Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess Rootkit


  • This topic is locked This topic is locked
27 replies to this topic

#1 Dorkgeez

Dorkgeez

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 12 August 2013 - 12:10 AM

Need help removing ZeroAccess Rootkit.

 

From my original post, I notice the computer was running slow and my windows firewall was turned off and I could not turn it back on.  I was getting error 0x8007042c,

 

I ran through the fixes on the Microsoft website then started getting specific error code 5.  

 

I thought it was related to AVG so it has been removed.  This computer is only on to work on fixing this.

 

Original post is:

http://www.bleepingcomputer.com/forums/t/503424/windows-firewall-error-code-5/

 

 

DDS log

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.25.2
Run by Daryl at 0:00:25 on 2013-08-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7935.5024 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\MediaMall\MediaMallServer.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\System32\nvraidservice.exe
C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Box Sync\BoxSyncHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\MediaMall\PlayOn.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\spool\drivers\x64\3\E_YATIHWA.EXE
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Box Sync\BoxSync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Daryl\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Citrix\ICA Client\PNAMAIN.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Users\Daryl\Documents\RCA Detective\RCADetective.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\servicing\TrustedInstaller.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO: CtxIEInterceptorBHO Class: {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
TB: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [Easy Dock] <no file>
mRun: [Easy Dock] <no file>
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex
uExplorerRun: [efaebbeeddcaa] C:\Windows\System32\config\systemprofile\AppData\Roaming\e5f85aeb-6be5-4272-900e-70dd193ca8a779\efaebbeeddcaa.exe
StartupFolder: C:\Users\Daryl\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Daryl\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Daryl\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\Daryl\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RCADET~1.LNK - C:\Users\Daryl\Documents\RCA Detective\RCADetective.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BOXSYN~1.LNK - C:\Program Files\Box Sync\BoxSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Receiver.lnk - C:\Windows\Installer\{83137F14-B84A-42C4-AA31-9C7FE24F4398}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{44BB822E-7A9B-48F0-B529-33FE1AEA9A9D} : DHCPNameServer = 192.168.1.254
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,C:\Windows\SysWOW64\MPK\mpk.exe
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
x64-Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe
x64-Run: [SmartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
x64-Run: [BoxSyncHelper] "C:\Program Files\Box Sync\BoxSyncHelper.exe"
x64-RunOnce: [PCDrProfiler] "C:\Program Files\PC-Doctor for Windows\RunProfiler.exe" -r
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Daryl\AppData\Roaming\Mozilla\Firefox\Profiles\515o7f8c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll
FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\NPCDP32.DLL
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Magellan\Magellan Communicator\npMgnPlg.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Daryl\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Daryl\AppData\Roaming\Mozilla\Firefox\Profiles\515o7f8c.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Users\Daryl\AppData\Roaming\Mozilla\Firefox\Profiles\515o7f8c.default\extensions\2020Player@2020Technologies.com\plugins\NP2020Player.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-06-28 10:23; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - ExtSQL: !HIDDEN! 2010-01-05 11:32; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2010-06-18 20:32; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110796&tt=3312_3
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - d2e2d43100000000000000248cf97af9
FF - user.js: extensions.BabylonToolbar.instlDay - 15571
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.618:50:13
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-27 45856]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-2-14 93272]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-23 418376]
R2 MediaMall Server;MediaMall Server;C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2013-1-2 4038448]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-9-15 88576]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-20 1153368]
R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [2013-7-29 1616048]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-8-20 25928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-20 701512]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 PTHDRBUS;PANTECH Handset HSUSB Composite Device;C:\Windows\System32\drivers\PTHDRBUS.sys [2012-12-6 69264]
S3 PTHDRMDM;PANTECH HSUSB Modem;C:\Windows\System32\drivers\PTHDRMDM.sys [2012-12-6 176912]
S3 PTHDRVSP;PANTECH HSUSB Diagnostic Serial Port;C:\Windows\System32\drivers\PTHDRVSP.sys [2012-12-6 176912]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-7 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\System32\drivers\vpcuxd.sys [2011-5-7 16384]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-20 1255736]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-08-06 05:12:15 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-05 15:25:57 -------- d-----w- C:\Users\Daryl\AppData\Local\Avg2013
2013-08-05 03:34:47 0 ----a-w- C:\Windows\System32\VBAJET32.DLL
2013-08-05 03:34:47 0 ----a-w- C:\Windows\System32\olepro32.DLL
2013-08-05 03:34:47 0 ----a-w- C:\Windows\System32\nvd3dum.dll
2013-08-05 03:34:47 0 ----a-w- C:\Windows\System32\MSVBVM60.DLL
2013-08-05 03:34:47 0 ----a-w- C:\Windows\System32\MFC71U.DLL
2013-08-05 03:34:47 0 ----a-w- C:\Windows\System32\expsrv.dll
2013-08-02 04:13:20 -------- d-----w- C:\Program Files\Enigma Software Group
2013-08-02 04:12:30 -------- d-----w- C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-01 03:01:49 -------- d-----w- C:\Windows\System32\MpEngineStore
.
==================== Find3M  ====================
.
2013-07-29 13:48:23 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-07-22 16:57:42 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-22 16:57:42 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-13 02:48:23 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-06-13 02:48:17 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-13 02:47:57 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
.
============= FINISH:  0:01:00.36 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:20 PM

Posted 12 August 2013 - 01:08 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,
Georgi


cXfZ4wS.png


#3 Dorkgeez

Dorkgeez
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 12 August 2013 - 01:35 AM

Gorgi,

 

Thank you for your help

 

FRST Log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-08-2013 02
Ran by Daryl (administrator) on 12-08-2013 01:23:41
Running from C:\Users\Daryl\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE
(NVIDIA Corporation) C:\Windows\System32\nvraidservice.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Box, Inc.) C:\Program Files\Box Sync\BoxSyncHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\PlayOn.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHWA.EXE
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Box, Inc.) C:\Program Files\Box Sync\BoxSync.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\PNAMAIN.EXE
(Dropbox, Inc.) C:\Users\Daryl\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Audiovox Electronics Corp.) C:\Users\Daryl\Documents\RCA Detective\RCADetective.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(CyberLink Corp.) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [HP Remote Software] - C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe [172032 2009-02-06] ()
HKLM\...\Run: [NVRaidService] - C:\Windows\system32\nvraidservice.exe [333344 2008-08-18] (NVIDIA Corporation)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [915512 2009-03-05] (Hewlett-Packard)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16335976 2009-10-30] (NVIDIA Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [BoxSyncHelper] - C:\Program Files\Box Sync\BoxSyncHelper.exe [393216 2013-06-07] (Box, Inc.)
HKLM\...\RunOnce: [PCDrProfiler] - "C:\Program Files\PC-Doctor for Windows\RunProfiler.exe" -r [136176 2009-06-26] (PC-Doctor, Inc.)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,C:\Windows\SysWOW64\MPK\mpk.exe
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$544d7e6da79a3517aef6700e1f6a15c5\n. ATTENTION! ====> 
 
ZeroAccess?
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [163328 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-30] (Hewlett-Packard)
HKCU\...\Run: [ISUSPM] - "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [x]
HKCU\...\Run: [Easy Dock] -  [x]
HKCU\...\Run: [PlayOn] - C:\Program Files (x86)\MediaMall\PlayOn.exe [63832 2013-06-11] (MediaMall Technologies, Inc.)
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE [241280 2013-01-16] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [iSpy] - "C:\Program Files (x86)\iSpy\iSpy\iSpy.exe" -silent [x]
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple 
 
Inc.)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {474d6565-060d-11df-8965-00248cf97af9} - K:\LaunchU3.exe -a
HKLM-x32\...\Run: [Easy Dock] -  [x]
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Health Check Scheduler] - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-04] 
 
(Hewlett-Packard)
HKLM-x32\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [Microsoft Default Manager] - c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [224616 2009
 
-02-06] (Microsoft Corp.)
HKLM-x32\...\Run: [Monitor] - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [443728 2009-11-10] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink 
 
Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink 
 
Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] - c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] 
 
(CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2009-02
 
-02] (CyberLink Corp.)
HKLM-x32\...\Run: [KBD] - C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE [12288 2008-07-21] (Microsoft)
HKLM-x32\...\Run: [HP Remote Solution] - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-05-26] ()
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [HTC Sync Loader] - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [651264 2012-04-17] ()
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON 
 
CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2285232 2013-07-29] ()
HKLM-x32\...\Run: [BsMnt] - C:\Windows\BisonCam\BsMnt.exe [x]
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [371864 2012-04-05] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] - c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-06-28] (RealNetworks, Inc.)
HKU\Default\...\Run: [HPADVISOR] -  [x]
HKU\Default User\...\Run: [HPADVISOR] -  [x]
HKU\Jackie\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-30] (Hewlett-Packard)
HKU\Jackie\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [163328 2010-11-20] (Microsoft Corporation)
HKU\Jackie\...\Run: [ISUSPM] - "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [x]
HKU\Jackie\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe 
 
[1266712 2013-06-04] (AVG Secure Search)
HKU\Jackie\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] - C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe 
 
[1266712 2013-06-08] (AVG Secure Search)
HKU\Jackie\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe -update plugin [x]
HKU\Jackie\...\Policies\system: [LogonHoursAction] 2
HKU\Jackie\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Katie\...\Run: [HPADVISOR] -  [x]
HKU\Katie\...\RunOnce: [Application Restart #0] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKU\Katie\...\Policies\system: [LogonHoursAction] 2
HKU\Katie\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Katie and Liz\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-30] (Hewlett-Packard)
HKU\Katie and Liz\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [163328 2010-11-20] (Microsoft Corporation)
HKU\Katie and Liz\...\Run: [ISUSPM] - "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [x]
HKU\Katie and Liz\...\Run: [ConnectionCenter] - C:\Users\Katie and Liz\AppData\Local\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix 
 
Systems, Inc.)
HKU\Katie and Liz\...\Policies\system: [LogonHoursAction] 2
HKU\Katie and Liz\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll [257176 2012-04-05] (Citrix Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Box Sync.lnk
ShortcutTarget: Box Sync.lnk -> C:\Program Files\Box Sync\BoxSync.exe (Box, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Receiver.lnk
ShortcutTarget: Receiver.lnk -> C:\Windows\Installer\{83137F14-B84A-42C4-AA31-9C7FE24F4398}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe 
 
()
Startup: C:\Users\Daryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Daryl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Daryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood 
 
City, CA 94063)
Startup: C:\Users\Daryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk
ShortcutTarget: RCA Detective.lnk -> C:\Users\Daryl\Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)
Startup: C:\Users\Jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Daryl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?
 
TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope {665C19F7-943F-491C-9285-27912C9A2E15} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM - {4F62B9A3-E493-45EB-A0C2-73BD30D0FE67} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {665C19F7-943F-491C-9285-27912C9A2E15} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 - DefaultScope {665C19F7-943F-491C-9285-27912C9A2E15} URL = http://search.live.com/results.aspx?q={searchTerms}
 
&FORM=HPDTDF
SearchScopes: HKLM-x32 - {4F62B9A3-E493-45EB-A0C2-73BD30D0FE67} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {665C19F7-943F-491C-9285-27912C9A2E15} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKCU - {043C5167-00BB-4324-AF7E-62013FAEDACF} URL = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
SearchScopes: HKCU - {4F62B9A3-E493-45EB-A0C2-73BD30D0FE67} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live
 
\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing
 
\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
BHO-x32: CtxIEInterceptorBHO Class - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll (Citrix 
 
Systems, Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks
 
\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office
 
\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows 
 
Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 
 
305 Walnut Street, Redwood City, CA 94063)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.4.0.5\AVG Secure 
 
Search_toolbar.dll (AVG Secure Search)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar
 
\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle 
 
Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll 
 
(Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar
 
\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.4.0.5\AVG Secure 
 
Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {043C5167-00BB-4324-AF7E-62013FAEDACF} -  No File
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval
 
\msitss.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller
 
\15.4.0\ViProtocol.dll (AVG Secure Search)
Handler-x32: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix 
 
Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client
 
\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client
 
\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client
 
\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client
 
\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client
 
\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client
 
\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll 
 
(Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client
 
\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client
 
\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll 
 
(Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll 
 
(Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll 
 
(Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll 
 
(Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll 
 
(Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Daryl\AppData\Roaming\Mozilla\Firefox\Profiles\515o7f8c.default
FF user.js: detected! => C:\Users\Daryl\AppData\Roaming\Mozilla\Firefox\Profiles\515o7f8c.default\user.js
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://www.google.com/search?q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG 
 
Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=12.0 - C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll 
 
(CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=12.0 - C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft 
 
Corp.)
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @MagellanGPS.com/CommunicationPlugin - C:\Program Files (x86)\Magellan\Magellan Communicator\npMgnPlg.dll (Magellan Navigation, 
 
Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft 
 
Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins
 
\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins
 
\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins
 
\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration
 
\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Daryl\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies 
 
ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: No Name - C:\Users\Daryl\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Visualisateur 3D de 20-20 - C:\Users\Daryl\AppData\Roaming\Mozilla\Firefox\Profiles\515o7f8c.default\Extensions
 
\2020Player@2020Technologies.com
FF Extension: Move Media Player - C:\Users\Daryl\AppData\Roaming\Mozilla\Firefox\Profiles\515o7f8c.default\Extensions\moveplayer@movenetworks.com
FF Extension: Garmin Communicator - C:\Users\Daryl\AppData\Roaming\Mozilla\Firefox\Profiles\515o7f8c.default\Extensions\{195A3098-0BD5-4e90-AE22
 
