWare.exe" autoplay=true
MountPoints2: {597bb863-faf0-11de-a765-002215f8c28c} - J:\LaunchU3.exe -a
MountPoints2: {671ded7c-91b1-11df-8b75-002215f8c28c} - E:\setup.exe -a
MountPoints2: {89f7c4a4-f852-11df-8844-002215f8c28c} - I:\Installer.exe
MountPoints2: {cc0bf75c-92e4-11e0-a78f-002215f8c28c} - J:\setup.exe -a
MountPoints2: {d83d2e0c-709c-11df-9cdf-002215f8c28c} - I:\mri.exe
MountPoints2: {e7b5612e-6f40-11df-998c-806e6f6e6963} - D:\autorun.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.just-browse.info/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.just-browse.info/
URLSearchHook: (No Name) - {656461ef-40f6-4115-9ff1-bced9812ccbb} -  No File
HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3045275
SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.just-browse.info/?l=1&q={searchTerms}
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.just-browse.info/?l=1&q={searchTerms}
Toolbar: HKCU -No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Task: {45AD4B5D-D591-4070-A497-894ED7E51AA2} - System32\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C} => C:\Users\Colin\AppData\Local\Temp\Lnq.exe No File
Task: {742FFFF8-DE04-44BA-ABAE-019573E96C46} - System32\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3} => C:\Users\Colin\AppData\Local\Temp\Lnr.exe No File
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Desktop Shortcut Repair

--------------------
  • Please click this link and and save the file to your desktop
  • Double click the icon and select Run
  • Click Accept
  • Click Detect problems and apply the fixes for me (Recommended)
  • When completed click View report details
  • Reboot your computer
  • Check your desktop icons
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • Farbar log
  • Shortcut repair log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 WOMB

WOMB
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 03 July 2013 - 09:14 PM

Hi Gary,

 

 

These are the logs i recieved. I did not recieve a log for the shortcut repair since it did not detect anything.

 

My desktop shortcuts are still broken, but everything else seems to be working well.

 

 

 

# AdwCleaner v2.304 - Logfile created 07/03/2013 at 21:42:57
# Updated 03/07/2013 by Xplode
# Operating system : Windows Vista ™ Ultimate Service Pack 2 (32 bits)
# User : Colin - DOPEGROVE
# Boot Mode : Normal
# Running from : C:\Users\Colin\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\user.js
File Found : C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\searchplugins\WebSearch.xml
Folder Found : C:\Program Files\1ClickDownload
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\IB Updater
Folder Found : C:\Program Files\MocaFlix
Folder Found : C:\Program Files\Perion
Folder Found : C:\ProgramData\APN
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\ProgramData\Vaudix
Folder Found : C:\ProgramData\Vaudix
Folder Found : C:\Users\Colin\AppData\Local\Conduit
Folder Found : C:\Users\Colin\AppData\Local\Temp\APN
Folder Found : C:\Users\Colin\AppData\LocalLow\Conduit
Folder Found : C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3045275
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Found : HKLM\Software\IB Updater
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Key Found : HKLM\Software\Tarma Installer
Key Found : HKLM\Software\TENCENT
Key Found : HKU\S-1-5-21-905870239-2676681471-788268361-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKU\S-1-5-21-905870239-2676681471-788268361-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19437

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.just-browse.info/
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.just-browse.info/

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js

Found : user_pref("browser.startup.homepage", "hxxp://websearch.just-browse.info/");
Found : user_pref("browser.search.order.1", "WebSearch");
Found : user_pref("browser.search.defaultenginename", "WebSearch");
Found : user_pref("browser.search.selectedEngine", "WebSearch");
Found : user_pref("browser.search.defaulturl", "hxxp://websearch.just-browse.info/?l=1&q=");
Found : user_pref("browser.search.order.1,S", "WebSearch");
Found : user_pref("browser.search.defaultenginename,S", "WebSearch");
Found : user_pref("browser.search.selectedEngine,S", "WebSearch");
Found : user_pref("keyword.URL", "hxxp://websearch.just-browse.info/?l=1&q=");

