Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wireless Network Connection Password never saves, slow computer, other problems.


  • This topic is locked This topic is locked
130 replies to this topic

#1 deiph

deiph

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:52 PM

Posted 03 November 2013 - 01:45 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.25.2
Run by Funtown at 13:42:06 on 2013-11-03
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.12280.9013 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\IOGEAR\11n USB Wireless LAN Utility\RtlService.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Users\Funtown\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\IOGEAR\11n USB Wireless LAN Utility\RtWlan.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Users\Funtown\AppData\Roaming\Search Protection\SearchProtection.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\Funtown\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Winamp\winamp.exe
C:\Windows\system32\notepad.exe
C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Funtown\AppData\Local\Workspace\workspaceupdate.exe
C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ie
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\Funtown\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [googletalk] C:\Users\Funtown\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [Starfield Updater] "C:\Users\Funtown\AppData\Local\Workspace\workspaceupdate.exe"
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [AIM for Windows] "C:\Users\Funtown\AppData\Local\AOL\AIM\aim.exe"
uRun: [SearchProtection] "C:\Users\Funtown\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
StartupFolder: C:\Users\Funtown\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Funtown\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Funtown\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{DBAC6D71-F288-419B-82F9-06D2BA2FD5DC} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DFA5DEB1-5DED-40A2-B49B-D54BA9BDECD4} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{DFA5DEB1-5DED-40A2-B49B-D54BA9BDECD4}\039364850373033383531363 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DFA5DEB1-5DED-40A2-B49B-D54BA9BDECD4}\34C65616273505F445F56313534663 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DFA5DEB1-5DED-40A2-B49B-D54BA9BDECD4}\35561686F62737563556168656C6C6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DFA5DEB1-5DED-40A2-B49B-D54BA9BDECD4}\6457E647F677E6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DFA5DEB1-5DED-40A2-B49B-D54BA9BDECD4}\6657E647F677E6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DFA5DEB1-5DED-40A2-B49B-D54BA9BDECD4}\84F4D454D273247383 : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Funtown\AppData\Roaming\Mozilla\Firefox\Profiles\2jcgvqvr.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ff
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Funtown\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Users\Funtown\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Users\Funtown\AppData\Roaming\Mozilla\plugins\npoff.dll
FF - plugin: C:\Users\Funtown\AppData\Roaming\Mozilla\Plugins\npoff.dll
FF - plugin: C:\Users\Funtown\AppData\Roaming\Mozilla\plugins\npoff64.dll
FF - plugin: C:\Users\Funtown\AppData\Roaming\Mozilla\Plugins\npoff64.dll
FF - plugin: C:\Users\Funtown\AppData\Roaming\Mozilla\plugins\npwbe.dll
FF - plugin: C:\Users\Funtown\AppData\Roaming\Mozilla\Plugins\npwbe.dll
FF - plugin: C:\Users\Funtown\AppData\Roaming\Mozilla\plugins\npwbe64.dll
FF - plugin: C:\Users\Funtown\AppData\Roaming\Mozilla\Plugins\npwbe64.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2011-04-27 12:23; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2011-4-18 232528]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-9-2 192824]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-9-2 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-8-20 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-8 31544]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-9-25 148792]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-9-2 241464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-9-2 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-12-15 122880]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-10-3 3538480]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-25 301152]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2013-11-2 67584]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-8-15 220504]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 iPodDrv;iPodDrv;C:\Windows\System32\drivers\iPodDrv.sys [2011-3-9 14952]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-4-18 1121304]
R2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\IOGEAR\11n USB Wireless LAN Utility\RtlService.exe [2011-4-27 36864]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-4-27 1153368]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2011-4-18 230488]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2011-4-18 1445976]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2011-4-18 95320]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2011-4-18 1623128]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-18 349800]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtl8192su.sys [2011-4-26 687136]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-4-18 38456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 File Backup;File Backup Service;C:\Program Files (x86)\Workspace\offSyncService.exe [2012-1-5 1187040]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-4-18 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-4-18 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2011-4-18 230488]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2011-4-18 1445976]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2011-4-18 95320]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-3 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 usbrndis6;USB RNDIS6 Adapter;C:\Windows\System32\drivers\usb80236.sys [2013-3-22 19968]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-28 1255736]
.
=============== Created Last 30 ================
.
2013-11-03 01:55:51 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2013-10-09 06:22:10 633856 ----a-w- C:\Windows\System32\comctl32.dll
2013-10-09 06:21:59 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
.
==================== Find3M  ====================
.
2013-10-10 21:40:10 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-10 21:40:10 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-26 01:07:30 148792 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-09 02:11:42 31544 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-09-02 14:59:14 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-09-02 14:29:18 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-09-02 14:26:50 192824 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-09-02 14:26:42 241464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-08-21 02:53:58 123704 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
.
============= FINISH: 13:42:22.37 ===============
 


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 08 November 2013 - 01:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/512829 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 13 November 2013 - 01:55 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:52 PM

Posted 17 November 2013 - 10:20 PM

Greetings deiph and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run these programs for me.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:52 PM

Posted 20 November 2013 - 08:43 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 deiph

deiph
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:52 PM

Posted 20 November 2013 - 10:21 PM

Yes I do! Sorry it's been a really busy week and my internet got shut off instead of a smooth transfer to my new apt! 



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:52 PM

Posted 20 November 2013 - 11:23 PM

No problem, glad we finally connected. When you get a chance run the programs and post the results we will be off and running.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 deiph

deiph
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:52 PM

Posted 20 November 2013 - 11:46 PM

Thanks Gary! Will do! 



#9 deiph

deiph
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:52 PM

Posted 21 November 2013 - 12:20 AM

  • AdwCleaner log
# AdwCleaner v3.012 - Report created 20/11/2013 at 23:51:20
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Funtown - MDEIFER
# Running from : C:\Users\Funtown\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Users\Funtown\AppData\Local\apn
Folder Deleted : C:\Users\Funtown\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Funtown\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Funtown\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Funtown\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Funtown\AppData\LocalLow\BitTorrentBar
Folder Deleted : C:\Users\Funtown\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\Funtown\AppData\Roaming\Mozilla\Firefox\Profiles\2jcgvqvr.default\Conduit
Folder Deleted : C:\Users\Funtown\AppData\Roaming\Mozilla\Firefox\Profiles\2jcgvqvr.default\ConduitEngine
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Funtown\AppData\Roaming\Mozilla\Firefox\Profiles\2jcgvqvr.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Funtown\AppData\Roaming\Mozilla\Firefox\Profiles\2jcgvqvr.default\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Starfield Updater]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6FF441ED-F709-445B-8A99-E390B2D4B29A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85E28A24-908E-4A80-8D23-99A394D479AA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7363097E-1ECD-4E8C-AC71-F58D3B938BA2}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\BitTorrentBar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\BitTorrentBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16736
 
 
-\\ Mozilla Firefox v23.0.1 (en-US)
 
[ File : C:\Users\Funtown\AppData\Roaming\Mozilla\Firefox\Profiles\2jcgvqvr.default\prefs.js ]
 