-BA1C540AFD1E}
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Daryl\AppData\Roaming\Mozilla\Firefox\Profiles\515o7f8c.default\Extensions\{20a82645
 
-c095-46ed-80e3-08825760534b}
FF Extension: Google Toolbar for Firefox - C:\Users\Daryl\AppData\Roaming\Mozilla\Firefox\Profiles\515o7f8c.default\Extensions\{3112ca9c-de6d-
 
4884-a869-9855de68056c}
FF Extension: HP Detect - C:\Users\Daryl\AppData\Roaming\Mozilla\Firefox\Profiles\515o7f8c.default\Extensions\{ab91efd4-6975-4081-8552-
 
1b3922ed79e2}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation 
 
Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation
 
\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] C:\ProgramData\AVG Secure Search\FireFoxExt\15.4.0.5
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\15.4.0.5
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox
 
\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox
 
\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}
 
{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie=
 
{inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&
 
{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft 
 
Corporation)
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll (Catalina 
 
Marketing Corporation)
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll (Catalina 
 
Marketing Corporation)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll 
 
(RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (Bio3D) - C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
CHR Plugin: (ChemDraw) - C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll (AVG 
 
Technologies)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Magellan Plug-In) - C:\Program Files (x86)\Magellan\Magellan Communicator\npMgnPlg.dll (Magellan Navigation, Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins
 
\nprpchromebrowserrecordext.dll No File
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins
 
\nprphtml5videoshim.dll No File
CHR Plugin: (Unity Player) - C:\Users\Daryl\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft 
 
Corporation)
CHR Extension: (YouTube) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
 
\0.0.0.20_0
CHR Extension: (RealDownloader) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
 
\1.3.2_0
CHR Extension: (AVG Secure Search) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
 
\15.4.0.5_0
CHR Extension: (Gmail) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext
 
\realdownloader.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.4.0.5\avg.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe 
 
[759048 2009-05-14] (ABBYY)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [4038448 2013-06-11] (MediaMall Technologies, Inc.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [1616048 2013-07-29] 
 
(AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-07-29] (AVG Technologies)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2011-02-07] (MediaMall Technologies, Inc.)
R0 nvrd64; C:\Windows\System32\DRIVERS\nvrd64.sys [175648 2009-06-22] (NVIDIA Corporation)
R3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
S3 PTHDRBUS; C:\Windows\System32\DRIVERS\PTHDRBUS.sys [69264 2009-12-15] (DEVGURU Co., LTD.)
S3 PTHDRMDM; C:\Windows\System32\DRIVERS\PTHDRMDM.sys [176912 2009-12-15] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTHDRVSP; C:\Windows\System32\DRIVERS\PTHDRVSP.sys [176912 2009-12-15] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-05-20] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 ALSysIO; \??\C:\Users\Daryl\AppData\Local\Temp\ALSysIO64.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-08-12 01:22 - 2013-08-12 01:22 - 01575246 _____ (Farbar) C:\Users\Daryl\Desktop\FRST64.exe
2013-08-12 01:19 - 2013-08-12 01:19 - 00003206 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1653539408-1358835398-
 
3980875371-1000
2013-08-12 00:08 - 2013-08-12 00:08 - 00004352 _____ C:\Users\Daryl\Desktop\attach.zip
2013-08-12 00:01 - 2013-08-12 00:02 - 00029355 _____ C:\Users\Daryl\Desktop\dds.txt
2013-08-12 00:01 - 2013-08-12 00:02 - 00014633 _____ C:\Users\Daryl\Desktop\attach.txt
2013-08-11 23:59 - 2013-08-11 23:59 - 00688992 _____ (Swearware) C:\Users\Daryl\Downloads\dds (1).com
2013-08-11 23:58 - 2013-08-11 23:58 - 00688992 ____R (Swearware) C:\Users\Daryl\Desktop\dds.com
2013-08-06 07:33 - 2013-08-06 07:35 - 00004908 _____ C:\Users\Daryl\Desktop\Rkill.txt
2013-08-06 07:33 - 2013-08-06 07:33 - 01893504 _____ (Bleeping Computer, LLC) C:\Users\Daryl\Downloads\rkill.exe
2013-08-06 07:33 - 2013-08-06 07:33 - 01893504 _____ (Bleeping Computer, LLC) C:\Users\Daryl\Desktop\rkill.exe
2013-08-06 07:33 - 2013-08-06 07:33 - 00000000 ____D C:\Users\Daryl\Desktop\rkill
2013-08-06 00:12 - 2013-08-06 07:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-06 00:11 - 2013-08-06 07:32 - 00000000 ____D C:\Users\Daryl\Desktop\mbar
2013-08-06 00:10 - 2013-08-06 00:10 - 13399154 _____ C:\Users\Daryl\Downloads\mbar-1.06.0.1004.zip
2013-08-06 00:05 - 2013-08-06 00:06 - 00032845 _____ C:\Users\Daryl\Desktop\Result.txt
2013-08-06 00:04 - 2013-08-06 00:04 - 00760937 _____ (Farbar) C:\Users\Daryl\Desktop\MiniToolBox.exe
2013-08-06 00:03 - 2013-08-06 00:03 - 00003680 _____ C:\Users\Daryl\Desktop\FSS.txt
2013-08-06 00:02 - 2013-08-06 00:02 - 00357143 _____ (Farbar) C:\Users\Daryl\Desktop\FSS.exe
2013-08-05 23:51 - 2013-08-05 23:51 - 00891098 _____ C:\Users\Daryl\Desktop\SecurityCheck (2).exe
2013-08-05 10:36 - 2013-08-05 10:36 - 01010176 _____ C:\Users\Daryl\Downloads\MicrosoftFixit50884 (1).msi
2013-08-05 10:25 - 2013-08-05 10:28 - 00000000 ____D C:\Users\Daryl\AppData\Local\Avg2013
2013-08-05 10:02 - 2013-08-12 01:19 - 00003340 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1653539408-1358835398-
 
3980875371-1000
2013-08-04 23:23 - 2013-08-04 23:23 - 01052027 _____ C:\Users\Daryl\AppData\Local\census.cache
2013-08-04 23:21 - 2013-08-04 23:21 - 00251785 _____ C:\Users\Daryl\AppData\Local\ars.cache
2013-08-04 22:34 - 2013-08-04 22:34 - 00000000 _____ C:\Windows\system32\VBAJET32.DLL
2013-08-04 22:34 - 2013-08-04 22:34 - 00000000 _____ C:\Windows\system32\olepro32.DLL
2013-08-04 22:34 - 2013-08-04 22:34 - 00000000 _____ C:\Windows\system32\nvd3dum.dll
2013-08-04 22:34 - 2013-08-04 22:34 - 00000000 _____ C:\Windows\system32\MSVBVM60.DLL
2013-08-04 22:34 - 2013-08-04 22:34 - 00000000 _____ C:\Windows\system32\MFC71U.DLL
2013-08-04 22:34 - 2013-08-04 22:34 - 00000000 _____ C:\Windows\system32\expsrv.dll
2013-08-04 21:36 - 2013-08-04 21:36 - 02467424 _____ (Trend Micro Inc.) C:\Users\Daryl\Downloads\HousecallLauncher64.exe
2013-08-04 21:36 - 2013-08-04 21:36 - 00000036 _____ C:\Users\Daryl\AppData\Local\housecall.guid.cache
2013-08-03 19:55 - 2013-08-03 19:55 - 00891098 _____ C:\Users\Daryl\Downloads\SecurityCheck (1).exe
2013-08-03 19:25 - 2013-08-03 19:25 - 00347424 _____ (Microsoft Corporation) C:\Users\Daryl\Downloads
 
\MicrosoftFixit.WindowsFirewall.RNP.147299006259465503.1.1.Run.exe
2013-08-02 08:16 - 2013-08-03 18:39 - 00000270 _____ C:\Windows\wininit.ini
2013-08-02 08:13 - 2013-08-02 08:13 - 00891098 _____ C:\Users\Daryl\Downloads\SecurityCheck.exe
2013-08-02 08:00 - 2013-08-02 08:00 - 00002052 _____ C:\Windows\epplauncher.mif
2013-08-02 07:58 - 2013-08-02 07:58 - 13813944 _____ (Microsoft Corporation) C:\Users\Daryl\Downloads\mseinstall.exe
2013-08-01 23:13 - 2013-08-01 23:13 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-01 23:13 - 2013-08-01 23:13 - 00000000 _____ C:\autoexec.bat
2013-08-01 23:12 - 2013-08-02 08:38 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-01 23:11 - 2013-08-01 23:11 - 00726464 _____ (Enigma Software Group USA, LLC.) C:\Users\Daryl\Downloads\SpyHunter-Installer.exe
2013-07-31 22:20 - 2013-07-31 22:20 - 01010176 _____ C:\Users\Daryl\Downloads\MicrosoftFixit50884(1).msi
2013-07-31 22:06 - 2013-07-31 22:06 - 00000000 ____D C:\Users\Daryl\AppData\Roaming\Oracle
2013-07-31 22:01 - 2013-08-04 15:05 - 00000000 ____D C:\Windows\system32\MpEngineStore
2013-07-31 09:33 - 2013-07-31 09:33 - 00347424 _____ (Microsoft Corporation) C:\Users\Daryl\Downloads
 
\MicrosoftFixit.WinSecurity.FISC.150298712003383655.1.1.Run.exe
2013-07-31 09:17 - 2013-07-31 09:18 - 90495248 _____ (Microsoft Corporation) C:\Users\Daryl\Downloads\msert(1).exe
2013-07-29 19:24 - 2013-07-29 19:24 - 00000402 _____ C:\Users\Daryl\Desktop\repair.bat
2013-07-29 19:06 - 2013-07-29 19:06 - 01010176 _____ C:\Users\Daryl\Downloads\MicrosoftFixit50884.msi
2013-07-29 11:00 - 2013-07-29 11:01 - 90251536 _____ (Microsoft Corporation) C:\Users\Daryl\Downloads\msert.exe
2013-07-29 10:48 - 2013-07-29 10:48 - 00000000 ____H C:\Users\Daryl\Documents\Default.rdp
2013-07-22 11:17 - 2013-07-22 11:17 - 00015711 _____ C:\Users\Daryl\Downloads\Document.aspx
 
==================== One Month Modified Files and Folders =======
 
2013-08-12 01:23 - 2013-08-12 01:23 - 00000000 ____D C:\FRST
2013-08-12 01:22 - 2013-08-12 01:22 - 01575246 _____ (Farbar) C:\Users\Daryl\Desktop\FRST64.exe
2013-08-12 01:22 - 2013-02-12 18:36 - 00000000 ____D C:\Users\Daryl\AppData\Roaming\Box Sync
2013-08-12 01:22 - 2011-09-06 20:20 - 00000000 ____D C:\Users\Daryl\AppData\Roaming\Dropbox
2013-08-12 01:22 - 2009-07-24 19:40 - 00003660 _____ C:\Windows\System32\Tasks\HP Health Check
2013-08-12 01:21 - 2012-12-07 08:51 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-12 01:20 - 2011-09-29 07:18 - 00000000 ____D C:\Users\Daryl\AppData\Local\Htc
2013-08-12 01:20 - 2011-09-07 15:18 - 00000000 ___RD C:\Users\Daryl\Dropbox
2013-08-12 01:19 - 2013-08-12 01:19 - 00003206 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1653539408-1358835398-
 
3980875371-1000
2013-08-12 01:19 - 2013-08-05 10:02 - 00003340 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1653539408-1358835398-
 
3980875371-1000
2013-08-12 01:19 - 2013-06-08 12:26 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2013-08-12 01:19 - 2013-06-04 10:38 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-08-12 01:19 - 2012-12-07 08:51 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-12 01:18 - 2011-09-05 14:10 - 00000000 ____D C:\ProgramData\MediaMall
2013-08-12 01:18 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-12 01:18 - 2009-07-13 23:51 - 02258472 _____ C:\Windows\setupact.log
2013-08-12 00:11 - 2010-01-05 13:06 - 01158345 _____ C:\Windows\WindowsUpdate.log
2013-08-12 00:08 - 2013-08-12 00:08 - 00004352 _____ C:\Users\Daryl\Desktop\attach.zip
2013-08-12 00:02 - 2013-08-12 00:01 - 00029355 _____ C:\Users\Daryl\Desktop\dds.txt
2013-08-12 00:02 - 2013-08-12 00:01 - 00014633 _____ C:\Users\Daryl\Desktop\attach.txt
2013-08-12 00:01 - 2010-01-05 12:18 - 00011104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-
 
601632D005A0
2013-08-12 00:01 - 2010-01-05 12:18 - 00011104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-
 