File : C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\wydwn36a.default\prefs.js

Found : user_pref("aol_toolbar.default.homepage.check", false);
Found : user_pref("aol_toolbar.default.search.check", false);
Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Found : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v28.0.1500.71

File : C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6963 octets] - [03/07/2013 21:14:27]
AdwCleaner[R2].txt - [6894 octets] - [03/07/2013 21:42:57]

########## EOF - C:\AdwCleaner[R2].txt - [6954 octets] ##########
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista ™ Ultimate x86
Ran by Colin on Wed 07/03/2013 at 21:47:52.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-905870239-2676681471-788268361-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\ib updater
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\sprotector
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3045275
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}



~~~ Files

Successfully deleted: [File] "C:\Users\Colin\documents\1click.cfg"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\installmate"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\ProgramData\vaudix"
Successfully deleted: [Folder] "C:\Users\Colin\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Colin\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\ib updater"
Successfully deleted: [Folder] "C:\Program Files\mocaflix"
Successfully deleted: [Folder] "C:\Program Files\perion"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{336D0C35-8A85-403A-B9D2-65C292C39087}
Successfully deleted the following from C:\Users\Colin\AppData\Roaming\mozilla\firefox\profiles\wydwn36a.default\prefs.js

user_pref("extensions.BabylonToolbar.prtkDS", 0);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
user_pref("sweetim.toolbar.searchguard.enable", "");
Emptied folder: C:\Users\Colin\AppData\Roaming\mozilla\firefox\profiles\wydwn36a.default\minidumps [13 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/03/2013 at 21:49:14.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-07-2013 02
Ran by Colin at 2013-07-03 21:54:21 Run:1
Running from C:\Users\Colin\Desktop
Boot Mode: Normal

==============================================

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{383dca2c-4110-11e0-ab5d-002215f8c28c} => Key deleted successfully.
HKCR\CLSID\{383dca2c-4110-11e0-ab5d-002215f8c28c} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{581a363b-a269-11e0-877b-002215f8c28c} => Key deleted successfully.
HKCR\CLSID\{581a363b-a269-11e0-877b-002215f8c28c} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5879b70a-e569-11e0-b003-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{5879b70a-e569-11e0-b003-806e6f6e6963} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{597bb863-faf0-11de-a765-002215f8c28c} => Key deleted successfully.
HKCR\CLSID\{597bb863-faf0-11de-a765-002215f8c28c} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{671ded7c-91b1-11df-8b75-002215f8c28c} => Key deleted successfully.
HKCR\CLSID\{671ded7c-91b1-11df-8b75-002215f8c28c} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89f7c4a4-f852-11df-8844-002215f8c28c} => Key deleted successfully.
HKCR\CLSID\{89f7c4a4-f852-11df-8844-002215f8c28c} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc0bf75c-92e4-11e0-a78f-002215f8c28c} => Key deleted successfully.
HKCR\CLSID\{cc0bf75c-92e4-11e0-a78f-002215f8c28c} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d83d2e0c-709c-11df-9cdf-002215f8c28c} => Key deleted successfully.
HKCR\CLSID\{d83d2e0c-709c-11df-9cdf-002215f8c28c} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7b5612e-6f40-11df-998c-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{e7b5612e-6f40-11df-998c-806e6f6e6963} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{656461ef-40f6-4115-9ff1-bced9812ccbb} => Value deleted successfully.
HKCR\CLSID\{656461ef-40f6-4115-9ff1-bced9812ccbb} => Key not found.
HKCR\CLSID\{656461ef-40f6-4115-9ff1-bced9812ccbb}\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => Value deleted successfully.
HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{45AD4B5D-D591-4070-A497-894ED7E51AA2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45AD4B5D-D591-4070-A497-894ED7E51AA2} => Key deleted successfully.
C:\Windows\System32\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{35DC3473-A719-4d14-B7C1-FD326CA84A0C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{742FFFF8-DE04-44BA-ABAE-019573E96C46} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{742FFFF8-DE04-44BA-ABAE-019573E96C46} => Key deleted successfully.
C:\Windows\System32\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3} => Key deleted successfully.

==== End of Fixlog ====



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,055 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:08 AM

Posted 03 July 2013 - 09:57 PM

Hi Dante,