Line Deleted : user_pref("CT2790392..clientLogIsEnabled", true);
Line Deleted : user_pref("CT2790392..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2790392..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2790392.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2790392.CTID", "CT2790392");
Line Deleted : user_pref("CT2790392.CurrentServerDate", "2-5-2011");
Line Deleted : user_pref("CT2790392.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2790392.DialogsGetterLastCheckTime", "Sun May 01 2011 22:09:57 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2790392.EMailNotifierPollDate", "Sun May 01 2011 22:09:57 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedLastCount129313977501788460", 134);
Line Deleted : user_pref("CT2790392.FeedPollDate129313974171006416", "Sun May 01 2011 22:09:57 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313975698350231", "Sun May 01 2011 22:09:57 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313976370850190", "Sun May 01 2011 22:09:58 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313976648818968", "Sun May 01 2011 22:09:58 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313977444757117", "Sun May 01 2011 22:09:58 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313980389131455", "Sun May 01 2011 22:09:58 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313980655381977", "Sun May 01 2011 22:09:58 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313980886163259", "Sun May 01 2011 22:09:58 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313981234756535", "Sun May 01 2011 22:09:58 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313983226631720", "Sun May 01 2011 22:09:58 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313983607725691", "Sun May 01 2011 22:09:58 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedTTL129313974171006416", 10);
Line Deleted : user_pref("CT2790392.FeedTTL129313977444757117", 15);
Line Deleted : user_pref("CT2790392.FeedTTL129313980655381977", 5);
Line Deleted : user_pref("CT2790392.FeedTTL129313981234756535", 5);
Line Deleted : user_pref("CT2790392.FirstServerDate", "2-5-2011");
Line Deleted : user_pref("CT2790392.FirstTime", true);
Line Deleted : user_pref("CT2790392.FirstTimeFF3", true);
Line Deleted : user_pref("CT2790392.FixPageNotFoundErrors", false);
Line Deleted : user_pref("CT2790392.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2790392.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2790392.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2790392.Initialize", true);
Line Deleted : user_pref("CT2790392.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2790392.InstallationAndCookieDataSentCount", 1);
Line Deleted : user_pref("CT2790392.InstallationType", "UnknownIntegration");
Line Deleted : user_pref("CT2790392.InstalledDate", "Sun May 01 2011 22:09:57 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.IsGrouping", false);
Line Deleted : user_pref("CT2790392.IsMulticommunity", false);
Line Deleted : user_pref("CT2790392.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2790392.IsOpenUninstallPage", false);
Line Deleted : user_pref("CT2790392.LanguagePackLastCheckTime", "Sun May 01 2011 22:09:58 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2790392.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2790392.LastLogin_3.3.3.2", "Sun May 01 2011 22:09:57 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.LatestVersion", "3.3.3.2");
Line Deleted : user_pref("CT2790392.Locale", "en");
Line Deleted : user_pref("CT2790392.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2790392.MCDetectTooltipShow", false);
Line Deleted : user_pref("CT2790392.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2790392.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2790392.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT2790392.SavedHomepage", "hxxp://search.conduit.com/?ctid=&SearchSource=13");
Line Deleted : user_pref("CT2790392.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2790392.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q=");
Line Deleted : user_pref("CT2790392.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2790392.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2790392.SearchInNewTabLastCheckTime", "Sun May 01 2011 22:09:57 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2790392.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2790392.ServiceMapLastCheckTime", "Sun May 01 2011 22:09:56 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.SettingsLastCheckTime", "Sun May 01 2011 22:09:56 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.SettingsLastUpdate", "1304004054");
Line Deleted : user_pref("CT2790392.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2790392.ThirdPartyComponentsLastCheck", "Sun May 01 2011 22:09:56 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.ThirdPartyComponentsLastUpdate", "1246786978");
Line Deleted : user_pref("CT2790392.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2790392");
Line Deleted : user_pref("CT2790392.UserID", "UN34480506673865596");
Line Deleted : user_pref("CT2790392.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2790392.WeatherNetwork", "");
Line Deleted : user_pref("CT2790392.WeatherPollDate", "Sun May 01 2011 23:09:59 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.WeatherUnit", "F");
Line Deleted : user_pref("CT2790392.alertChannelId", "1182482");
Line Deleted : user_pref("CT2790392.components.1000034", false);
Line Deleted : user_pref("CT2790392.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdownload.conduit.com/\"}");
Line Deleted : user_pref("CT2790392.globalFirstTimeInfoLastCheckTime", "Sun May 01 2011 22:09:57 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT2790392.myStuffEnabled", true);
Line Deleted : user_pref("CT2790392.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2790392.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2790392.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2790392.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2790392.testingCtid", "");
Line Deleted : user_pref("CT2790392.toolbarAppMetaDataLastCheckTime", "Sun May 01 2011 22:09:57 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.toolbarContextMenuLastCheckTime", "Sun May 01 2011 22:09:58 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1182482/1178159/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2790392", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "L+tncv4eqt6Qm5T3dzChdA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "QmycQXJXVyFVAzIiNllWhQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"803651ba7facb1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"07b2625f8cb1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"07b2625f8cb1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2790392", "\"634394076199470000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2790392/CT2790392", "\"1304004054\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634351849102130000\"");
Line Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2790392");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "bittorrentbar");
Line Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2790392");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "bittorrentbar");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2790392");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2790392");
Line Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun May 01 2011 22:09:56 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon May 16 2011 21:20:28 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon May 16 2011 21:20:20 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1303303927");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "5c19c364-7634-4d31-886b-ca3b4189f4d3");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun May 01 2011 22:09:58 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "8800e440-87cf-4b4c-8307-c60cfbc00609");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2790392");
Line Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Tue May 03 2011 20:05:01 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Line Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun May 01 2011 22:09:56 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.FirstServerDate", "05/02/2011 05");
Line Deleted : user_pref("ConduitEngine.FirstTime", true);
Line Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Line Deleted : user_pref("ConduitEngine.FixPageNotFoundErrors", false);
Line Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Line Deleted : user_pref("ConduitEngine.Initialize", true);
Line Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line Deleted : user_pref("ConduitEngine.InstallationType", "UnknownIntegration");
Line Deleted : user_pref("ConduitEngine.InstalledDate", "Sun May 01 2011 22:09:56 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Line Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", false);
Line Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sun May 01 2011 22:09:57 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sun May 01 2011 22:09:56 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Line Deleted : user_pref("ConduitEngine.SavedHomepage", "hxxp://www.google.com");
Line Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CTXXXX&q=");
Line Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Sun May 01 2011 22:09:56 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.UserID", "UN94824180344022818");
Line Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
Line Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sun May 01 2011 22:09:56 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sun May 01 2011 22:09:56 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.initDone", true);
Line Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
 
-\\ Google Chrome v
 
[ File : C:\Users\Funtown\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [22651 octets] - [20/11/2013 23:50:08]
AdwCleaner[S0].txt - [22386 octets] - [20/11/2013 23:51:20]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22447 octets] ##########
 