601632D005A0
2013-08-11 23:59 - 2013-08-11 23:59 - 00688992 _____ (Swearware) C:\Users\Daryl\Downloads\dds (1).com
2013-08-11 23:58 - 2013-08-11 23:58 - 00688992 ____R (Swearware) C:\Users\Daryl\Desktop\dds.com
2013-08-11 23:57 - 2010-01-05 14:28 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B17C8110-D3EF-4E8E-9ED9-6A79076020C4}
2013-08-09 13:33 - 2010-01-05 14:08 - 00000000 ____D C:\Users\Daryl\AppData\Roaming\HpUpdate
2013-08-09 13:30 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-08-09 13:27 - 2009-07-14 00:08 - 00032656 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-06 13:15 - 2012-07-11 10:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-06 09:29 - 2010-01-05 12:52 - 00098354 _____ C:\Windows\PFRO.log
2013-08-06 07:35 - 2013-08-06 07:33 - 00004908 _____ C:\Users\Daryl\Desktop\Rkill.txt
2013-08-06 07:33 - 2013-08-06 07:33 - 01893504 _____ (Bleeping Computer, LLC) C:\Users\Daryl\Downloads\rkill.exe
2013-08-06 07:33 - 2013-08-06 07:33 - 01893504 _____ (Bleeping Computer, LLC) C:\Users\Daryl\Desktop\rkill.exe
2013-08-06 07:33 - 2013-08-06 07:33 - 00000000 ____D C:\Users\Daryl\Desktop\rkill
2013-08-06 07:32 - 2013-08-06 00:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-06 07:32 - 2013-08-06 00:11 - 00000000 ____D C:\Users\Daryl\Desktop\mbar
2013-08-06 00:10 - 2013-08-06 00:10 - 13399154 _____ C:\Users\Daryl\Downloads\mbar-1.06.0.1004.zip
2013-08-06 00:06 - 2013-08-06 00:05 - 00032845 _____ C:\Users\Daryl\Desktop\Result.txt
2013-08-06 00:04 - 2013-08-06 00:04 - 00760937 _____ (Farbar) C:\Users\Daryl\Desktop\MiniToolBox.exe
2013-08-06 00:03 - 2013-08-06 00:03 - 00003680 _____ C:\Users\Daryl\Desktop\FSS.txt
2013-08-06 00:02 - 2013-08-06 00:02 - 00357143 _____ (Farbar) C:\Users\Daryl\Desktop\FSS.exe
2013-08-05 23:51 - 2013-08-05 23:51 - 00891098 _____ C:\Users\Daryl\Desktop\SecurityCheck (2).exe
2013-08-05 10:36 - 2013-08-05 10:36 - 01010176 _____ C:\Users\Daryl\Downloads\MicrosoftFixit50884 (1).msi
2013-08-05 10:28 - 2013-08-05 10:25 - 00000000 ____D C:\Users\Daryl\AppData\Local\Avg2013
2013-08-05 10:28 - 2010-10-24 17:52 - 00000000 ____D C:\ProgramData\MFAData
2013-08-05 10:11 - 2012-09-10 08:41 - 00000000 ____D C:\Users\Daryl\AppData\Roaming\Epson
2013-08-05 10:11 - 2012-09-10 08:38 - 00000000 ____D C:\ProgramData\EPSON
2013-08-04 23:23 - 2013-08-04 23:23 - 01052027 _____ C:\Users\Daryl\AppData\Local\census.cache
2013-08-04 23:21 - 2013-08-04 23:21 - 00251785 _____ C:\Users\Daryl\AppData\Local\ars.cache
2013-08-04 22:34 - 2013-08-04 22:34 - 00000000 _____ C:\Windows\system32\VBAJET32.DLL
2013-08-04 22:34 - 2013-08-04 22:34 - 00000000 _____ C:\Windows\system32\olepro32.DLL
2013-08-04 22:34 - 2013-08-04 22:34 - 00000000 _____ C:\Windows\system32\nvd3dum.dll
2013-08-04 22:34 - 2013-08-04 22:34 - 00000000 _____ C:\Windows\system32\MSVBVM60.DLL
2013-08-04 22:34 - 2013-08-04 22:34 - 00000000 _____ C:\Windows\system32\MFC71U.DLL
2013-08-04 22:34 - 2013-08-04 22:34 - 00000000 _____ C:\Windows\system32\expsrv.dll
2013-08-04 21:36 - 2013-08-04 21:36 - 02467424 _____ (Trend Micro Inc.) C:\Users\Daryl\Downloads\HousecallLauncher64.exe
2013-08-04 21:36 - 2013-08-04 21:36 - 00000036 _____ C:\Users\Daryl\AppData\Local\housecall.guid.cache
2013-08-04 15:05 - 2013-07-31 22:01 - 00000000 ____D C:\Windows\system32\MpEngineStore
2013-08-04 08:48 - 2011-08-26 17:35 - 00000000 ___HD C:\Program Files (x86)\Vqtkfotshcfwr
2013-08-03 22:07 - 2010-01-05 12:20 - 00000000 ____D C:\Users\Daryl
2013-08-03 19:55 - 2013-08-03 19:55 - 00891098 _____ C:\Users\Daryl\Downloads\SecurityCheck (1).exe
2013-08-03 19:25 - 2013-08-03 19:25 - 00347424 _____ (Microsoft Corporation) C:\Users\Daryl\Downloads
 
\MicrosoftFixit.WindowsFirewall.RNP.147299006259465503.1.1.Run.exe
2013-08-03 18:39 - 2013-08-02 08:16 - 00000270 _____ C:\Windows\wininit.ini
2013-08-02 12:11 - 2009-10-16 20:33 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-08-02 08:38 - 2013-08-01 23:12 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-02 08:13 - 2013-08-02 08:13 - 00891098 _____ C:\Users\Daryl\Downloads\SecurityCheck.exe
2013-08-02 08:00 - 2013-08-02 08:00 - 00002052 _____ C:\Windows\epplauncher.mif
2013-08-02 07:58 - 2013-08-02 07:58 - 13813944 _____ (Microsoft Corporation) C:\Users\Daryl\Downloads\mseinstall.exe
2013-08-01 23:43 - 2012-08-19 19:11 - 00001603 _____ C:\Users\Jackie\Desktop\Hemoglobin_t-r_state_aniA - Shortcut.lnk
2013-08-01 23:43 - 2012-08-19 18:50 - 00001102 _____ C:\Users\Jackie\Desktop\Video Converter.lnk
2013-08-01 23:13 - 2013-08-01 23:13 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-01 23:13 - 2013-08-01 23:13 - 00000000 _____ C:\autoexec.bat
2013-08-01 23:11 - 2013-08-01 23:11 - 00726464 _____ (Enigma Software Group USA, LLC.) C:\Users\Daryl\Downloads\SpyHunter-Installer.exe
2013-08-01 16:21 - 2011-10-01 08:07 - 00000000 ____D C:\Users\Katie and Liz\AppData\Local\Htc
2013-07-31 22:20 - 2013-07-31 22:20 - 01010176 _____ C:\Users\Daryl\Downloads\MicrosoftFixit50884(1).msi
2013-07-31 22:07 - 2009-08-09 16:15 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-31 22:06 - 2013-07-31 22:06 - 00000000 ____D C:\Users\Daryl\AppData\Roaming\Oracle
2013-07-31 22:01 - 2010-07-30 13:27 - 00000000 ____D C:\Users\Public\Downloads\GPS
2013-07-31 20:12 - 2012-12-07 08:51 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-31 14:00 - 2012-08-20 07:14 - 00001075 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-31 14:00 - 2012-08-20 07:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-31 09:33 - 2013-07-31 09:33 - 00347424 _____ (Microsoft Corporation) C:\Users\Daryl\Downloads
 
\MicrosoftFixit.WinSecurity.FISC.150298712003383655.1.1.Run.exe
2013-07-31 09:18 - 2013-07-31 09:17 - 90495248 _____ (Microsoft Corporation) C:\Users\Daryl\Downloads\msert(1).exe
2013-07-29 19:24 - 2013-07-29 19:24 - 00000402 _____ C:\Users\Daryl\Desktop\repair.bat
2013-07-29 19:06 - 2013-07-29 19:06 - 01010176 _____ C:\Users\Daryl\Downloads\MicrosoftFixit50884.msi
2013-07-29 12:01 - 2013-07-09 11:07 - 00003228 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1653539408-1358835398-
 
3980875371-1000
2013-07-29 12:01 - 2013-06-11 09:47 - 00003362 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1653539408-
 
1358835398-3980875371-1000
2013-07-29 11:01 - 2013-07-29 11:00 - 90251536 _____ (Microsoft Corporation) C:\Users\Daryl\Downloads\msert.exe
2013-07-29 10:48 - 2013-07-29 10:48 - 00000000 ____H C:\Users\Daryl\Documents\Default.rdp
2013-07-29 08:49 - 2013-06-27 17:37 - 00003715 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-07-29 08:48 - 2012-09-27 21:38 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-07-29 08:48 - 2012-09-27 21:38 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-07-26 17:20 - 2013-03-05 08:52 - 00000000 ____D C:\Users\Daryl\Documents\2012 Taxes
2013-07-26 10:55 - 2010-01-06 13:57 - 00003958 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{459ACF06-DB11-48DA-A7D0-D4163D4F7CA8}
2013-07-25 10:52 - 2010-08-17 18:57 - 00003188 _____ C:\Windows\System32\Tasks\HPCeeScheduleForDaryl
2013-07-25 10:52 - 2010-08-17 18:57 - 00000334 _____ C:\Windows\Tasks\HPCeeScheduleForDaryl.job
2013-07-23 18:07 - 2013-01-13 19:56 - 00000000 ____D C:\Users\Katie\AppData\Local\Htc
2013-07-22 11:59 - 2009-07-25 14:29 - 00000000 ____D C:\Users\Daryl\AppData\Local\Adobe
2013-07-22 11:57 - 2012-07-11 10:56 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-22 11:57 - 2012-04-12 15:38 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-22 11:57 - 2011-05-25 19:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-22 11:17 - 2013-07-22 11:17 - 00015711 _____ C:\Users\Daryl\Downloads\Document.aspx
2013-07-16 07:16 - 2012-12-07 08:51 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-16 07:16 - 2012-12-07 08:51 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$544d7e6da79a3517aef6700e1f6a15c5
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$544d7e6da79a3517aef6700e1f6a15c5
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-08-02 00:30
 
==================== End Of Log ============================

 

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:20 PM

Posted 12 August 2013 - 02:02 AM

Hi,

 

 

We need to disable Spybot S&D's "TeaTimer"

 

TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.

  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click mode.png and then on "Advanced Mode"
    advanced%20mode.png
  • You may be presented with a warning dialog. If so, press btnYes.png
  • Click on tools.png
  • Click on resident.png
  • Uncheck this checkbox:
    teatimercheck.png
  • Close/Exit Spybot Search and Destroy

 

 

 

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#5 Dorkgeez

Dorkgeez
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 12 August 2013 - 07:21 AM

One more log as requested.

 

Thanks again.

 

Dorkgeez

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-08-2013 02
Ran by Daryl at 2013-08-12 07:20:06 Run:1
Running from C:\Users\Daryl\Desktop
Boot Mode: Normal
==============================================
 
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4F62B9A3-E493-45EB-A0C2-73BD30D0FE67} => Key deleted successfully.
HKCR\CLSID\{4F62B9A3-E493-45EB-A0C2-73BD30D0FE67} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{4F62B9A3-E493-45EB-A0C2-73BD30D0FE67} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{4F62B9A3-E493-45EB-A0C2-73BD30D0FE67} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Key deleted successfully.
HKCR\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4F62B9A3-E493-45EB-A0C2-73BD30D0FE67} => Key deleted successfully.
HKCR\CLSID\{4F62B9A3-E493-45EB-A0C2-73BD30D0FE67} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Key deleted successfully.
C:\Program Files (x86)\vShare => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Value deleted successfully.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Value deleted successfully.
HKCR\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Key not found.
HKCR\PROTOCOLS\Handler\vsharechrome => Key deleted successfully.
HKCR\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\vsharechrome => Key not found.
HKCR\Wow6432Node\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} => Key deleted successfully.
 
========================= Folder: C:\Program Files (x86)\Vqtkfotshcfwr ========================
 
2011-12-20 17:35 - 2011-12-20 17:35 - 0000000 ____D () C:\Program Files (x86)\Vqtkfotshcfwr\Log
2011-12-20 17:35 - 2011-12-20 17:35 - 0000000 ____D () C:\Program Files (x86)\Vqtkfotshcfwr\Log\Audio
2011-12-20 17:35 - 2011-12-20 17:35 - 0000000 ____D () C:\Program Files (x86)\Vqtkfotshcfwr\Log\Text
2011-12-20 17:35 - 2011-12-27 12:17 - 0000000 ____D () C:\Program Files (x86)\Vqtkfotshcfwr\Log\Visual
2011-06-17 17:35 - 2011-06-17 17:35 - 0019954 ____A () C:\Program Files (x86)\Vqtkfotshcfwr\unins000.dat
2011-01-17 17:35 - 2011-01-17 17:35 - 0708211 ____A () C:\Program Files (x86)\Vqtkfotshcfwr\unins000.exe
2011-12-20 17:35 - 2011-12-20 22:28 - 18624216 ____A () C:\Program Files (x86)\Vqtkfotshcfwr\Log\Visual\12202011.dat
2011-12-21 06:44 - 2011-12-21 11:35 - 179700590 ____A () C:\Program Files (x86)\Vqtkfotshcfwr\Log\Visual\12212011.dat
2011-12-22 09:07 - 2011-12-22 22:19 - 351449518 ____A () C:\Program Files (x86)\Vqtkfotshcfwr\Log\Visual\12222011.dat
2011-12-23 08:45 - 2011-12-23 19:24 - 453162959 ____A () C:\Program Files (x86)\Vqtkfotshcfwr\Log\Visual\12232011.dat
2011-12-24 08:22 - 2011-12-24 09:10 - 79025136 ____A () C:\Program Files (x86)\Vqtkfotshcfwr\Log\Visual\12242011.dat
2011-12-26 14:01 - 2011-12-26 22:00 - 196547932 ____A () C:\Program Files (x86)\Vqtkfotshcfwr\Log\Visual\12262011.dat
2011-12-27 12:17 - 2011-12-27 15:21 - 64232900 ____A () C:\Program Files (x86)\Vqtkfotshcfwr\Log\Visual\12272011.dat
2011-12-20 17:35 - 2011-12-27 15:21 - 0070964 ____A () C:\Program Files (x86)\Vqtkfotshcfwr\Log\Text\aiotxt.dat
2011-12-20 17:35 - 2011-12-27 12:19 - 0050886 ____A () C:\Program Files (x86)\Vqtkfotshcfwr\Log\Text\aioweb.dat
 
====== End of Folder: ======
C:\$Recycle.Bin\S-1-5-18\$544d7e6da79a3517aef6700e1f6a15c5 => Moved successfully.
 