Lots of junk removed which is a good thing even though we have not yet fixed the icons.

Please do this now.

===================================================

Rebuilding Icon Cache Windows 7/Vista

--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type Notepad and press enter
  • Copy and paste the following into the Notepad document:
@echo off
attrib -a -r -h -s %LocalAppData%\IconCache.db
del /a %LocalAppData%\IconCache.db
type NUL > %LocalAppData%\IconCache.db
attrib +r +h %LocalAppData%\IconCache.db
del %0
shutdown /r /f /t 10
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input icon.bat.
  • Click Save.
  • Close the Notepad and any other open items
  • Locate and double-click icon.bat on the desktop
  • A black CMD window will flash, then disappear
  • Your computer will reboot in 10 seconds after the completion of the command
  • Check your desktop icons
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the Bach file process successfully?
  • Do your desktop icons work properly?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 WOMB

WOMB
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 04 July 2013 - 07:23 AM

Thanks Gary!

 

The computer did not reboot after I ran the Bach file, but i did see the CMD screen pop up.

 

The shortcuts on the desktop work properly, after I replaced them!

 

I know it's a little late, but this is the message I was getting " 'xyz' was not installed correctly. please reinstall 'xyz' "



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,055 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:08 AM

Posted 04 July 2013 - 07:50 AM

Excellent work my friend!

Let's regroup just a bit and re-evaluate where we are now. Are you experiencing any abnormalities? If now, we still have some mopping up I would like to do.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 WOMB

WOMB
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 04 July 2013 - 08:04 AM

Everything seems to be working fine now



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,055 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:08 AM

Posted 04 July 2013 - 08:41 AM

Great, let's do this now.

===================================================

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download. You can also right click on the link and select Save Link As
  • Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
    • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
      For instructions with screenshots, please refer to this Guide.
    • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version .
    • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself. Press the OK button and continue.
    • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
    • Click on the Scan button.
    • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked and then click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.
  • Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not be presented with a log.
  • Click the Back button.
  • Click the Finish button.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • MBAM results
  • ESET results
  • How is your computer running now? Any issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 WOMB

WOMB
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 04 July 2013 - 11:35 AM

Happy 4th of July Gary! :trumpet:

 

 

The computer seems to be running normal now. 

 

I'll be away from the computer for a couple hours now. btw

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.04.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19437
Colin :: DOPEGROVE [administrator]

Protection: Enabled

7/4/2013 9:55:19 AM
mbam-log-2013-07-04 (09-55-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229093
Time elapsed: 4 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

C:\Users\Colin\AppData\Roaming\B995A23A97598979C9E17B340955CD29\enemies-names.txt    Win32/Adware.AntimalwareDoctor.AE.Gen application    cleaned by deleting - quarantined
C:\Users\Colin\AppData\Roaming\B995A23A97598979C9E17B340955CD29\local.ini    Win32/Adware.AntimalwareDoctor.AE.Gen application    cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SXYN4269\update[1]    multiple threats    cleaned by deleting - quarantined
 

 

 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,055 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:08 AM

Posted 04 July 2013 - 02:30 PM

Greetings Dante and Happy 4th to you as well! Those scans look very good.

Now that you continue to report that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean

--------------

Your machine appears to be clean. You can remove any of the programs or logs on your system as a result of our efforts together. Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a couple of days in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 WOMB

WOMB
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 05 July 2013 - 08:58 AM

Thanks again Gary!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users