  • Junkware log
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by Funtown (administrator) on MDEIFER on 21-11-2013 00:14:20
Running from C:\Users\Funtown\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Realtek) C:\Program Files (x86)\IOGEAR\11n USB Wireless LAN Utility\RtlService.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Google) C:\Users\Funtown\AppData\Roaming\Google\Google Talk\googletalk.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\Funtown\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTXFISPI.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\IOGEAR\11n USB Wireless LAN Utility\RtWlan.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKCU\...\Run: [Google Update] - C:\Users\Funtown\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-04-27] (Google Inc.)
HKCU\...\Run: [googletalk] - C:\Users\Funtown\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-08-15] (Garmin Ltd or its subsidiaries)
HKCU\...\Run: [AIM for Windows] - C:\Users\Funtown\AppData\Local\AOL\AIM\aim.exe [2937384 2013-03-29] (AOL Inc.)
MountPoints2: {c4336492-705b-11e0-8a11-d485649ec02c} - K:\iStudio.exe
HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [241789 2009-07-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [CTxfiHlp] - C:\Windows\\SysWOW64\CTXFIHLP.EXE [24064 2010-03-05] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\Updreg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [895512 2010-10-22] (PDF Complete Inc)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [AdobeCEPServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
Startup: C:\Users\Funtown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Funtown\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Funtown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=714647&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/HPDSK/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {C81B6083-0FEB-499C-AAB0-5599606415F4} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: PodcastBHO Class - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Funtown\AppData\Roaming\Mozilla\Firefox\Profiles\2jcgvqvr.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ff
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @doubletwist.com/NPPodcast - C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Users\Funtown\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
FF Plugin HKCU: @starfield.com/off - C:\Users\Funtown\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/off64 - C:\Users\Funtown\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/wbe - C:\Users\Funtown\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin HKCU: @starfield.com/wbe64 - C:\Users\Funtown\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Funtown\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Funtown\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Extension: WBE Paste - C:\Users\Funtown\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield
FF Extension: Workspace Email Zoom - C:\Users\Funtown\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield
FF Extension: Adblock Plus - C:\Users\Funtown\AppData\Roaming\Mozilla\Firefox\Profiles\2jcgvqvr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: greasemonkey - C:\Users\Funtown\AppData\Roaming\Mozilla\Firefox\Profiles\2jcgvqvr.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Funtown\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Funtown\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Funtown\AppData\Local\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Funtown\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\Funtown\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Online Storage plug-in) - C:\Users\Funtown\AppData\Roaming\Mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)
CHR Plugin: (Workspace Webmail plug-in 1.0.20.42) - C:\Users\Funtown\AppData\Roaming\Mozilla\plugins\npwbe.dll (Starfield Technology, LLC)
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (doubletwist Plugin 1, 3, 0, 0) - C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Funtown\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Hulu Desktop) - C:\Users\Funtown\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Funtown\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Funtown\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Google Search) - C:\Users\Funtown\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Invite All) - C:\Users\Funtown\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopekjehpibhfpjjcokfmhcaeiclddih\1.25_0
CHR Extension: (Classic for Facebook) - C:\Users\Funtown\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad\0.0.2.1_0
CHR Extension: (Google Wallet) - C:\Users\Funtown\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Facebook Super Select All) - C:\Users\Funtown\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnaoebelpbmmcdoboinnphhoakdnaah\1.4.2_0
CHR Extension: (Gmail) - C:\Users\Funtown\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR StartMenuInternet: Google Chrome - C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian)
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [220504 2013-08-15] (Garmin Ltd or its subsidiaries)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1121304 2010-10-22] (PDF Complete Inc)
R2 Realtek11nSU; C:\Program Files (x86)\IOGEAR\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-11] (Microsoft Corporation)
S1 SASDIFSV; \??\C:\Users\Funtown\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
S1 SASKUTIL; \??\C:\Users\Funtown\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-21 00:14 - 2013-11-21 00:14 - 01957964 _____ (Farbar) C:\Users\Funtown\Downloads\FRST64 (1).exe
2013-11-21 00:14 - 2013-11-21 00:14 - 00025453 _____ C:\Users\Funtown\Downloads\FRST.txt
2013-11-21 00:12 - 2013-11-21 00:12 - 00000000 ____D C:\FRST
2013-11-21 00:11 - 2013-11-21 00:11 - 00001786 _____ C:\Users\Funtown\Desktop\JRT.txt
2013-11-21 00:06 - 2013-11-21 00:06 - 01957964 _____ (Farbar) C:\Users\Funtown\Downloads\FRST64.exe
2013-11-21 00:06 - 2013-11-21 00:06 - 00000000 ____D C:\Windows\ERUNT
2013-11-21 00:04 - 2013-11-21 00:04 - 01034531 _____ (Thisisu) C:\Users\Funtown\Downloads\JRT.exe
2013-11-20 23:49 - 2013-11-20 23:51 - 00000000 ____D C:\AdwCleaner
2013-11-20 23:48 - 2013-11-20 23:48 - 01085542 _____ C:\Users\Funtown\Downloads\adwcleaner.exe
2013-11-19 22:57 - 2013-11-20 23:29 - 00000000 ____D C:\Users\Funtown\Desktop\artbattles u 11.21.13
2013-11-19 20:36 - 2013-11-19 21:25 - 00000000 ____D C:\Users\Funtown\Desktop\Scorpions
2013-11-19 00:04 - 2013-11-19 00:04 - 00000167 _____ C:\Users\Funtown\Documents\bodypaintmeeventstopost.txt
2013-11-16 20:10 - 2013-11-16 20:12 - 00000000 ____D C:\Users\Funtown\Desktop\Goldenspiral Video Release Party
2013-11-16 19:54 - 2013-11-16 20:11 - 00000000 ____D C:\Users\Funtown\Desktop\Twurkaholics with just blaze
2013-11-16 15:41 - 2013-11-16 19:55 - 00000000 ____D C:\Users\Funtown\Desktop\Bonfire
2013-11-16 01:01 - 2013-10-12 03:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-16 01:01 - 2013-10-12 03:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-16 01:01 - 2013-10-12 03:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-16 01:01 - 2013-10-12 03:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-16 01:01 - 2013-10-12 03:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-16 01:01 - 2013-10-12 03:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-16 01:01 - 2013-10-12 03:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-16 01:01 - 2013-10-12 03:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-16 01:01 - 2013-10-12 03:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-16 01:01 - 2013-10-12 03:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-16 01:01 - 2013-10-12 03:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-16 01:01 - 2013-10-12 03:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-16 01:01 - 2013-10-12 03:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-16 01:01 - 2013-10-12 03:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-16 01:01 - 2013-10-12 02:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-16 01:01 - 2013-10-12 02:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-16 01:01 - 2013-10-12 02:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-16 01:01 - 2013-10-12 02:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-16 01:01 - 2013-10-12 02:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-16 01:01 - 2013-10-12 02:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-16 01:01 - 2013-10-12 02:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-16 01:01 - 2013-10-12 02:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-16 01:01 - 2013-10-12 02:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-16 01:01 - 2013-10-12 02:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-16 01:01 - 2013-10-12 02:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-16 01:01 - 2013-10-12 02:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-16 01:01 - 2013-10-12 02:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-16 01:01 - 2013-10-12 01:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-16 01:01 - 2013-10-12 01:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-16 01:01 - 2013-10-12 00:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-16 01:01 - 2013-10-12 00:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-15 15:25 - 2013-11-20 23:53 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForFuntown.job
2013-11-15 15:25 - 2013-11-20 19:01 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleForFuntown
2013-11-15 15:08 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-15 15:08 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-15 15:08 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-15 15:08 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-15 15:08 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-15 15:08 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-15 15:08 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-15 15:08 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-15 15:08 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-15 15:08 - 2013-10-03 21:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-15 15:08 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-15 15:08 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-15 15:08 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-15 15:08 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-15 15:08 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-15 15:08 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-15 15:08 - 2013-09-24 21:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-15 15:08 - 2013-09-24 21:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-15 15:08 - 2013-09-24 21:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-15 15:08 - 2013-09-24 21:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-15 15:08 - 2013-09-24 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-15 15:08 - 2013-09-24 21:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-15 15:08 - 2013-09-24 21:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-15 15:08 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-15 15:08 - 2013-09-24 20:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-15 15:08 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-15 15:08 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-15 15:08 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-15 15:08 - 2013-09-24 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-15 15:08 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-07 22:47 - 2013-11-07 23:00 - 00000000 ____D C:\Users\Funtown\Desktop\GoldenSpiral Bodypaint
2013-11-07 01:38 - 2013-11-07 01:39 - 00000000 ____D C:\Users\Funtown\Desktop\SoFancy! Facepainting
2013-11-03 21:36 - 2013-11-03 21:49 - 00005634 _____ C:\Users\Funtown\Desktop\index.html
2013-11-03 13:42 - 2013-11-03 13:42 - 00024783 _____ C:\Users\Funtown\Desktop\dds.txt
2013-11-03 13:42 - 2013-11-03 13:42 - 00010744 _____ C:\Users\Funtown\Desktop\attach.txt
2013-11-03 13:31 - 2013-11-03 13:31 - 00688992 ____R (Swearware) C:\Users\Funtown\Downloads\dds.com
2013-11-02 20:55 - 2013-11-02 20:55 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2013-11-02 20:52 - 2013-11-02 20:54 - 19709440 ____N (Luis Cobian, CobianSoft) C:\Users\Funtown\Downloads\cbSetup.exe
2013-10-24 20:39 - 2013-11-20 23:53 - 00000504 _____ C:\Windows\setupact.log
2013-10-24 20:39 - 2013-10-24 20:39 - 00000948 _____ C:\Windows\PFRO.log
2013-10-24 20:39 - 2013-10-24 20:39 - 00000000 _____ C:\Windows\setuperr.log
 