==== End of Fixlog ====


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:20 PM

Posted 12 August 2013 - 11:16 AM

Hi,

 

 

Please re-run FRST as described here and attach the new logs to your next reply. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#7 Dorkgeez

Dorkgeez
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 12 August 2013 - 11:29 AM

More logs for your Georgi,

 

I didn't get a Addition log this time.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-08-2013 02
Ran by Daryl (administrator) on 12-08-2013 11:24:41
Running from C:\Users\Daryl\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NVIDIA Corporation) C:\Windows\System32\nvraidservice.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
() C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Box, Inc.) C:\Program Files\Box Sync\BoxSyncHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\PlayOn.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Box, Inc.) C:\Program Files\Box Sync\BoxSync.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(CyberLink) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\PNAMAIN.EXE
(Dropbox, Inc.) C:\Users\Daryl\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Audiovox Electronics Corp.) C:\Users\Daryl\Documents\RCA Detective\RCADetective.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [HP Remote Software] - C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe [172032 2009-02-06] ()
HKLM\...\Run: [NVRaidService] - C:\Windows\system32\nvraidservice.exe [333344 2008-08-18] (NVIDIA Corporation)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [915512 2009-03-05] (Hewlett-Packard)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16335976 2009-10-30] (NVIDIA Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [BoxSyncHelper] - C:\Program Files\Box Sync\BoxSyncHelper.exe [393216 2013-06-07] (Box, Inc.)
HKLM\...\RunOnce: [PCDrProfiler] - "C:\Program Files\PC-Doctor for Windows\RunProfiler.exe" -r [136176 2009-06-26] (PC-Doctor, Inc.)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [163328 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-30] (Hewlett-Packard)
HKCU\...\Run: [ISUSPM] - "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [x]
HKCU\...\Run: [Easy Dock] -  [x]
HKCU\...\Run: [PlayOn] - C:\Program Files (x86)\MediaMall\PlayOn.exe [63832 2013-06-11] (MediaMall Technologies, Inc.)
HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE [241280 2013-01-16] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [iSpy] - "C:\Program Files (x86)\iSpy\iSpy\iSpy.exe" -silent [x]
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {474d6565-060d-11df-8965-00248cf97af9} - K:\LaunchU3.exe -a
HKLM-x32\...\Run: [Easy Dock] -  [x]
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Health Check Scheduler] - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-04] (Hewlett-Packard)
HKLM-x32\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [Microsoft Default Manager] - c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [224616 2009-02-06] (Microsoft Corp.)
HKLM-x32\...\Run: [Monitor] - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [443728 2009-11-10] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] - c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2009-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [KBD] - C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE [12288 2008-07-21] (Microsoft)
HKLM-x32\...\Run: [HP Remote Solution] - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-05-26] ()
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [HTC Sync Loader] - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [651264 2012-04-17] ()
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2285232 2013-07-29] ()
HKLM-x32\...\Run: [BsMnt] - C:\Windows\BisonCam\BsMnt.exe [x]
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [371864 2012-04-05] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] - c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-06-28] (RealNetworks, Inc.)
HKU\Default\...\Run: [HPADVISOR] -  [x]
HKU\Default User\...\Run: [HPADVISOR] -  [x]
HKU\Jackie\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-30] (Hewlett-Packard)
HKU\Jackie\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [163328 2010-11-20] (Microsoft Corporation)
HKU\Jackie\...\Run: [ISUSPM] - "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [x]
HKU\Jackie\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-06-04] (AVG Secure Search)
HKU\Jackie\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] - C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe [1266712 2013-06-08] (AVG Secure Search)
HKU\Jackie\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe -update plugin [x]
HKU\Jackie\...\Policies\system: [LogonHoursAction] 2
HKU\Jackie\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Katie\...\Run: [HPADVISOR] -  [x]
HKU\Katie\...\RunOnce: [Application Restart #0] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKU\Katie\...\Policies\system: [LogonHoursAction] 2
HKU\Katie\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Katie and Liz\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-30] (Hewlett-Packard)
HKU\Katie and Liz\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [163328 2010-11-20] (Microsoft Corporation)
HKU\Katie and Liz\...\Run: [ISUSPM] - "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [x]
HKU\Katie and Liz\...\Run: [ConnectionCenter] - C:\Users\Katie and Liz\AppData\Local\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)
HKU\Katie and Liz\...\Policies\system: [LogonHoursAction] 2
HKU\Katie and Liz\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll [257176 2012-04-05] (Citrix Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Box Sync.lnk
ShortcutTarget: Box Sync.lnk -> C:\Program Files\Box Sync\BoxSync.exe (Box, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Receiver.lnk
ShortcutTarget: Receiver.lnk -> C:\Windows\Installer\{83137F14-B84A-42C4-AA31-9C7FE24F4398}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe ()
Startup: C:\Users\Daryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Daryl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Daryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Daryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk
ShortcutTarget: RCA Detective.lnk -> C:\Users\Daryl\Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)
Startup: C:\Users\Jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Daryl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope {665C19F7-943F-491C-9285-27912C9A2E15} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM - {665C19F7-943F-491C-9285-27912C9A2E15} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 - DefaultScope {665C19F7-943F-491C-9285-27912C9A2E15} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 - {665C19F7-943F-491C-9285-27912C9A2E15} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: CtxIEInterceptorBHO Class - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll (Citrix Systems, Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Daryl\AppData\Roaming\Mozilla\Firefox\Profiles\515o7f8c.default
FF user.js: detected! => C:\Users\Daryl\AppData\Roaming\Mozilla\Firefox\Profiles\515o7f8c.default\user.js
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://www.google.com/search?q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=12.0 - C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=12.0 - C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @MagellanGPS.com/CommunicationPlugin - C:\Program Files (x86)\Magellan\Magellan Communicator\npMgnPlg.dll (Magellan Navigation, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Daryl\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: No Name - C:\Users\Daryl\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Visualisateur 3D de 20-20 - C:\Users\Daryl\AppData\Roaming\Mozilla\Firefox\Profiles\515o7f8c.default\Extensions\2020Player@2020Technologies.com
FF Extension: Move Media Player - C:\Users\Daryl\AppData\Roaming\Mozilla\Firefox\Profiles\515o7f8c.default\Extensions\moveplayer@movenetworks.com
FF Extension: Garmin Communicator - C:\Users\Daryl\AppData\Roaming\Mozilla\Firefox\Profiles\515o7f8c.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Daryl\AppData\Roaming\Mozilla\Firefox\Profiles\515o7f8c.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Google Toolbar for Firefox - C:\Users\Daryl\AppData\Roaming\Mozilla\Firefox\Profiles\515o7f8c.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: HP Detect - C:\Users\Daryl\AppData\Roaming\Mozilla\Firefox\Profiles\515o7f8c.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] C:\ProgramData\AVG Secure Search\FireFoxExt\15.4.0.5
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\15.4.0.5
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll (Catalina Marketing Corporation)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (Bio3D) - C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
CHR Plugin: (ChemDraw) - C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Magellan Plug-In) - C:\Program Files (x86)\Magellan\Magellan Communicator\npMgnPlg.dll (Magellan Navigation, Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (Unity Player) - C:\Users\Daryl\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (RealDownloader) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0
CHR Extension: (AVG Secure Search) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.4.0.5_0
CHR Extension: (Gmail) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.4.0.5\avg.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [4038448 2013-06-11] (MediaMall Technologies, Inc.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [1616048 2013-07-29] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-07-29] (AVG Technologies)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2011-02-07] (MediaMall Technologies, Inc.)
R0 nvrd64; C:\Windows\System32\DRIVERS\nvrd64.sys [175648 2009-06-22] (NVIDIA Corporation)
R3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
S3 PTHDRBUS; C:\Windows\System32\DRIVERS\PTHDRBUS.sys [69264 2009-12-15] (DEVGURU Co., LTD.)
S3 PTHDRMDM; C:\Windows\System32\DRIVERS\PTHDRMDM.sys [176912 2009-12-15] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTHDRVSP; C:\Windows\System32\DRIVERS\PTHDRVSP.sys [176912 2009-12-15] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-05-20] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 ALSysIO; \??\C:\Users\Daryl\AppData\Local\Temp\ALSysIO64.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-08-12 07:19 - 2013-08-12 07:19 - 00001518 _____ C:\Users\Daryl\Downloads\fixlist.txt
2013-08-12 01:25 - 2013-08-12 01:26 - 00059768 _____ C:\Users\Daryl\Desktop\1FRST.txt
2013-08-12 01:25 - 2013-08-12 01:25 - 00032536 _____ C:\Users\Daryl\Desktop\1Addition.txt
2013-08-12 01:23 - 2013-08-12 01:23 - 00000000 ____D C:\FRST
2013-08-12 01:22 - 2013-08-12 01:22 - 01575246 _____ (Farbar) C:\Users\Daryl\Desktop\FRST64.exe
2013-08-12 01:19 - 2013-08-12 11:20 - 00003206 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1653539408-1358835398-3980875371-1000
2013-08-12 00:08 - 2013-08-12 00:08 - 00004352 _____ C:\Users\Daryl\Desktop\attach.zip
2013-08-12 00:01 - 2013-08-12 00:02 - 00029355 _____ C:\Users\Daryl\Desktop\dds.txt
2013-08-12 00:01 - 2013-08-12 00:02 - 00014633 _____ C:\Users\Daryl\Desktop\attach.txt
2013-08-11 23:59 - 2013-08-11 23:59 - 00688992 _____ (Swearware) C:\Users\Daryl\Downloads\dds (1).com
2013-08-11 23:58 - 2013-08-11 23:58 - 00688992 ____R (Swearware) C:\Users\Daryl\Desktop\dds.com
2013-08-06 07:33 - 2013-08-06 07:35 - 00004908 _____ C:\Users\Daryl\Desktop\Rkill.txt
2013-08-06 07:33 - 2013-08-06 07:33 - 01893504 _____ (Bleeping Computer, LLC) C:\Users\Daryl\Downloads\rkill.exe
2013-08-06 07:33 - 2013-08-06 07:33 - 01893504 _____ (Bleeping Computer, LLC) C:\Users\Daryl\Desktop\rkill.exe
2013-08-06 07:33 - 2013-08-06 07:33 - 00000000 ____D C:\Users\Daryl\Desktop\rkill
2013-08-06 00:12 - 2013-08-06 07:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-06 00:11 - 2013-08-06 07:32 - 00000000 ____D C:\Users\Daryl\Desktop\mbar
2013-08-06 00:10 - 2013-08-06 00:10 - 13399154 _____ C:\Users\Daryl\Downloads\mbar-1.06.0.1004.zip
2013-08-06 00:05 - 2013-08-06 00:06 - 00032845 _____ C:\Users\Daryl\Desktop\Result.txt
2013-08-06 00:04 - 2013-08-06 00:04 - 00760937 _____ (Farbar) C:\Users\Daryl\Desktop\MiniToolBox.exe
2013-08-06 00:03 - 2013-08-06 00:03 - 00003680 _____ C:\Users\Daryl\Desktop\FSS.txt
2013-08-06 00:02 - 2013-08-06 00:02 - 00357143 _____ (Farbar) C:\Users\Daryl\Desktop\FSS.exe
2013-08-05 23:51 - 2013-08-05 23:51 - 00891098 _____ C:\Users\Daryl\Desktop\SecurityCheck (2).exe
2013-08-05 10:36 - 2013-08-05 10:36 - 01010176 _____ C:\Users\Daryl\Downloads\MicrosoftFixit50884 (1).msi
2013-08-05 10:25 - 2013-08-05 10:28 - 00000000 ____D C:\Users\Daryl\AppData\Local\Avg2013
2013-08-05 10:02 - 2013-08-12 11:20 - 00003340 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1653539408-1358835398-3980875371-1000
2013-08-04 23:23 - 2013-08-04 23:23 - 01052027 _____ C:\Users\Daryl\AppData\Local\census.cache
2013-08-04 23:21 - 2013-08-04 23:21 - 00251785 _____ C:\Users\Daryl\AppData\Local\ars.cache
2013-08-04 22:34 - 2013-08-04 22:34 - 00000000 _____ C:\Windows\system32\VBAJET32.DLL
2013-08-04 22:34 - 2013-08-04 22:34 - 00000000 _____ C:\Windows\system32\olepro32.DLL
2013-08-04 22:34 - 2013-08-04 22:34 - 00000000 _____ C:\Windows\system32\nvd3dum.dll
2013-08-04 22:34 - 2013-08-04 22:34 - 00000000 _____ C:\Windows\system32\MSVBVM60.DLL
2013-08-04 22:34 - 2013-08-04 22:34 - 00000000 _____ C:\Windows\system32\MFC71U.DLL
2013-08-04 22:34 - 2013-08-04 22:34 - 00000000 _____ C:\Windows\system32\expsrv.dll
2013-08-04 21:36 - 2013-08-04 21:36 - 02467424 _____ (Trend Micro Inc.) C:\Users\Daryl\Downloads\HousecallLauncher64.exe
2013-08-04 21:36 - 2013-08-04 21:36 - 00000036 _____ C:\Users\Daryl\AppData\Local\housecall.guid.cache
2013-08-03 19:55 - 2013-08-03 19:55 - 00891098 _____ C:\Users\Daryl\Downloads\SecurityCheck (1).exe
2013-08-03 19:25 - 2013-08-03 19:25 - 00347424 _____ (Microsoft Corporation) C:\Users\Daryl\Downloads\MicrosoftFixit.WindowsFirewall.RNP.147299006259465503.1.1.Run.exe
2013-08-02 08:16 - 2013-08-03 18:39 - 00000270 _____ C:\Windows\wininit.ini
2013-08-02 08:13 - 2013-08-02 08:13 - 00891098 _____ C:\Users\Daryl\Downloads\SecurityCheck.exe
2013-08-02 08:00 - 2013-08-02 08:00 - 00002052 _____ C:\Windows\epplauncher.mif
2013-08-02 07:58 - 2013-08-02 07:58 - 13813944 _____ (Microsoft Corporation) C:\Users\Daryl\Downloads\mseinstall.exe
2013-08-01 23:13 - 2013-08-01 23:13 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-01 23:13 - 2013-08-01 23:13 - 00000000 _____ C:\autoexec.bat
2013-08-01 23:12 - 2013-08-02 08:38 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-01 23:11 - 2013-08-01 23:11 - 00726464 _____ (Enigma Software Group USA, LLC.) C:\Users\Daryl\Downloads\SpyHunter-Installer.exe
2013-07-31 22:20 - 2013-07-31 22:20 - 01010176 _____ C:\Users\Daryl\Downloads\MicrosoftFixit50884(1).msi
2013-07-31 22:06 - 2013-07-31 22:06 - 00000000 ____D C:\Users\Daryl\AppData\Roaming\Oracle
2013-07-31 22:01 - 2013-08-04 15:05 - 00000000 ____D C:\Windows\system32\MpEngineStore
2013-07-31 09:33 - 2013-07-31 09:33 - 00347424 _____ (Microsoft Corporation) C:\Users\Daryl\Downloads\MicrosoftFixit.WinSecurity.FISC.150298712003383655.1.1.Run.exe
2013-07-31 09:17 - 2013-07-31 09:18 - 90495248 _____ (Microsoft Corporation) C:\Users\Daryl\Downloads\msert(1).exe
2013-07-29 19:24 - 2013-07-29 19:24 - 00000402 _____ C:\Users\Daryl\Desktop\repair.bat
2013-07-29 19:06 - 2013-07-29 19:06 - 01010176 _____ C:\Users\Daryl\Downloads\MicrosoftFixit50884.msi
2013-07-29 11:00 - 2013-07-29 11:01 - 90251536 _____ (Microsoft Corporation) C:\Users\Daryl\Downloads\msert.exe
2013-07-29 10:48 - 2013-07-29 10:48 - 00000000 ____H C:\Users\Daryl\Documents\Default.rdp
2013-07-22 11:17 - 2013-07-22 11:17 - 00015711 _____ C:\Users\Daryl\Downloads\Document.aspx
 
==================== One Month Modified Files and Folders =======
 
2013-08-12 11:24 - 2013-02-12 18:36 - 00000000 ____D C:\Users\Daryl\AppData\Roaming\Box Sync
2013-08-12 11:24 - 2009-07-24 19:40 - 00003660 _____ C:\Windows\System32\Tasks\HP Health Check
2013-08-12 11:23 - 2011-09-06 20:20 - 00000000 ____D C:\Users\Daryl\AppData\Roaming\Dropbox
2013-08-12 11:22 - 2011-09-29 07:18 - 00000000 ____D C:\Users\Daryl\AppData\Local\Htc
2013-08-12 11:22 - 2011-09-07 15:18 - 00000000 ___RD C:\Users\Daryl\Dropbox
2013-08-12 11:21 - 2012-12-07 08:51 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-12 11:20 - 2013-08-12 01:19 - 00003206 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1653539408-1358835398-3980875371-1000
2013-08-12 11:20 - 2013-08-05 10:02 - 00003340 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1653539408-1358835398-3980875371-1000
2013-08-12 11:20 - 2013-06-08 12:26 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2013-08-12 11:20 - 2013-06-04 10:38 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-08-12 11:20 - 2012-12-07 08:51 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-12 11:20 - 2011-09-05 14:10 - 00000000 ____D C:\ProgramData\MediaMall
2013-08-12 11:20 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-12 11:20 - 2009-07-13 23:51 - 02269060 _____ C:\Windows\setupact.log
2013-08-12 07:24 - 2010-01-05 13:06 - 01174021 _____ C:\Windows\WindowsUpdate.log
2013-08-12 07:19 - 2013-08-12 07:19 - 00001518 _____ C:\Users\Daryl\Downloads\fixlist.txt
2013-08-12 07:19 - 2010-01-05 12:18 - 00011104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-12 07:19 - 2010-01-05 12:18 - 00011104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-12 07:15 - 2012-07-11 10:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-12 01:26 - 2013-08-12 01:25 - 00059768 _____ C:\Users\Daryl\Desktop\1FRST.txt
2013-08-12 01:25 - 2013-08-12 01:25 - 00032536 _____ C:\Users\Daryl\Desktop\1Addition.txt
2013-08-12 01:23 - 2013-08-12 01:23 - 00000000 ____D C:\FRST
2013-08-12 01:22 - 2013-08-12 01:22 - 01575246 _____ (Farbar) C:\Users\Daryl\Desktop\FRST64.exe
2013-08-12 00:08 - 2013-08-12 00:08 - 00004352 _____ C:\Users\Daryl\Desktop\attach.zip
2013-08-12 00:02 - 2013-08-12 00:01 - 00029355 _____ C:\Users\Daryl\Desktop\dds.txt
2013-08-12 00:02 - 2013-08-12 00:01 - 00014633 _____ C:\Users\Daryl\Desktop\attach.txt
2013-08-11 23:59 - 2013-08-11 23:59 - 00688992 _____ (Swearware) C:\Users\Daryl\Downloads\dds (1).com
2013-08-11 23:58 - 2013-08-11 23:58 - 00688992 ____R (Swearware) C:\Users\Daryl\Desktop\dds.com
2013-08-11 23:57 - 2010-01-05 14:28 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B17C8110-D3EF-4E8E-9ED9-6A79076020C4}
2013-08-09 13:33 - 2010-01-05 14:08 - 00000000 ____D C:\Users\Daryl\AppData\Roaming\HpUpdate
2013-08-09 13:30 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-08-09 13:27 - 2009-07-14 00:08 - 00032656 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-06 09:29 - 2010-01-05 12:52 - 00098354 _____ C:\Windows\PFRO.log
2013-08-06 07:35 - 2013-08-06 07:33 - 00004908 _____ C:\Users\Daryl\Desktop\Rkill.txt
2013-08-06 07:33 - 2013-08-06 07:33 - 01893504 _____ (Bleeping Computer, LLC) C:\Users\Daryl\Downloads\rkill.exe
2013-08-06 07:33 - 2013-08-06 07:33 - 01893504 _____ (Bleeping Computer, LLC) C:\Users\Daryl\Desktop\rkill.exe
2013-08-06 07:33 - 2013-08-06 07:33 - 00000000 ____D C:\Users\Daryl\Desktop\rkill
2013-08-06 07:32 - 2013-08-06 00:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-06 07:32 - 2013-08-06 00:11 - 00000000 ____D C:\Users\Daryl\Desktop\mbar
2013-08-06 00:10 - 2013-08-06 00:10 - 13399154 _____ C:\Users\Daryl\Downloads\mbar-1.06.0.1004.zip
2013-08-06 00:06 - 2013-08-06 00:05 - 00032845 _____ C:\Users\Daryl\Desktop\Result.txt
2013-08-06 00:04 - 2013-08-06 00:04 - 00760937 _____ (Farbar) C:\Users\Daryl\Desktop\MiniToolBox.exe
2013-08-06 00:03 - 2013-08-06 00:03 - 00003680 _____ C:\Users\Daryl\Desktop\FSS.txt
2013-08-06 00:02 - 2013-08-06 00:02 - 00357143 _____ (Farbar) C:\Users\Daryl\Desktop\FSS.exe
2013-08-05 23:51 - 2013-08-05 23:51 - 00891098 _____ C:\Users\Daryl\Desktop\SecurityCheck (2).exe
2013-08-05 10:36 - 2013-08-05 10:36 - 01010176 _____ C:\Users\Daryl\Downloads\MicrosoftFixit50884 (1).msi
2013-08-05 10:28 - 2013-08-05 10:25 - 00000000 ____D C:\Users\Daryl\AppData\Local\Avg2013
2013-08-05 10:28 - 2010-10-24 17:52 - 00000000 ____D C:\ProgramData\MFAData
2013-08-05 10:11 - 2012-09-10 08:41 - 00000000 ____D C:\Users\Daryl\AppData\Roaming\Epson
2013-08-05 10:11 - 2012-09-10 08:38 - 00000000 ____D C:\ProgramData\EPSON
2013-08-04 23:23 - 2013-08-04 23:23 - 01052027 _____ C:\Users\Daryl\AppData\Local\census.cache
2013-08-04 23:21 - 2013-08-04 23:21 - 00251785 _____ C:\Users\Daryl\AppData\Local\ars.cache
2013-08-04 22:34 - 2013-08-04 22:34 - 00000000 _____ C:\Windows\system32\VBAJET32.DLL
2013-08-04 22:34 - 2013-08-04 22:34 - 00000000 _____ C:\Windows\system32\olepro32.DLL
2013-08-04 22:34 - 2013-08-04 22:34 - 00000000 _____ C:\Windows\system32\nvd3dum.dll
2013-08-04 22:34 - 2013-08-04 22:34 - 00000000 _____ C:\Windows\system32\MSVBVM60.DLL
2013-08-04 22:34 - 2013-08-04 22:34 - 00000000 _____ C:\Windows\system32\MFC71U.DLL
2013-08-04 22:34 - 2013-08-04 22:34 - 00000000 _____ C:\Windows\system32\expsrv.dll
2013-08-04 21:36 - 2013-08-04 21:36 - 02467424 _____ (Trend Micro Inc.) C:\Users\Daryl\Downloads\HousecallLauncher64.exe
2013-08-04 21:36 - 2013-08-04 21:36 - 00000036 _____ C:\Users\Daryl\AppData\Local\housecall.guid.cache
2013-08-04 15:05 - 2013-07-31 22:01 - 00000000 ____D C:\Windows\system32\MpEngineStore
2013-08-04 08:48 - 2011-08-26 17:35 - 00000000 ___HD C:\Program Files (x86)\Vqtkfotshcfwr
2013-08-03 22:07 - 2010-01-05 12:20 - 00000000 ____D C:\Users\Daryl
2013-08-03 19:55 - 2013-08-03 19:55 - 00891098 _____ C:\Users\Daryl\Downloads\SecurityCheck (1).exe
2013-08-03 19:25 - 2013-08-03 19:25 - 00347424 _____ (Microsoft Corporation) C:\Users\Daryl\Downloads\MicrosoftFixit.WindowsFirewall.RNP.147299006259465503.1.1.Run.exe
2013-08-03 18:39 - 2013-08-02 08:16 - 00000270 _____ C:\Windows\wininit.ini
2013-08-02 12:11 - 2009-10-16 20:33 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-08-02 08:38 - 2013-08-01 23:12 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-02 08:13 - 2013-08-02 08:13 - 00891098 _____ C:\Users\Daryl\Downloads\SecurityCheck.exe
2013-08-02 08:00 - 2013-08-02 08:00 - 00002052 _____ C:\Windows\epplauncher.mif
2013-08-02 07:58 - 2013-08-02 07:58 - 13813944 _____ (Microsoft Corporation) C:\Users\Daryl\Downloads\mseinstall.exe
2013-08-01 23:43 - 2012-08-19 19:11 - 00001603 _____ C:\Users\Jackie\Desktop\Hemoglobin_t-r_state_aniA - Shortcut.lnk
2013-08-01 23:43 - 2012-08-19 18:50 - 00001102 _____ C:\Users\Jackie\Desktop\Video Converter.lnk
2013-08-01 23:13 - 2013-08-01 23:13 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-01 23:13 - 2013-08-01 23:13 - 00000000 _____ C:\autoexec.bat
2013-08-01 23:11 - 2013-08-01 23:11 - 00726464 _____ (Enigma Software Group USA, LLC.) C:\Users\Daryl\Downloads\SpyHunter-Installer.exe
2013-08-01 16:21 - 2011-10-01 08:07 - 00000000 ____D C:\Users\Katie and Liz\AppData\Local\Htc
2013-07-31 22:20 - 2013-07-31 22:20 - 01010176 _____ C:\Users\Daryl\Downloads\MicrosoftFixit50884(1).msi
2013-07-31 22:07 - 2009-08-09 16:15 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-31 22:06 - 2013-07-31 22:06 - 00000000 ____D C:\Users\Daryl\AppData\Roaming\Oracle
2013-07-31 22:01 - 2010-07-30 13:27 - 00000000 ____D C:\Users\Public\Downloads\GPS
2013-07-31 20:12 - 2012-12-07 08:51 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-31 14:00 - 2012-08-20 07:14 - 00001075 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-31 14:00 - 2012-08-20 07:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-31 09:33 - 2013-07-31 09:33 - 00347424 _____ (Microsoft Corporation) C:\Users\Daryl\Downloads\MicrosoftFixit.WinSecurity.FISC.150298712003383655.1.1.Run.exe
2013-07-31 09:18 - 2013-07-31 09:17 - 90495248 _____ (Microsoft Corporation) C:\Users\Daryl\Downloads\msert(1).exe
2013-07-29 19:24 - 2013-07-29 19:24 - 00000402 _____ C:\Users\Daryl\Desktop\repair.bat
2013-07-29 19:06 - 2013-07-29 19:06 - 01010176 _____ C:\Users\Daryl\Downloads\MicrosoftFixit50884.msi
2013-07-29 12:01 - 2013-07-09 11:07 - 00003228 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1653539408-1358835398-3980875371-1000
2013-07-29 12:01 - 2013-06-11 09:47 - 00003362 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1653539408-1358835398-3980875371-1000
2013-07-29 11:01 - 2013-07-29 11:00 - 90251536 _____ (Microsoft Corporation) C:\Users\Daryl\Downloads\msert.exe
2013-07-29 10:48 - 2013-07-29 10:48 - 00000000 ____H C:\Users\Daryl\Documents\Default.rdp
2013-07-29 08:49 - 2013-06-27 17:37 - 00003715 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-07-29 08:48 - 2012-09-27 21:38 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-07-29 08:48 - 2012-09-27 21:38 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-07-26 17:20 - 2013-03-05 08:52 - 00000000 ____D C:\Users\Daryl\Documents\2012 Taxes
2013-07-26 10:55 - 2010-01-06 13:57 - 00003958 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{459ACF06-DB11-48DA-A7D0-D4163D4F7CA8}
2013-07-25 10:52 - 2010-08-17 18:57 - 00003188 _____ C:\Windows\System32\Tasks\HPCeeScheduleForDaryl
2013-07-25 10:52 - 2010-08-17 18:57 - 00000334 _____ C:\Windows\Tasks\HPCeeScheduleForDaryl.job
2013-07-23 18:07 - 2013-01-13 19:56 - 00000000 ____D C:\Users\Katie\AppData\Local\Htc
2013-07-22 11:59 - 2009-07-25 14:29 - 00000000 ____D C:\Users\Daryl\AppData\Local\Adobe
2013-07-22 11:57 - 2012-07-11 10:56 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-22 11:57 - 2012-04-12 15:38 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-22 11:57 - 2011-05-25 19:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-22 11:17 - 2013-07-22 11:17 - 00015711 _____ C:\Users\Daryl\Downloads\Document.aspx
2013-07-16 07:16 - 2012-12-07 08:51 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-16 07:16 - 2012-12-07 08:51 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-08-02 00:30
 