==================== One Month Modified Files and Folders =======
 
2013-11-21 00:14 - 2013-11-21 00:14 - 01957964 _____ (Farbar) C:\Users\Funtown\Downloads\FRST64 (1).exe
2013-11-21 00:14 - 2013-11-21 00:14 - 00025453 _____ C:\Users\Funtown\Downloads\FRST.txt
2013-11-21 00:14 - 2011-04-18 18:45 - 01343578 _____ C:\Windows\WindowsUpdate.log
2013-11-21 00:12 - 2013-11-21 00:12 - 00000000 ____D C:\FRST
2013-11-21 00:11 - 2013-11-21 00:11 - 00001786 _____ C:\Users\Funtown\Desktop\JRT.txt
2013-11-21 00:06 - 2013-11-21 00:06 - 01957964 _____ (Farbar) C:\Users\Funtown\Downloads\FRST64.exe
2013-11-21 00:06 - 2013-11-21 00:06 - 00000000 ____D C:\Windows\ERUNT
2013-11-21 00:04 - 2013-11-21 00:04 - 01034531 _____ (Thisisu) C:\Users\Funtown\Downloads\JRT.exe
2013-11-21 00:01 - 2011-09-11 21:21 - 00000000 ___RD C:\Users\Funtown\Dropbox
2013-11-21 00:01 - 2011-09-11 21:21 - 00000000 ____D C:\Users\Funtown\AppData\Roaming\Dropbox
2013-11-21 00:00 - 2009-07-13 23:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-21 00:00 - 2009-07-13 23:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-20 23:57 - 2009-07-14 00:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-20 23:53 - 2013-11-15 15:25 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForFuntown.job
2013-11-20 23:53 - 2013-10-24 20:39 - 00000504 _____ C:\Windows\setupact.log
2013-11-20 23:53 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-20 23:51 - 2013-11-20 23:49 - 00000000 ____D C:\AdwCleaner
2013-11-20 23:48 - 2013-11-20 23:48 - 01085542 _____ C:\Users\Funtown\Downloads\adwcleaner.exe
2013-11-20 23:40 - 2012-04-08 18:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-20 23:29 - 2013-11-19 22:57 - 00000000 ____D C:\Users\Funtown\Desktop\artbattles u 11.21.13
2013-11-20 23:27 - 2011-04-27 10:59 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2608021889-4240729758-1469525596-1000UA.job
2013-11-20 19:01 - 2013-11-15 15:25 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleForFuntown
2013-11-20 19:01 - 2011-04-27 10:49 - 00000000 ____D C:\Users\Funtown\AppData\Roaming\HpUpdate
2013-11-20 19:01 - 2011-04-27 10:49 - 00000000 ____D C:\Users\Funtown\AppData\Roaming\HP Support Assistant
2013-11-20 19:00 - 2011-04-30 19:33 - 00000000 ____D C:\Users\Funtown\AppData\Local\Adobe
2013-11-20 18:55 - 2011-04-27 15:43 - 00000000 ____D C:\ProgramData\MFAData
2013-11-20 00:13 - 2011-04-27 11:05 - 00000000 ____D C:\Users\Funtown\AppData\Roaming\FileZilla
2013-11-19 21:25 - 2013-11-19 20:36 - 00000000 ____D C:\Users\Funtown\Desktop\Scorpions
2013-11-19 00:04 - 2013-11-19 00:04 - 00000167 _____ C:\Users\Funtown\Documents\bodypaintmeeventstopost.txt
2013-11-18 20:16 - 2011-04-27 10:59 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2608021889-4240729758-1469525596-1000Core.job
2013-11-18 20:06 - 2011-08-11 02:23 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForMDEIFER$.job
2013-11-18 20:05 - 2011-08-11 02:23 - 00003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMDEIFER$
2013-11-16 22:19 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-11-16 20:12 - 2013-11-16 20:10 - 00000000 ____D C:\Users\Funtown\Desktop\Goldenspiral Video Release Party
2013-11-16 20:11 - 2013-11-16 19:54 - 00000000 ____D C:\Users\Funtown\Desktop\Twurkaholics with just blaze
2013-11-16 19:55 - 2013-11-16 15:41 - 00000000 ____D C:\Users\Funtown\Desktop\Bonfire
2013-11-16 18:48 - 2012-03-01 20:48 - 00000000 ____D C:\Users\Funtown\AppData\Local\Workspace
2013-11-16 13:47 - 2009-07-24 15:14 - 00000000 ____D C:\Windows\Panther
2013-11-16 01:01 - 2013-08-02 16:22 - 00000000 ____D C:\Windows\system32\MRT
2013-11-16 00:58 - 2011-04-27 11:03 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-15 14:53 - 2011-04-18 19:01 - 00000000 ____D C:\ProgramData\PDFC
2013-11-09 13:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-07 23:00 - 2013-11-07 22:47 - 00000000 ____D C:\Users\Funtown\Desktop\GoldenSpiral Bodypaint
2013-11-07 01:39 - 2013-11-07 01:38 - 00000000 ____D C:\Users\Funtown\Desktop\SoFancy! Facepainting
2013-11-03 21:49 - 2013-11-03 21:36 - 00005634 _____ C:\Users\Funtown\Desktop\index.html
2013-11-03 13:42 - 2013-11-03 13:42 - 00024783 _____ C:\Users\Funtown\Desktop\dds.txt
2013-11-03 13:42 - 2013-11-03 13:42 - 00010744 _____ C:\Users\Funtown\Desktop\attach.txt
2013-11-03 13:31 - 2013-11-03 13:31 - 00688992 ____R (Swearware) C:\Users\Funtown\Downloads\dds.com
2013-11-02 20:55 - 2013-11-02 20:55 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2013-11-02 20:54 - 2013-11-02 20:52 - 19709440 ____N (Luis Cobian, CobianSoft) C:\Users\Funtown\Downloads\cbSetup.exe
2013-10-24 20:39 - 2013-10-24 20:39 - 00000948 _____ C:\Windows\PFRO.log
2013-10-24 20:39 - 2013-10-24 20:39 - 00000000 _____ C:\Windows\setuperr.log
2013-10-24 20:38 - 2011-04-27 17:41 - 00001080 _____ C:\Windows\system32\settingsbkup.sfm
2013-10-24 20:38 - 2011-04-27 17:41 - 00001080 _____ C:\Windows\system32\settings.sfm
2013-10-24 20:38 - 2011-04-27 16:00 - 00000000 ____D C:\Users\Funtown\AppData\Roaming\Winamp
2013-10-24 18:51 - 2011-04-27 16:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-24 18:43 - 2011-04-27 15:48 - 00000000 ____D C:\Users\Funtown\AppData\Roaming\uTorrent
 
Some content of TEMP:
====================
C:\Users\Funtown\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-11-20 00:42
 