==================== End Of Log ============================

 



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:20 PM

Posted 12 August 2013 - 11:44 AM

Hi,

 

I didn't get a Addition log this time.

 

That's ok. :)

 

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Next let's check for broken services:

 

 

 

STEP 1

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
     
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

STEP 2

 

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure that all options are checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#9 Dorkgeez

Dorkgeez
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 12 August 2013 - 11:59 AM

FRST Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-08-2013 02
Ran by Daryl at 2013-08-12 11:54:48 Run:2
Running from C:\Users\Daryl\Desktop
Boot Mode: Normal
==============================================
 
C:\Program Files (x86)\Vqtkfotshcfwr => Moved successfully.
 
==== End of Fixlog ====


Rkill Log

 

Rkill 2.5.9 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 08/12/2013 11:56:08 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Users\Daryl\Documents\RCA Detective\RCADetective.exe (PID: 3712) [UP-HEUR]
 * C:\Users\Daryl\Desktop\FRST64.exe (PID: 4708) [UP-HEUR]
 
2 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Automatic
 
 * iphlpsvc [Missing Service]
 
 * SharedAccess [Missing ImagePath]
 * WinDefend [Missing ImagePath]
 
Searching for Missing Digital Signatures: 
 
 * C:\Windows\System32\olepro32.dll : 0 : 08/04/2013 10:34 PM : d41d8cd98f00b204e9800998ecf8427e [NoSig]
 +-> C:\Windows\SysWOW64\olepro32.dll : 90,112 : 11/20/2010 07:20 AM : 703ffd301ab900b047337c5d40fd6f96 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7600.16385_none_39ea10b66307dbef\olepro32.dll : 90,112 : 07/13/2009 08:16 PM : c10459dbdc2099c5a8428cb7d87db85f [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7601.17514_none_3c1b247e5ff65f89\olepro32.dll : 90,112 : 11/20/2010 07:20 AM : 703ffd301ab900b047337c5d40fd6f96 [Pos Repl]
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
  ::1             localhost
 
Program finished at: 08/12/2013 11:57:21 AM
Execution time: 0 hours(s), 1 minute(s), and 13 seconds(s)


#10 Dorkgeez

Dorkgeez
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 12 August 2013 - 12:02 PM

RKill & Farbar Service Scanner
 
 
 
Rkill 2.5.9 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 08/12/2013 11:56:08 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Users\Daryl\Documents\RCA Detective\RCADetective.exe (PID: 3712) [UP-HEUR]
 * C:\Users\Daryl\Desktop\FRST64.exe (PID: 4708) [UP-HEUR]
 
2 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Automatic
 
 * iphlpsvc [Missing Service]
 
 * SharedAccess [Missing ImagePath]
 * WinDefend [Missing ImagePath]
 
Searching for Missing Digital Signatures: 
 
 * C:\Windows\System32\olepro32.dll : 0 : 08/04/2013 10:34 PM : d41d8cd98f00b204e9800998ecf8427e [NoSig]
 +-> C:\Windows\SysWOW64\olepro32.dll : 90,112 : 11/20/2010 07:20 AM : 703ffd301ab900b047337c5d40fd6f96 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7600.16385_none_39ea10b66307dbef\olepro32.dll : 90,112 : 07/13/2009 08:16 PM : c10459dbdc2099c5a8428cb7d87db85f [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7601.17514_none_3c1b247e5ff65f89\olepro32.dll : 90,112 : 11/20/2010 07:20 AM : 703ffd301ab900b047337c5d40fd6f96 [Pos Repl]
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
  ::1             localhost
 
Program finished at: 08/12/2013 11:57:21 AM
Execution time: 0 hours(s), 1 minute(s), and 13 seconds(s)


#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:20 PM

Posted 12 August 2013 - 01:06 PM

Hi,

 

 

You posted RKILL.txt twice instead of the log from Farbar Service Scanner. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#12 Dorkgeez

Dorkgeez
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 12 August 2013 - 01:12 PM

Opps,

 

Let's see if I can do this right this time

 

Farbar Service Scanner Version: 04-08-2013
Ran by Daryl (administrator) on 12-08-2013 at 12:00:34
Running from "C:\Users\Daryl\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
 
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of WinDefend. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of WinDefend. The value does not exist.
Unable to retrieve ServiceDll of WinDefend. The value does not exist.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****


#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:20 PM

Posted 12 August 2013 - 01:21 PM

Hi,

 

 

STEP 1

 

 

Please download and run the the following registry file =>

Locate the fix.reg icon on your desktop and double click it, an information box will pop up asking if you want to merge the information in the file into the registry, click YES.

Once the file has run, the information will have merged with your registry so you can delete fix.reg from your desktop as you won't be needing it any more.
 

 

 

STEP 2

 

 

 

Please click Start Menu > All Programs > Accessories, right click on Command Prompt and select "run as administrator".
Copy/paste the following text at the command prompt and press enter after each line:

sfc.exe /scanfile=C:\Windows\System32\olepro32.dll

findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

A txt file named sfcdetails.txt should appear on the desktop.

Please post the log in your next reply.

Reboot the computer in order the changes to take effect (if asked to do so).

 


STEP 3

 

  • Download the ESET ServicesRepair utility and save it to your Desktop.
  • Double-click ServicesRepair.exe to run the ESET ServicesRepair utility. If you are using User Access Control, click Run when prompted and then click Yes when asked to allow changes.
  • Reboot the computer and then please post fresh logs from the following 2 tools - RKILL and Farbar Service Scanner.

 

 

Regards,

Georgi


cXfZ4wS.png


#14 Dorkgeez

Dorkgeez
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 12 August 2013 - 01:41 PM

 sfcdetails log

 