==================== End Of Log ============================
  • FRST results
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by Funtown (administrator) on MDEIFER on 21-11-2013 00:14:20
Running from C:\Users\Funtown\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Realtek) C:\Program Files (x86)\IOGEAR\11n USB Wireless LAN Utility\RtlService.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Google) C:\Users\Funtown\AppData\Roaming\Google\Google Talk\googletalk.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\Funtown\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTXFISPI.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\IOGEAR\11n USB Wireless LAN Utility\RtWlan.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKCU\...\Run: [Google Update] - C:\Users\Funtown\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-04-27] (Google Inc.)
HKCU\...\Run: [googletalk] - C:\Users\Funtown\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-08-15] (Garmin Ltd or its subsidiaries)
HKCU\...\Run: [AIM for Windows] - C:\Users\Funtown\AppData\Local\AOL\AIM\aim.exe [2937384 2013-03-29] (AOL Inc.)
MountPoints2: {c4336492-705b-11e0-8a11-d485649ec02c} - K:\iStudio.exe
HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [241789 2009-07-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [CTxfiHlp] - C:\Windows\\SysWOW64\CTXFIHLP.EXE [24064 2010-03-05] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\Updreg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [895512 2010-10-22] (PDF Complete Inc)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [AdobeCEPServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
Startup: C:\Users\Funtown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Funtown\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Funtown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=714647&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/HPDSK/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {C81B6083-0FEB-499C-AAB0-5599606415F4} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: PodcastBHO Class - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Funtown\AppData\Roaming\Mozilla\Firefox\Profiles\2jcgvqvr.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ff
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @doubletwist.com/NPPodcast - C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Users\Funtown\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
FF Plugin HKCU: @starfield.com/off - C:\Users\Funtown\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/off64 - C:\Users\Funtown\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/wbe - C:\Users\Funtown\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin HKCU: @starfield.com/wbe64 - C:\Users\Funtown\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Funtown\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Funtown\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Extension: WBE Paste - C:\Users\Funtown\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield
FF Extension: Workspace Email Zoom - C:\Users\Funtown\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield
FF Extension: Adblock Plus - C:\Users\Funtown\AppData\Roaming\Mozilla\Firefox\Profiles\2jcgvqvr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: greasemonkey - C:\Users\Funtown\AppData\Roaming\Mozilla\Firefox\Profiles\2jcgvqvr.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Funtown\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Funtown\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Funtown\AppData\Local\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Funtown\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\Funtown\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Online Storage plug-in) - C:\Users\Funtown\AppData\Roaming\Mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)
CHR Plugin: (Workspace Webmail plug-in 1.0.20.42) - C:\Users\Funtown\AppData\Roaming\Mozilla\plugins\npwbe.dll (Starfield Technology, LLC)
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (doubletwist Plugin 1, 3, 0, 0) - C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Funtown\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Hulu Desktop) - C:\Users\Funtown\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Funtown\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Funtown\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Google Search) - C:\Users\Funtown\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Invite All) - C:\Users\Funtown\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopekjehpibhfpjjcokfmhcaeiclddih\1.25_0
CHR Extension: (Classic for Facebook) - C:\Users\Funtown\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad\0.0.2.1_0
CHR Extension: (Google Wallet) - C:\Users\Funtown\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Facebook Super Select All) - C:\Users\Funtown\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnaoebelpbmmcdoboinnphhoakdnaah\1.4.2_0
CHR Extension: (Gmail) - C:\Users\Funtown\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR StartMenuInternet: Google Chrome - C:\Users\Funtown\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian)
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [220504 2013-08-15] (Garmin Ltd or its subsidiaries)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1121304 2010-10-22] (PDF Complete Inc)
R2 Realtek11nSU; C:\Program Files (x86)\IOGEAR\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-11] (Microsoft Corporation)
S1 SASDIFSV; \??\C:\Users\Funtown\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
S1 SASKUTIL; \??\C:\Users\Funtown\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-21 00:14 - 2013-11-21 00:14 - 01957964 _____ (Farbar) C:\Users\Funtown\Downloads\FRST64 (1).exe
2013-11-21 00:14 - 2013-11-21 00:14 - 00025453 _____ C:\Users\Funtown\Downloads\FRST.txt
2013-11-21 00:12 - 2013-11-21 00:12 - 00000000 ____D C:\FRST
2013-11-21 00:11 - 2013-11-21 00:11 - 00001786 _____ C:\Users\Funtown\Desktop\JRT.txt
2013-11-21 00:06 - 2013-11-21 00:06 - 01957964 _____ (Farbar) C:\Users\Funtown\Downloads\FRST64.exe
2013-11-21 00:06 - 2013-11-21 00:06 - 00000000 ____D C:\Windows\ERUNT
2013-11-21 00:04 - 2013-11-21 00:04 - 01034531 _____ (Thisisu) C:\Users\Funtown\Downloads\JRT.exe
2013-11-20 23:49 - 2013-11-20 23:51 - 00000000 ____D C:\AdwCleaner
2013-11-20 23:48 - 2013-11-20 23:48 - 01085542 _____ C:\Users\Funtown\Downloads\adwcleaner.exe
2013-11-19 22:57 - 2013-11-20 23:29 - 00000000 ____D C:\Users\Funtown\Desktop\artbattles u 11.21.13
2013-11-19 20:36 - 2013-11-19 21:25 - 00000000 ____D C:\Users\Funtown\Desktop\Scorpions
2013-11-19 00:04 - 2013-11-19 00:04 - 00000167 _____ C:\Users\Funtown\Documents\bodypaintmeeventstopost.txt
2013-11-16 20:10 - 2013-11-16 20:12 - 00000000 ____D C:\Users\Funtown\Desktop\Goldenspiral Video Release Party
2013-11-16 19:54 - 2013-11-16 20:11 - 00000000 ____D C:\Users\Funtown\Desktop\Twurkaholics with just blaze
2013-11-16 15:41 - 2013-11-16 19:55 - 00000000 ____D C:\Users\Funtown\Desktop\Bonfire
2013-11-16 01:01 - 2013-10-12 03:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-16 01:01 - 2013-10-12 03:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-16 01:01 - 2013-10-12 03:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-16 01:01 - 2013-10-12 03:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-16 01:01 - 2013-10-12 03:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-16 01:01 - 2013-10-12 03:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-16 01:01 - 2013-10-12 03:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-16 01:01 - 2013-10-12 03:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-16 01:01 - 2013-10-12 03:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-16 01:01 - 2013-10-12 03:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-16 01:01 - 2013-10-12 03:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-16 01:01 - 2013-10-12 03:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-16 01:01 - 2013-10-12 03:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-16 01:01 - 2013-10-12 03:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-16 01:01 - 2013-10-12 02:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-16 01:01 - 2013-10-12 02:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-16 01:01 - 2013-10-12 02:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-16 01:01 - 2013-10-12 02:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-16 01:01 - 2013-10-12 02:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-16 01:01 - 2013-10-12 02:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-16 01:01 - 2013-10-12 02:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-16 01:01 - 2013-10-12 02:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-16 01:01 - 2013-10-12 02:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-16 01:01 - 2013-10-12 02:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-16 01:01 - 2013-10-12 02:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-16 01:01 - 2013-10-12 02:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-16 01:01 - 2013-10-12 02:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-16 01:01 - 2013-10-12 01:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-16 01:01 - 2013-10-12 01:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-16 01:01 - 2013-10-12 00:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-16 01:01 - 2013-10-12 00:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-15 15:25 - 2013-11-20 23:53 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForFuntown.job
2013-11-15 15:25 - 2013-11-20 19:01 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleForFuntown
2013-11-15 15:08 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-15 15:08 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-15 15:08 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-15 15:08 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-15 15:08 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-15 15:08 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-15 15:08 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-15 15:08 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-15 15:08 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-15 15:08 - 2013-10-03 21:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-15 15:08 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-15 15:08 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-15 15:08 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-15 15:08 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-15 15:08 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-15 15:08 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-15 15:08 - 2013-09-24 21:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-15 15:08 - 2013-09-24 21:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-15 15:08 - 2013-09-24 21:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-15 15:08 - 2013-09-24 21:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-15 15:08 - 2013-09-24 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-15 15:08 - 2013-09-24 21:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-15 15:08 - 2013-09-24 21:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-15 15:08 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-15 15:08 - 2013-09-24 20:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-15 15:08 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-15 15:08 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-15 15:08 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-15 15:08 - 2013-09-24 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-15 15:08 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-07 22:47 - 2013-11-07 23:00 - 00000000 ____D C:\Users\Funtown\Desktop\GoldenSpiral Bodypaint
2013-11-07 01:38 - 2013-11-07 01:39 - 00000000 ____D C:\Users\Funtown\Desktop\SoFancy! Facepainting
2013-11-03 21:36 - 2013-11-03 21:49 - 00005634 _____ C:\Users\Funtown\Desktop\index.html
2013-11-03 13:42 - 2013-11-03 13:42 - 00024783 _____ C:\Users\Funtown\Desktop\dds.txt
2013-11-03 13:42 - 2013-11-03 13:42 - 00010744 _____ C:\Users\Funtown\Desktop\attach.txt
2013-11-03 13:31 - 2013-11-03 13:31 - 00688992 ____R (Swearware) C:\Users\Funtown\Downloads\dds.com
2013-11-02 20:55 - 2013-11-02 20:55 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2013-11-02 20:52 - 2013-11-02 20:54 - 19709440 ____N (Luis Cobian, CobianSoft) C:\Users\Funtown\Downloads\cbSetup.exe
2013-10-24 20:39 - 2013-11-20 23:53 - 00000504 _____ C:\Windows\setupact.log
2013-10-24 20:39 - 2013-10-24 20:39 - 00000948 _____ C:\Windows\PFRO.log
2013-10-24 20:39 - 2013-10-24 20:39 - 00000000 _____ C:\Windows\setuperr.log
 