2013-07-31 22:31:47, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:31:47, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2013-07-31 22:31:49, Info                  CSI    0000000c [SR] Verify complete
2013-07-31 22:31:49, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:31:49, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2013-07-31 22:31:51, Info                  CSI    00000010 [SR] Verify complete
2013-07-31 22:31:51, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:31:51, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
2013-07-31 22:31:53, Info                  CSI    00000014 [SR] Verify complete
2013-07-31 22:31:53, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:31:53, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2013-07-31 22:31:55, Info                  CSI    00000018 [SR] Verify complete
2013-07-31 22:31:55, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:31:55, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
2013-07-31 22:31:57, Info                  CSI    0000001c [SR] Verify complete
2013-07-31 22:31:58, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:31:58, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
2013-07-31 22:32:01, Info                  CSI    00000020 [SR] Verify complete
2013-07-31 22:32:01, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:32:01, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
2013-07-31 22:32:04, Info                  CSI    00000024 [SR] Verify complete
2013-07-31 22:32:05, Info                  CSI    00000025 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:32:05, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
2013-07-31 22:32:08, Info                  CSI    00000028 [SR] Verify complete
2013-07-31 22:32:08, Info                  CSI    00000029 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:32:08, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
2013-07-31 22:32:11, Info                  CSI    0000002c [SR] Verify complete
2013-07-31 22:32:11, Info                  CSI    0000002d [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:32:11, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
2013-07-31 22:32:15, Info                  CSI    00000030 [SR] Verify complete
2013-07-31 22:32:15, Info                  CSI    00000031 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:32:15, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
2013-07-31 22:32:19, Info                  CSI    00000034 [SR] Verify complete
2013-07-31 22:32:19, Info                  CSI    00000035 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:32:19, Info                  CSI    00000036 [SR] Beginning Verify and Repair transaction
2013-07-31 22:32:21, Info                  CSI    00000038 [SR] Verify complete
2013-07-31 22:32:21, Info                  CSI    00000039 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:32:21, Info                  CSI    0000003a [SR] Beginning Verify and Repair transaction
2013-07-31 22:32:25, Info                  CSI    0000003c [SR] Verify complete
2013-07-31 22:32:25, Info                  CSI    0000003d [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:32:25, Info                  CSI    0000003e [SR] Beginning Verify and Repair transaction
2013-07-31 22:32:31, Info                  CSI    00000041 [SR] Verify complete
2013-07-31 22:32:31, Info                  CSI    00000042 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:32:31, Info                  CSI    00000043 [SR] Beginning Verify and Repair transaction
2013-07-31 22:32:36, Info                  CSI    00000048 [SR] Verify complete
2013-07-31 22:32:36, Info                  CSI    00000049 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:32:36, Info                  CSI    0000004a [SR] Beginning Verify and Repair transaction
2013-07-31 22:32:41, Info                  CSI    0000004d [SR] Verify complete
2013-07-31 22:32:41, Info                  CSI    0000004e [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:32:41, Info                  CSI    0000004f [SR] Beginning Verify and Repair transaction
2013-07-31 22:32:47, Info                  CSI    00000051 [SR] Verify complete
2013-07-31 22:32:47, Info                  CSI    00000052 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:32:47, Info                  CSI    00000053 [SR] Beginning Verify and Repair transaction
2013-07-31 22:32:54, Info                  CSI    00000075 [SR] Verify complete
2013-07-31 22:32:54, Info                  CSI    00000076 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:32:54, Info                  CSI    00000077 [SR] Beginning Verify and Repair transaction
2013-07-31 22:32:59, Info                  CSI    0000007c [SR] Verify complete
2013-07-31 22:33:00, Info                  CSI    0000007d [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:33:00, Info                  CSI    0000007e [SR] Beginning Verify and Repair transaction
2013-07-31 22:33:09, Info                  CSI    00000080 [SR] Verify complete
2013-07-31 22:33:09, Info                  CSI    00000081 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:33:09, Info                  CSI    00000082 [SR] Beginning Verify and Repair transaction
2013-07-31 22:33:15, Info                  CSI    00000084 [SR] Verify complete
2013-07-31 22:33:15, Info                  CSI    00000085 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:33:15, Info                  CSI    00000086 [SR] Beginning Verify and Repair transaction
2013-07-31 22:33:22, Info                  CSI    00000088 [SR] Verify complete
2013-07-31 22:33:22, Info                  CSI    00000089 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:33:22, Info                  CSI    0000008a [SR] Beginning Verify and Repair transaction
2013-07-31 22:33:27, Info                  CSI    0000008c [SR] Verify complete
2013-07-31 22:33:27, Info                  CSI    0000008d [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:33:27, Info                  CSI    0000008e [SR] Beginning Verify and Repair transaction
2013-07-31 22:33:36, Info                  CSI    00000090 [SR] Verify complete
2013-07-31 22:33:36, Info                  CSI    00000091 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:33:36, Info                  CSI    00000092 [SR] Beginning Verify and Repair transaction
2013-07-31 22:33:46, Info                  CSI    000000b5 [SR] Verify complete
2013-07-31 22:33:46, Info                  CSI    000000b6 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:33:46, Info                  CSI    000000b7 [SR] Beginning Verify and Repair transaction
2013-07-31 22:33:55, Info                  CSI    000000b9 [SR] Verify complete
2013-07-31 22:33:55, Info                  CSI    000000ba [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:33:55, Info                  CSI    000000bb [SR] Beginning Verify and Repair transaction
2013-07-31 22:34:10, Info                  CSI    000000bd [SR] Verify complete
2013-07-31 22:34:11, Info                  CSI    000000be [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:34:11, Info                  CSI    000000bf [SR] Beginning Verify and Repair transaction
2013-07-31 22:34:14, Info                  CSI    000000c3 [SR] Verify complete
2013-07-31 22:34:14, Info                  CSI    000000c4 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:34:14, Info                  CSI    000000c5 [SR] Beginning Verify and Repair transaction
2013-07-31 22:34:17, Info                  CSI    000000c7 [SR] Verify complete
2013-07-31 22:34:18, Info                  CSI    000000c8 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:34:18, Info                  CSI    000000c9 [SR] Beginning Verify and Repair transaction
2013-07-31 22:34:20, Info                  CSI    000000cb [SR] Verify complete
2013-07-31 22:34:20, Info                  CSI    000000cc [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:34:20, Info                  CSI    000000cd [SR] Beginning Verify and Repair transaction
2013-07-31 22:34:29, Info                  CSI    000000df [SR] Verify complete
2013-07-31 22:34:29, Info                  CSI    000000e0 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:34:29, Info                  CSI    000000e1 [SR] Beginning Verify and Repair transaction
2013-07-31 22:34:34, Info                  CSI    000000e4 [SR] Verify complete
2013-07-31 22:34:34, Info                  CSI    000000e5 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:34:34, Info                  CSI    000000e6 [SR] Beginning Verify and Repair transaction
2013-07-31 22:34:37, Info                  CSI    000000e8 [SR] Verify complete
2013-07-31 22:34:37, Info                  CSI    000000e9 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:34:37, Info                  CSI    000000ea [SR] Beginning Verify and Repair transaction
2013-07-31 22:34:41, Info                  CSI    000000ec [SR] Verify complete
2013-07-31 22:34:42, Info                  CSI    000000ed [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:34:42, Info                  CSI    000000ee [SR] Beginning Verify and Repair transaction
2013-07-31 22:34:46, Info                  CSI    000000f0 [SR] Verify complete
2013-07-31 22:34:46, Info                  CSI    000000f1 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:34:46, Info                  CSI    000000f2 [SR] Beginning Verify and Repair transaction
2013-07-31 22:34:56, Info                  CSI    000000f6 [SR] Verify complete
2013-07-31 22:34:56, Info                  CSI    000000f7 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:34:56, Info                  CSI    000000f8 [SR] Beginning Verify and Repair transaction
2013-07-31 22:35:00, Info                  CSI    000000fa [SR] Verify complete
2013-07-31 22:35:00, Info                  CSI    000000fb [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:35:00, Info                  CSI    000000fc [SR] Beginning Verify and Repair transaction
2013-07-31 22:35:02, Info                  CSI    000000fe [SR] Verify complete
2013-07-31 22:35:03, Info                  CSI    000000ff [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:35:03, Info                  CSI    00000100 [SR] Beginning Verify and Repair transaction
2013-07-31 22:35:10, Info                  CSI    00000102 [SR] Verify complete
2013-07-31 22:35:10, Info                  CSI    00000103 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:35:10, Info                  CSI    00000104 [SR] Beginning Verify and Repair transaction
2013-07-31 22:35:16, Info                  CSI    00000106 [SR] Verify complete
2013-07-31 22:35:16, Info                  CSI    00000107 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:35:16, Info                  CSI    00000108 [SR] Beginning Verify and Repair transaction
2013-07-31 22:35:22, Info                  CSI    0000010a [SR] Verify complete
2013-07-31 22:35:22, Info                  CSI    0000010b [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:35:22, Info                  CSI    0000010c [SR] Beginning Verify and Repair transaction
2013-07-31 22:35:34, Info                  CSI    0000011c [SR] Verify complete
2013-07-31 22:35:34, Info                  CSI    0000011d [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:35:34, Info                  CSI    0000011e [SR] Beginning Verify and Repair transaction
2013-07-31 22:35:40, Info                  CSI    00000128 [SR] Verify complete
2013-07-31 22:35:41, Info                  CSI    00000129 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:35:41, Info                  CSI    0000012a [SR] Beginning Verify and Repair transaction
2013-07-31 22:35:57, Info                  CSI    0000012c [SR] Verify complete
2013-07-31 22:35:57, Info                  CSI    0000012d [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:35:57, Info                  CSI    0000012e [SR] Beginning Verify and Repair transaction
2013-07-31 22:36:03, Info                  CSI    00000130 [SR] Verify complete
2013-07-31 22:36:04, Info                  CSI    00000131 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:36:04, Info                  CSI    00000132 [SR] Beginning Verify and Repair transaction
2013-07-31 22:36:15, Info                  CSI    00000135 [SR] Verify complete
2013-07-31 22:36:16, Info                  CSI    00000136 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:36:16, Info                  CSI    00000137 [SR] Beginning Verify and Repair transaction
2013-07-31 22:36:23, Info                  CSI    00000139 [SR] Verify complete
2013-07-31 22:36:23, Info                  CSI    0000013a [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:36:23, Info                  CSI    0000013b [SR] Beginning Verify and Repair transaction
2013-07-31 22:36:29, Info                  CSI    0000013d [SR] Verify complete
2013-07-31 22:36:29, Info                  CSI    0000013e [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:36:29, Info                  CSI    0000013f [SR] Beginning Verify and Repair transaction
2013-07-31 22:36:34, Info                  CSI    00000141 [SR] Verify complete
2013-07-31 22:36:34, Info                  CSI    00000142 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:36:34, Info                  CSI    00000143 [SR] Beginning Verify and Repair transaction
2013-07-31 22:36:39, Info                  CSI    00000147 [SR] Verify complete
2013-07-31 22:36:40, Info                  CSI    00000148 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:36:40, Info                  CSI    00000149 [SR] Beginning Verify and Repair transaction
2013-07-31 22:36:52, Info                  CSI    0000014b [SR] Verify complete
2013-07-31 22:36:53, Info                  CSI    0000014c [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:36:53, Info                  CSI    0000014d [SR] Beginning Verify and Repair transaction
2013-07-31 22:37:02, Info                  CSI    00000150 [SR] Verify complete
2013-07-31 22:37:02, Info                  CSI    00000151 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:37:02, Info                  CSI    00000152 [SR] Beginning Verify and Repair transaction
2013-07-31 22:37:08, Info                  CSI    00000154 [SR] Verify complete
2013-07-31 22:37:09, Info                  CSI    00000155 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:37:09, Info                  CSI    00000156 [SR] Beginning Verify and Repair transaction
2013-07-31 22:37:14, Info                  CSI    00000159 [SR] Verify complete
2013-07-31 22:37:15, Info                  CSI    0000015a [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:37:15, Info                  CSI    0000015b [SR] Beginning Verify and Repair transaction
2013-07-31 22:37:22, Info                  CSI    0000015e [SR] Verify complete
2013-07-31 22:37:23, Info                  CSI    0000015f [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:37:23, Info                  CSI    00000160 [SR] Beginning Verify and Repair transaction
2013-07-31 22:37:30, Info                  CSI    00000162 [SR] Verify complete
2013-07-31 22:37:31, Info                  CSI    00000163 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:37:31, Info                  CSI    00000164 [SR] Beginning Verify and Repair transaction
2013-07-31 22:37:36, Info                  CSI    00000166 [SR] Verify complete
2013-07-31 22:37:36, Info                  CSI    00000167 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:37:36, Info                  CSI    00000168 [SR] Beginning Verify and Repair transaction
2013-07-31 22:37:41, Info                  CSI    0000016a [SR] Verify complete
2013-07-31 22:37:41, Info                  CSI    0000016b [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:37:41, Info                  CSI    0000016c [SR] Beginning Verify and Repair transaction
2013-07-31 22:37:47, Info                  CSI    0000016f [SR] Verify complete
2013-07-31 22:37:47, Info                  CSI    00000170 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:37:47, Info                  CSI    00000171 [SR] Beginning Verify and Repair transaction
2013-07-31 22:37:54, Info                  CSI    00000173 [SR] Verify complete
2013-07-31 22:37:55, Info                  CSI    00000174 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:37:55, Info                  CSI    00000175 [SR] Beginning Verify and Repair transaction
2013-07-31 22:37:58, Info                  CSI    00000177 [SR] Verify complete
2013-07-31 22:37:58, Info                  CSI    00000178 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:37:58, Info                  CSI    00000179 [SR] Beginning Verify and Repair transaction
2013-07-31 22:38:03, Info                  CSI    0000017b [SR] Verify complete
2013-07-31 22:38:03, Info                  CSI    0000017c [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:38:03, Info                  CSI    0000017d [SR] Beginning Verify and Repair transaction
2013-07-31 22:38:07, Info                  CSI    0000017f [SR] Verify complete
2013-07-31 22:38:07, Info                  CSI    00000180 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:38:07, Info                  CSI    00000181 [SR] Beginning Verify and Repair transaction
2013-07-31 22:38:10, Info                  CSI    00000183 [SR] Verify complete
2013-07-31 22:38:10, Info                  CSI    00000184 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:38:10, Info                  CSI    00000185 [SR] Beginning Verify and Repair transaction
2013-07-31 22:38:17, Info                  CSI    00000188 [SR] Verify complete
2013-07-31 22:38:17, Info                  CSI    00000189 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:38:17, Info                  CSI    0000018a [SR] Beginning Verify and Repair transaction
2013-07-31 22:38:22, Info                  CSI    0000018e [SR] Verify complete
2013-07-31 22:38:22, Info                  CSI    0000018f [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:38:22, Info                  CSI    00000190 [SR] Beginning Verify and Repair transaction
2013-07-31 22:38:29, Info                  CSI    00000192 [SR] Verify complete
2013-07-31 22:38:29, Info                  CSI    00000193 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:38:29, Info                  CSI    00000194 [SR] Beginning Verify and Repair transaction
2013-07-31 22:38:36, Info                  CSI    00000197 [SR] Verify complete
2013-07-31 22:38:36, Info                  CSI    00000198 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:38:36, Info                  CSI    00000199 [SR] Beginning Verify and Repair transaction
2013-07-31 22:38:44, Info                  CSI    0000019b [SR] Verify complete
2013-07-31 22:38:44, Info                  CSI    0000019c [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:38:44, Info                  CSI    0000019d [SR] Beginning Verify and Repair transaction
2013-07-31 22:38:46, Info                  CSI    0000019f [SR] Verify complete
2013-07-31 22:38:46, Info                  CSI    000001a0 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:38:46, Info                  CSI    000001a1 [SR] Beginning Verify and Repair transaction