==================== One Month Modified Files and Folders =======
 
2013-11-21 00:14 - 2013-11-21 00:14 - 01957964 _____ (Farbar) C:\Users\Funtown\Downloads\FRST64 (1).exe
2013-11-21 00:14 - 2013-11-21 00:14 - 00025453 _____ C:\Users\Funtown\Downloads\FRST.txt
2013-11-21 00:14 - 2011-04-18 18:45 - 01343578 _____ C:\Windows\WindowsUpdate.log
2013-11-21 00:12 - 2013-11-21 00:12 - 00000000 ____D C:\FRST
2013-11-21 00:11 - 2013-11-21 00:11 - 00001786 _____ C:\Users\Funtown\Desktop\JRT.txt
2013-11-21 00:06 - 2013-11-21 00:06 - 01957964 _____ (Farbar) C:\Users\Funtown\Downloads\FRST64.exe
2013-11-21 00:06 - 2013-11-21 00:06 - 00000000 ____D C:\Windows\ERUNT
2013-11-21 00:04 - 2013-11-21 00:04 - 01034531 _____ (Thisisu) C:\Users\Funtown\Downloads\JRT.exe
2013-11-21 00:01 - 2011-09-11 21:21 - 00000000 ___RD C:\Users\Funtown\Dropbox
2013-11-21 00:01 - 2011-09-11 21:21 - 00000000 ____D C:\Users\Funtown\AppData\Roaming\Dropbox
2013-11-21 00:00 - 2009-07-13 23:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-21 00:00 - 2009-07-13 23:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-20 23:57 - 2009-07-14 00:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-20 23:53 - 2013-11-15 15:25 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForFuntown.job
2013-11-20 23:53 - 2013-10-24 20:39 - 00000504 _____ C:\Windows\setupact.log
2013-11-20 23:53 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-20 23:51 - 2013-11-20 23:49 - 00000000 ____D C:\AdwCleaner
2013-11-20 23:48 - 2013-11-20 23:48 - 01085542 _____ C:\Users\Funtown\Downloads\adwcleaner.exe
2013-11-20 23:40 - 2012-04-08 18:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-20 23:29 - 2013-11-19 22:57 - 00000000 ____D C:\Users\Funtown\Desktop\artbattles u 11.21.13
2013-11-20 23:27 - 2011-04-27 10:59 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2608021889-4240729758-1469525596-1000UA.job
2013-11-20 19:01 - 2013-11-15 15:25 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleForFuntown
2013-11-20 19:01 - 2011-04-27 10:49 - 00000000 ____D C:\Users\Funtown\AppData\Roaming\HpUpdate
2013-11-20 19:01 - 2011-04-27 10:49 - 00000000 ____D C:\Users\Funtown\AppData\Roaming\HP Support Assistant
2013-11-20 19:00 - 2011-04-30 19:33 - 00000000 ____D C:\Users\Funtown\AppData\Local\Adobe
2013-11-20 18:55 - 2011-04-27 15:43 - 00000000 ____D C:\ProgramData\MFAData
2013-11-20 00:13 - 2011-04-27 11:05 - 00000000 ____D C:\Users\Funtown\AppData\Roaming\FileZilla
2013-11-19 21:25 - 2013-11-19 20:36 - 00000000 ____D C:\Users\Funtown\Desktop\Scorpions
2013-11-19 00:04 - 2013-11-19 00:04 - 00000167 _____ C:\Users\Funtown\Documents\bodypaintmeeventstopost.txt
2013-11-18 20:16 - 2011-04-27 10:59 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2608021889-4240729758-1469525596-1000Core.job
2013-11-18 20:06 - 2011-08-11 02:23 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForMDEIFER$.job
2013-11-18 20:05 - 2011-08-11 02:23 - 00003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMDEIFER$
2013-11-16 22:19 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-11-16 20:12 - 2013-11-16 20:10 - 00000000 ____D C:\Users\Funtown\Desktop\Goldenspiral Video Release Party
2013-11-16 20:11 - 2013-11-16 19:54 - 00000000 ____D C:\Users\Funtown\Desktop\Twurkaholics with just blaze
2013-11-16 19:55 - 2013-11-16 15:41 - 00000000 ____D C:\Users\Funtown\Desktop\Bonfire
2013-11-16 18:48 - 2012-03-01 20:48 - 00000000 ____D C:\Users\Funtown\AppData\Local\Workspace
2013-11-16 13:47 - 2009-07-24 15:14 - 00000000 ____D C:\Windows\Panther
2013-11-16 01:01 - 2013-08-02 16:22 - 00000000 ____D C:\Windows\system32\MRT
2013-11-16 00:58 - 2011-04-27 11:03 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-15 14:53 - 2011-04-18 19:01 - 00000000 ____D C:\ProgramData\PDFC
2013-11-09 13:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-07 23:00 - 2013-11-07 22:47 - 00000000 ____D C:\Users\Funtown\Desktop\GoldenSpiral Bodypaint
2013-11-07 01:39 - 2013-11-07 01:38 - 00000000 ____D C:\Users\Funtown\Desktop\SoFancy! Facepainting
2013-11-03 21:49 - 2013-11-03 21:36 - 00005634 _____ C:\Users\Funtown\Desktop\index.html
2013-11-03 13:42 - 2013-11-03 13:42 - 00024783 _____ C:\Users\Funtown\Desktop\dds.txt
2013-11-03 13:42 - 2013-11-03 13:42 - 00010744 _____ C:\Users\Funtown\Desktop\attach.txt
2013-11-03 13:31 - 2013-11-03 13:31 - 00688992 ____R (Swearware) C:\Users\Funtown\Downloads\dds.com
2013-11-02 20:55 - 2013-11-02 20:55 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2013-11-02 20:54 - 2013-11-02 20:52 - 19709440 ____N (Luis Cobian, CobianSoft) C:\Users\Funtown\Downloads\cbSetup.exe
2013-10-24 20:39 - 2013-10-24 20:39 - 00000948 _____ C:\Windows\PFRO.log
2013-10-24 20:39 - 2013-10-24 20:39 - 00000000 _____ C:\Windows\setuperr.log
2013-10-24 20:38 - 2011-04-27 17:41 - 00001080 _____ C:\Windows\system32\settingsbkup.sfm
2013-10-24 20:38 - 2011-04-27 17:41 - 00001080 _____ C:\Windows\system32\settings.sfm
2013-10-24 20:38 - 2011-04-27 16:00 - 00000000 ____D C:\Users\Funtown\AppData\Roaming\Winamp
2013-10-24 18:51 - 2011-04-27 16:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-24 18:43 - 2011-04-27 15:48 - 00000000 ____D C:\Users\Funtown\AppData\Roaming\uTorrent
 
Some content of TEMP:
====================
C:\Users\Funtown\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-11-20 00:42
 
==================== End Of Log ============================

 

  • Addition log
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-11-2013
Ran by Funtown at 2013-11-21 00:15:14
Running from C:\Users\Funtown\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
µTorrent (HKCU Version: 3.3.1.30017)
64 Bit HP CIO Components Installer (Version: 7.2.8)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (x32 Version: 3.4.0.2710)
Adobe Community Help (x32 Version: 3.4.980)
Adobe Download Assistant (x32 Version: 1.2.3)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Media Player (x32 Version: 1.8)
Adobe Photoshop CC (x32 Version: 14.0)
Adobe Photoshop Lightroom 3 64-bit (Version: 3.0.2)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.3.633)
Adobe Update Management Tool (x32 Version: 6.2)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
AIM 7 (x32)
AIM for Windows (HKCU)
Alleycode HTML Editor 2.2.1 (x32)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
AVG 2014 (Version: 14.0.3629)
AVG 2014 (Version: 14.0.4158)
AVG 2014 (Version: 2014.0.4158)
AVG PC Tuneup 2011 (x32 Version: 10.0.0.24)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Bing Bar (x32 Version: 6.0.2282.0)
Bing Bar Platform (x32 Version: 6.0.2282.0)
Bing Rewards Client Installer (x32 Version: 16.0.345.0)
Blackhawk Striker 2 (x32 Version: 2.2.0.95)
Blasterball 3 (x32 Version: 2.2.0.95)
Blio (x32 Version: 2.0.5350)
Bonjour (Version: 3.0.0.10)
Bounce Symphony (x32 Version: 2.2.0.95)
BufferChm (x32 Version: 140.0.212.000)
Build-a-lot 2 (x32 Version: 2.2.0.95)
Cake Mania (x32 Version: 2.2.0.95)
CANON iMAGE GATEWAY MyCamera Download Plugin (x32 Version: 3.1.1.2)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.9.0.9)
Canon MOV Decoder (x32 Version: 1.8.0.7)
Canon MOV Encoder (x32 Version: 1.6.0.1)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.7.0.4)
Canon Utilities Digital Photo Professional 3.10 (x32 Version: 3.10.0.0)
Canon Utilities EOS Sample Music (x32 Version: 1.0.0.204)
Canon Utilities EOS Utility (x32 Version: 2.10.0.0)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (x32 Version: 1.0.0.10)
Canon Utilities Movie Uploader for YouTube (x32 Version: 1.2.0.7)
Canon Utilities PhotoStitch (x32 Version: 3.1.22.46)
Canon Utilities Picture Style Editor (x32 Version: 1.9.0.0)
Canon Utilities ZoomBrowser EX (x32 Version: 6.7.0.24)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.5.0.9)
CCleaner (Version: 4.05)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Cobian Backup 11 Gravity (x32)
Coupon Printer for Windows (x32 Version: 5.0.0.0)
Creative Audio Control Panel (x32 Version: 3.00)
Creative Software AutoUpdate (x32 Version: 1.40)
Creative Sound Blaster Properties x64 Edition (x32 Version: 1.02)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.3210)
D110 (x32 Version: 140.0.283.000)
D3DX10 (x32 Version: 15.4.2368.0902)
Defraggler (Version: 2.04)
Destinations (x32 Version: 140.0.77.000)
DeviceDiscovery (x32 Version: 140.0.212.000)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
Dolby Digital Live Pack (x32 Version: 3.00)
Dora's World Adventure (x32 Version: 2.2.0.95)
doubleTwist (x32 Version: 3.1.4.11347)
Dropbox (HKCU Version: 2.4.2)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412)
Elevated Installer (x32 Version: 2.2.20)
Escape Rosecliff Island (x32 Version: 2.2.0.95)
Farm Frenzy (x32 Version: 2.2.0.95)
FATE (x32 Version: 2.2.0.95)
ffdshow [rev 2527] [2008-12-19] (x32 Version: 1.0)
FileZilla Client 3.6.0.2 (HKCU Version: 3.6.0.2)
Final Drive Nitro (x32 Version: 2.2.0.95)
Garmin Express (x32 Version: 2.2.20)
Garmin Express Tray (x32 Version: 2.2.20)
Garmin Update Service (x32 Version: 2.2.20)
GIMP 2.6.11 (x32 Version: 2.6.11)
Google Chrome (HKCU Version: 31.0.1650.57)
Google Earth (x32 Version: 6.0.2.2074)
Google Talk (remove only) (HKCU)
Google Talk (remove only) (x32)
GPBaseService2 (x32 Version: 140.0.211.000)
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000)
HiJackThis (x32 Version: 1.0.0)
HP Auto (Version: 1.0.12494.3472)
HP Client Services (Version: 1.0.12656.3472)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Game Console (x32)
HP Games (x32 Version: 1.0.1.5)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP MediaSmart DVD (x32 Version: 4.2.4725)
HP MediaSmart Music (x32 Version: 4.2.4517)
HP MediaSmart Photo (x32 Version: 4.2.4513)
HP MediaSmart SmartMenu (Version: 3.1.2.4)
HP MediaSmart Video (x32 Version: 4.2.4522)
HP MediaSmart/TouchSmart Netflix (x32 Version: 1.0.4.0)
HP MovieStore (x32 Version: 1.0.027)
HP MovieStore (x32 Version: 2.0.2)
HP Odometer (x32 Version: 2.10.0000)
HP Photo Creations (x32 Version: 1.0.0.2024)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (Version: 14.0)
HP Product Detection (x32 Version: 11.14.0001)
HP Setup (x32 Version: 8.4.4400.3525)
HP Setup Manager (x32 Version: 1.0.12844.3519)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Support Assistant (x32 Version: 6.1.12.1)
HP Support Information (x32 Version: 10.1.1000)
HP Update (x32 Version: 5.002.003.003)
HP Vision Hardware Diagnostics (Version: 2.1.6.0)
HPAppStudio (x32 Version: 140.0.95.000)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HPPhotoGadget (x32 Version: 140.0.524.000)
HPProductAssistant (x32 Version: 140.0.212.000)
HPSSupply (x32 Version: 140.0.211.000)
Hulu Desktop (HKCU Version: 0.9.14)
iCloud (Version: 2.1.2.8)
IOGEAR Wireless LAN Driver and Utility (x32 Version: 1.00.0154)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kobo (x32 Version: 1.6)
LabelPrint (x32 Version: 2.5.3130)
LightScribe System Software (x32 Version: 1.18.20.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 140.0.212.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (x32 Version: 2.2.114.0)
Microsoft Search Enhancement Pack (x32 Version: 3.0.131.0)
Microsoft Silverlight (x32 Version: 4.0.50401.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412)
Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT Redists (Version: 1.0)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95)
Network64 (Version: 140.0.215.000)
Network64 (Version: 140.0.221.000)
Notepad++ (x32 Version: 5.9)
NVIDIA Display Control Panel (Version: 6.14.12.5936)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA PhysX (x32 Version: 9.10.0224)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
PDF Complete Special Edition (x32 Version: 4.0.14)
PDF Settings CC (x32 Version: 12.0)
Penguins! (x32 Version: 2.2.0.95)
PhotoNow! (x32 Version: 1.1.7717)
Picasa 3 (x32 Version: 3.8)
PictureMover (x32 Version: 3.5.0.33)
Plants vs. Zombies (x32 Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Poker Superstars III (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.95)
Polar Golfer (x32 Version: 2.2.0.95)
Power2Go (x32 Version: 6.1.4329)
PowerDirector (x32 Version: 8.0.3129)
PressReader (x32 Version: 5.10.1102.0)
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000)
QuickTime (x32 Version: 7.74.80.86)
QuickTransfer (x32 Version: 140.0.98.000)
RAIDXpert (x32 Version: 3.2.1540.10)
Recovery Manager (x32 Version: 5.5.3219)
RoxioNow Player (x32 Version: 1.9.5.101)
SAMSUNG Intelli-studio (x32)
Scan (x32 Version: 140.0.80.000)
Search Protection (HKCU Version: 7.5.0.1)
Shop for HP Supplies (Version: 14.0)
SmartWebPrinting (x32 Version: 140.0.186.000)
SolutionCenter (x32 Version: 140.0.214.000)
Sound Blaster X-Fi (x32 Version: 1.0)
Spotify (x32 Version: 0.5.2)
Spybot - Search & Destroy (x32 Version: 1.6.2)
Status (x32 Version: 140.0.256.000)
swMSM (x32 Version: 12.0.0.1)
Toolbox (x32 Version: 140.0.428.000)
TrayApp (x32 Version: 140.0.212.000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Vegas Pro 10.0 (64-bit) (Version: 10.0.470)
Virtual Families (x32 Version: 2.2.0.95)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95)
VirtualDJ Home FREE (x32 Version: 7.0.3)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)
WebReg (x32 Version: 140.0.212.017)
Wheel of Fortune 2 (x32 Version: 2.2.0.95)
Winamp (x32 Version: 5.61 )
Winamp Detector Plug-in (HKCU Version: 1.0.0.1)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.00 (64-bit) (Version: 4.00.0)
Workspace Desktop (HKCU)
Zinio Reader 4 (x32 Version: 4.0.3184)
Zuma Deluxe (x32 Version: 2.2.0.95)
 