2013-07-31 22:38:50, Info                  CSI    000001a3 [SR] Verify complete
2013-07-31 22:38:51, Info                  CSI    000001a4 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:38:51, Info                  CSI    000001a5 [SR] Beginning Verify and Repair transaction
2013-07-31 22:38:55, Info                  CSI    000001a7 [SR] Verify complete
2013-07-31 22:38:56, Info                  CSI    000001a8 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:38:56, Info                  CSI    000001a9 [SR] Beginning Verify and Repair transaction
2013-07-31 22:39:00, Info                  CSI    000001ab [SR] Verify complete
2013-07-31 22:39:00, Info                  CSI    000001ac [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:39:00, Info                  CSI    000001ad [SR] Beginning Verify and Repair transaction
2013-07-31 22:39:05, Info                  CSI    000001af [SR] Verify complete
2013-07-31 22:39:06, Info                  CSI    000001b0 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:39:06, Info                  CSI    000001b1 [SR] Beginning Verify and Repair transaction
2013-07-31 22:39:09, Info                  CSI    000001b3 [SR] Verify complete
2013-07-31 22:39:09, Info                  CSI    000001b4 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:39:09, Info                  CSI    000001b5 [SR] Beginning Verify and Repair transaction
2013-07-31 22:39:19, Info                  CSI    000001b7 [SR] Verify complete
2013-07-31 22:39:19, Info                  CSI    000001b8 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:39:19, Info                  CSI    000001b9 [SR] Beginning Verify and Repair transaction
2013-07-31 22:39:47, Info                  CSI    000001bb [SR] Verify complete
2013-07-31 22:39:47, Info                  CSI    000001bc [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:39:47, Info                  CSI    000001bd [SR] Beginning Verify and Repair transaction
2013-07-31 22:39:55, Info                  CSI    000001bf [SR] Verify complete
2013-07-31 22:39:55, Info                  CSI    000001c0 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:39:55, Info                  CSI    000001c1 [SR] Beginning Verify and Repair transaction
2013-07-31 22:40:03, Info                  CSI    000001c3 [SR] Verify complete
2013-07-31 22:40:03, Info                  CSI    000001c4 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:40:03, Info                  CSI    000001c5 [SR] Beginning Verify and Repair transaction
2013-07-31 22:40:05, Info                  CSI    000001c7 [SR] Verify complete
2013-07-31 22:40:06, Info                  CSI    000001c8 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:40:06, Info                  CSI    000001c9 [SR] Beginning Verify and Repair transaction
2013-07-31 22:40:10, Info                  CSI    000001cb [SR] Verify complete
2013-07-31 22:40:10, Info                  CSI    000001cc [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:40:10, Info                  CSI    000001cd [SR] Beginning Verify and Repair transaction
2013-07-31 22:40:13, Info                  CSI    000001cf [SR] Verify complete
2013-07-31 22:40:13, Info                  CSI    000001d0 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:40:13, Info                  CSI    000001d1 [SR] Beginning Verify and Repair transaction
2013-07-31 22:40:17, Info                  CSI    000001d3 [SR] Verify complete
2013-07-31 22:40:17, Info                  CSI    000001d4 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:40:17, Info                  CSI    000001d5 [SR] Beginning Verify and Repair transaction
2013-07-31 22:40:22, Info                  CSI    000001d7 [SR] Verify complete
2013-07-31 22:40:23, Info                  CSI    000001d8 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:40:23, Info                  CSI    000001d9 [SR] Beginning Verify and Repair transaction
2013-07-31 22:40:24, Info                  CSI    000001db [SR] Verify complete
2013-07-31 22:40:24, Info                  CSI    000001dc [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:40:24, Info                  CSI    000001dd [SR] Beginning Verify and Repair transaction
2013-07-31 22:40:28, Info                  CSI    000001df [SR] Verify complete
2013-07-31 22:40:28, Info                  CSI    000001e0 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:40:28, Info                  CSI    000001e1 [SR] Beginning Verify and Repair transaction
2013-07-31 22:40:32, Info                  CSI    000001e9 [SR] Verify complete
2013-07-31 22:40:33, Info                  CSI    000001ea [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:40:33, Info                  CSI    000001eb [SR] Beginning Verify and Repair transaction
2013-07-31 22:40:37, Info                  CSI    000001ed [SR] Verify complete
2013-07-31 22:40:37, Info                  CSI    000001ee [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:40:37, Info                  CSI    000001ef [SR] Beginning Verify and Repair transaction
2013-07-31 22:40:40, Info                  CSI    000001f1 [SR] Verify complete
2013-07-31 22:40:41, Info                  CSI    000001f2 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:40:41, Info                  CSI    000001f3 [SR] Beginning Verify and Repair transaction
2013-07-31 22:40:44, Info                  CSI    000001f5 [SR] Verify complete
2013-07-31 22:40:45, Info                  CSI    000001f6 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:40:45, Info                  CSI    000001f7 [SR] Beginning Verify and Repair transaction
2013-07-31 22:40:50, Info                  CSI    000001f9 [SR] Verify complete
2013-07-31 22:40:51, Info                  CSI    000001fa [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:40:51, Info                  CSI    000001fb [SR] Beginning Verify and Repair transaction
2013-07-31 22:41:01, Info                  CSI    000001fe [SR] Verify complete
2013-07-31 22:41:02, Info                  CSI    000001ff [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:41:02, Info                  CSI    00000200 [SR] Beginning Verify and Repair transaction
2013-07-31 22:41:05, Info                  CSI    00000202 [SR] Verify complete
2013-07-31 22:41:05, Info                  CSI    00000203 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:41:05, Info                  CSI    00000204 [SR] Beginning Verify and Repair transaction
2013-07-31 22:41:07, Info                  CSI    00000206 [SR] Verify complete
2013-07-31 22:41:08, Info                  CSI    00000207 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:41:08, Info                  CSI    00000208 [SR] Beginning Verify and Repair transaction
2013-07-31 22:41:19, Info                  CSI    0000020d [SR] Verify complete
2013-07-31 22:41:19, Info                  CSI    0000020e [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:41:19, Info                  CSI    0000020f [SR] Beginning Verify and Repair transaction
2013-07-31 22:41:28, Info                  CSI    00000212 [SR] Verify complete
2013-07-31 22:41:29, Info                  CSI    00000213 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:41:29, Info                  CSI    00000214 [SR] Beginning Verify and Repair transaction
2013-07-31 22:41:35, Info                  CSI    00000218 [SR] Verify complete
2013-07-31 22:41:35, Info                  CSI    00000219 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:41:35, Info                  CSI    0000021a [SR] Beginning Verify and Repair transaction
2013-07-31 22:41:42, Info                  CSI    00000225 [SR] Verify complete
2013-07-31 22:41:42, Info                  CSI    00000226 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:41:42, Info                  CSI    00000227 [SR] Beginning Verify and Repair transaction
2013-07-31 22:41:49, Info                  CSI    0000022b [SR] Verify complete
2013-07-31 22:41:49, Info                  CSI    0000022c [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:41:49, Info                  CSI    0000022d [SR] Beginning Verify and Repair transaction
2013-07-31 22:41:54, Info                  CSI    00000232 [SR] Verify complete
2013-07-31 22:41:54, Info                  CSI    00000233 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:41:54, Info                  CSI    00000234 [SR] Beginning Verify and Repair transaction
2013-07-31 22:41:59, Info                  CSI    00000238 [SR] Verify complete
2013-07-31 22:41:59, Info                  CSI    00000239 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:41:59, Info                  CSI    0000023a [SR] Beginning Verify and Repair transaction
2013-07-31 22:42:03, Info                  CSI    0000023c [SR] Verify complete
2013-07-31 22:42:03, Info                  CSI    0000023d [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:42:03, Info                  CSI    0000023e [SR] Beginning Verify and Repair transaction
2013-07-31 22:42:10, Info                  CSI    00000263 [SR] Verify complete
2013-07-31 22:42:11, Info                  CSI    00000264 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:42:11, Info                  CSI    00000265 [SR] Beginning Verify and Repair transaction
2013-07-31 22:42:15, Info                  CSI    00000267 [SR] Verify complete
2013-07-31 22:42:15, Info                  CSI    00000268 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:42:15, Info                  CSI    00000269 [SR] Beginning Verify and Repair transaction
2013-07-31 22:42:19, Info                  CSI    0000026b [SR] Verify complete
2013-07-31 22:42:19, Info                  CSI    0000026c [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:42:19, Info                  CSI    0000026d [SR] Beginning Verify and Repair transaction
2013-07-31 22:42:24, Info                  CSI    0000026f [SR] Verify complete
2013-07-31 22:42:24, Info                  CSI    00000270 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:42:24, Info                  CSI    00000271 [SR] Beginning Verify and Repair transaction
2013-07-31 22:42:29, Info                  CSI    0000027e [SR] Verify complete
2013-07-31 22:42:29, Info                  CSI    0000027f [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:42:29, Info                  CSI    00000280 [SR] Beginning Verify and Repair transaction
2013-07-31 22:42:36, Info                  CSI    00000283 [SR] Verify complete
2013-07-31 22:42:36, Info                  CSI    00000284 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:42:36, Info                  CSI    00000285 [SR] Beginning Verify and Repair transaction
2013-07-31 22:42:45, Info                  CSI    0000028e [SR] Verify complete
2013-07-31 22:42:45, Info                  CSI    0000028f [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:42:45, Info                  CSI    00000290 [SR] Beginning Verify and Repair transaction
2013-07-31 22:42:50, Info                  CSI    00000297 [SR] Verify complete
2013-07-31 22:42:51, Info                  CSI    00000298 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:42:51, Info                  CSI    00000299 [SR] Beginning Verify and Repair transaction
2013-07-31 22:42:53, Info                  CSI    0000029b [SR] Verify complete
2013-07-31 22:42:54, Info                  CSI    0000029c [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:42:54, Info                  CSI    0000029d [SR] Beginning Verify and Repair transaction
2013-07-31 22:43:00, Info                  CSI    000002a0 [SR] Verify complete
2013-07-31 22:43:00, Info                  CSI    000002a1 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:43:00, Info                  CSI    000002a2 [SR] Beginning Verify and Repair transaction
2013-07-31 22:43:02, Info                  CSI    000002a4 [SR] Verify complete
2013-07-31 22:43:03, Info                  CSI    000002a5 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:43:03, Info                  CSI    000002a6 [SR] Beginning Verify and Repair transaction
2013-07-31 22:43:10, Info                  CSI    000002a8 [SR] Verify complete
2013-07-31 22:43:10, Info                  CSI    000002a9 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:43:10, Info                  CSI    000002aa [SR] Beginning Verify and Repair transaction
2013-07-31 22:43:16, Info                  CSI    000002ac [SR] Verify complete
2013-07-31 22:43:16, Info                  CSI    000002ad [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:43:16, Info                  CSI    000002ae [SR] Beginning Verify and Repair transaction
2013-07-31 22:43:22, Info                  CSI    000002b0 [SR] Verify complete
2013-07-31 22:43:22, Info                  CSI    000002b1 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:43:22, Info                  CSI    000002b2 [SR] Beginning Verify and Repair transaction
2013-07-31 22:43:31, Info                  CSI    000002cc [SR] Verify complete
2013-07-31 22:43:31, Info                  CSI    000002cd [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:43:31, Info                  CSI    000002ce [SR] Beginning Verify and Repair transaction
2013-07-31 22:43:46, Info                  CSI    000002d0 [SR] Verify complete
2013-07-31 22:43:47, Info                  CSI    000002d1 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:43:47, Info                  CSI    000002d2 [SR] Beginning Verify and Repair transaction
2013-07-31 22:43:52, Info                  CSI    000002d4 [SR] Verify complete
2013-07-31 22:43:52, Info                  CSI    000002d5 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:43:52, Info                  CSI    000002d6 [SR] Beginning Verify and Repair transaction
2013-07-31 22:43:56, Info                  CSI    000002d8 [SR] Verify complete
2013-07-31 22:43:57, Info                  CSI    000002d9 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:43:57, Info                  CSI    000002da [SR] Beginning Verify and Repair transaction
2013-07-31 22:44:00, Info                  CSI    000002de [SR] Verify complete
2013-07-31 22:44:01, Info                  CSI    000002df [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:44:01, Info                  CSI    000002e0 [SR] Beginning Verify and Repair transaction
2013-07-31 22:44:04, Info                  CSI    000002e2 [SR] Verify complete
2013-07-31 22:44:05, Info                  CSI    000002e3 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:44:05, Info                  CSI    000002e4 [SR] Beginning Verify and Repair transaction
2013-07-31 22:44:09, Info                  CSI    000002e6 [SR] Verify complete
2013-07-31 22:44:10, Info                  CSI    000002e7 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:44:10, Info                  CSI    000002e8 [SR] Beginning Verify and Repair transaction
2013-07-31 22:44:15, Info                  CSI    000002ea [SR] Verify complete
2013-07-31 22:44:15, Info                  CSI    000002eb [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:44:15, Info                  CSI    000002ec [SR] Beginning Verify and Repair transaction
2013-07-31 22:44:19, Info                  CSI    000002ef [SR] Verify complete
2013-07-31 22:44:20, Info                  CSI    000002f0 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:44:20, Info                  CSI    000002f1 [SR] Beginning Verify and Repair transaction
2013-07-31 22:44:24, Info                  CSI    000002f3 [SR] Verify complete
2013-07-31 22:44:25, Info                  CSI    000002f4 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:44:25, Info                  CSI    000002f5 [SR] Beginning Verify and Repair transaction
2013-07-31 22:44:30, Info                  CSI    000002f7 [SR] Verify complete
2013-07-31 22:44:30, Info                  CSI    000002f8 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:44:30, Info                  CSI    000002f9 [SR] Beginning Verify and Repair transaction
2013-07-31 22:44:36, Info                  CSI    000002fb [SR] Verify complete
2013-07-31 22:44:36, Info                  CSI    000002fc [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:44:36, Info                  CSI    000002fd [SR] Beginning Verify and Repair transaction
2013-07-31 22:44:42, Info                  CSI    00000300 [SR] Verify complete
2013-07-31 22:44:43, Info                  CSI    00000301 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:44:43, Info                  CSI    00000302 [SR] Beginning Verify and Repair transaction
2013-07-31 22:44:48, Info                  CSI    00000304 [SR] Verify complete
2013-07-31 22:44:48, Info                  CSI    00000305 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:44:48, Info                  CSI    00000306 [SR] Beginning Verify and Repair transaction
2013-07-31 22:44:53, Info                  CSI    00000308 [SR] Verify complete
2013-07-31 22:44:53, Info                  CSI    00000309 [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:44:53, Info                  CSI    0000030a [SR] Beginning Verify and Repair transaction
2013-07-31 22:44:58, Info                  CSI    0000030c [SR] Verify complete
2013-07-31 22:44:59, Info                  CSI    0000030d [SR] Verifying 100 (0x0000000000000064) components
2013-07-31 22:44:59, Info                  CSI    0000030e [SR] Beginning Verify and Repair transaction
2013-07-31 22:45:03, Info                  CSI    00000310 [SR] Verify complete
2013-07-31 22:45:03, Info                  CSI    00000311 [SR] Verifying 1 components
2013-07-31 22:45:03, Info                  CSI    00000312 [SR] Beginning Verify and Repair transaction
2013-07-31 22:45:03, Info                  CSI    00000314 [SR] Verify complete
2013-07-31 22:45:03, Info                  CSI    00000315 [SR] Repairing 0 components
2013-07-31 22:45:03, Info                  CSI    00000316 [SR] Beginning Verify and Repair transaction
2013-07-31 22:45:03, Info                  CSI    00000318 [SR] Repair complete


#15 Dorkgeez

Dorkgeez
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 12 August 2013 - 01:46 PM

Rkill 2.5.9 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 08/12/2013 01:44:02 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * C:\Windows\System32\olepro32.dll : 0 : 08/04/2013 10:34 PM : d41d8cd98f00b204e9800998ecf8427e [NoSig]
 +-> C:\Windows\SysWOW64\olepro32.dll : 90,112 : 11/20/2010 07:20 AM : 703ffd301ab900b047337c5d40fd6f96 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7600.16385_none_39ea10b66307dbef\olepro32.dll : 90,112 : 07/13/2009 08:16 PM : c10459dbdc2099c5a8428cb7d87db85f [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7601.17514_none_3c1b247e5ff65f89\olepro32.dll : 90,112 : 11/20/2010 07:20 AM : 703ffd301ab900b047337c5d40fd6f96 [Pos Repl]
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
  ::1             localhost
 
Program finished at: 08/12/2013 01:44:56 PM
Execution time: 0 hours(s), 0 minute(s), and 53 seconds(s)


Farbar Service Scanner Version: 04-08-2013
Ran by Daryl (administrator) on 12-08-2013 at 13:45:46
Running from "C:\Users\Daryl\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users