==================== Restore Points  =========================
 
27-10-2013 23:00:21 Windows Backup
04-11-2013 00:00:12 Windows Backup
11-11-2013 02:08:22 Windows Backup
16-11-2013 05:58:15 Windows Update
17-11-2013 06:20:19 HPSF Restore Point
17-11-2013 21:45:16 HPSF Restore Point
18-11-2013 02:03:44 Windows Backup
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2011-05-10 23:30 - 00433994 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {2B59EB2A-3EA5-471C-A62B-DEF2930FE59A} - System32\Tasks\HPCeeScheduleForMDEIFER$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {31063DB1-A6D6-4C7E-9EC6-F390B9CA30F0} - System32\Tasks\AdobeAAMUpdater-1.0-MDEIFER-Funtown => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {41C779CD-C414-4011-AD15-B042C66D0553} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {58B679A9-1B65-442E-A965-4C3231FFA703} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2608021889-4240729758-1469525596-1000UA => C:\Users\Funtown\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27] (Google Inc.)
Task: {5FC4C7DA-2C25-4609-83D9-5E53837C0713} - System32\Tasks\{1D2ACDA0-B207-4D06-9352-E7FB67F7C492} => C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe [2010-03-25] (Trend Micro Inc.)
Task: {7599D1EF-024A-4243-9593-76DA965315E3} - System32\Tasks\HPCeeScheduleForFuntown => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {90922C87-FE52-4249-89CD-8BDDABB1840B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-12-15] (Hewlett-Packard)
Task: {BB6862E2-ADCA-4F9F-B262-8AFE80CE9584} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {C2381B70-DDCA-4D0F-93C5-026BF41AD964} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {C5C74C42-B602-4237-B31F-E0B6D81F9F2F} - System32\Tasks\{0B7C7587-953D-4B95-BEC0-AACD0B969C24} => C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe [2010-03-25] (Trend Micro Inc.)
Task: {CF9DE558-A191-4646-A3CF-E7A32BBB8587} - System32\Tasks\{39061034-C2DF-4FF6-9E36-8D7696C0D6EC} => C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe [2010-03-25] (Trend Micro Inc.)
Task: {DCAC3FBA-E600-4BD0-ABCF-9157881DCEA3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E813C3DF-8C2A-483D-B762-22BEF51A5F3F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2608021889-4240729758-1469525596-1000Core => C:\Users\Funtown\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27] (Google Inc.)
Task: {EBD9B01D-6B19-48A5-A0B9-D1AA430A3774} - System32\Tasks\{69977889-4636-4470-AE14-CBA340C6F5A4} => C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe [2010-03-25] (Trend Micro Inc.)
Task: {EF622016-7BEE-494A-9F49-F42AADF4CBA4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {F1B61A5D-5EAA-458D-AACB-CDCA94731649} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {FD97D622-470A-4C67-B3F1-B3FA0BCC28C0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2608021889-4240729758-1469525596-1000Core.job => C:\Users\Funtown\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2608021889-4240729758-1469525596-1000UA.job => C:\Users\Funtown\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForFuntown.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMDEIFER$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-08-15 07:40 - 2013-08-15 07:40 - 00009728 _____ () C:\Program Files (x86)\Garmin\Express Tray\Garmin.Cartography.MapUpdate.Device.DataTypes.dll
2009-12-16 01:44 - 2009-12-16 01:44 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-13 15:48 - 2013-03-13 15:48 - 24978944 _____ () C:\Users\Funtown\AppData\Roaming\Dropbox\bin\libcef.dll
2011-01-17 15:19 - 2011-04-27 15:52 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2011-04-18 18:38 - 2009-12-29 18:50 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2011-04-18 18:38 - 2010-01-27 16:34 - 00178688 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2011-04-27 10:33 - 2009-12-09 20:20 - 00126976 _____ () C:\Program Files (x86)\IOGEAR\11n USB Wireless LAN Utility\EnumDevLib.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00410624 _____ () C:\Program Files (x86)\Winamp\nsutil.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00079360 _____ () C:\Program Files (x86)\Winamp\nde.dll
2011-03-22 13:38 - 2011-04-27 16:01 - 00023040 _____ () C:\Program Files (x86)\Winamp\System\albumart.w5s
2011-03-22 13:38 - 2011-04-27 16:01 - 00174080 _____ () C:\Program Files (x86)\Winamp\System\auth.w5s
2011-03-22 13:38 - 2011-04-27 16:01 - 00019456 _____ () C:\Program Files (x86)\Winamp\System\bmp.w5s
2011-03-22 13:38 - 2011-04-27 16:01 - 00047616 _____ () C:\Program Files (x86)\Winamp\zlib.dll
2011-03-22 13:38 - 2011-04-27 16:01 - 00044544 _____ () C:\Program Files (x86)\Winamp\System\devices.w5s
2011-03-22 13:38 - 2011-04-27 16:01 - 00016896 _____ () C:\Program Files (x86)\Winamp\System\dlmgr.w5s
2011-03-22 13:38 - 2011-04-27 16:01 - 00014336 _____ () C:\Program Files (x86)\Winamp\System\filereader.w5s
2011-03-22 13:38 - 2011-04-27 16:01 - 00019456 _____ () C:\Program Files (x86)\Winamp\System\gif.w5s
2011-03-22 13:38 - 2011-04-27 16:01 - 00016384 _____ () C:\Program Files (x86)\Winamp\System\gracenote.w5s
2011-03-22 13:38 - 2011-04-27 16:01 - 00623616 _____ () C:\Program Files (x86)\Winamp\System\jnetlib.w5s
2011-03-22 13:38 - 2011-04-27 16:01 - 00154624 _____ () C:\Program Files (x86)\Winamp\System\jpeg.w5s
2011-03-22 13:38 - 2011-04-27 16:01 - 00084480 _____ () C:\Program Files (x86)\Winamp\System\playlist.w5s
2011-03-22 13:38 - 2011-04-27 16:01 - 00103936 _____ () C:\Program Files (x86)\Winamp\System\png.w5s
2011-03-22 13:38 - 2011-04-27 16:01 - 00013824 _____ () C:\Program Files (x86)\Winamp\System\primo.w5s
2011-03-22 13:38 - 2011-04-27 16:01 - 00021504 _____ () C:\Program Files (x86)\Winamp\System\tagz.w5s
2011-03-22 13:38 - 2011-04-27 16:01 - 00035328 _____ () C:\Program Files (x86)\Winamp\System\timer.w5s
2011-03-22 13:38 - 2011-04-27 16:01 - 00090112 _____ () C:\Program Files (x86)\Winamp\System\xml.w5s
2011-03-22 13:38 - 2011-04-27 16:00 - 00068608 _____ () C:\Program Files (x86)\Winamp\Plugins\in_avi.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00102400 _____ () C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00072192 _____ () C:\Program Files (x86)\Winamp\Plugins\in_dshow.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00060928 _____ () C:\Program Files (x86)\Winamp\Plugins\in_flac.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00043008 _____ () C:\Program Files (x86)\Winamp\Plugins\in_flv.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00007168 _____ () C:\Program Files (x86)\Winamp\Plugins\in_linein.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00109568 _____ () C:\Program Files (x86)\Winamp\Plugins\in_midi.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00049152 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mkv.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00165376 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mod.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00288768 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00050688 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mp4.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00074752 _____ () C:\Program Files (x86)\Winamp\Plugins\in_nsv.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00023552 _____ () C:\Program Files (x86)\Winamp\Plugins\in_swf.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00252416 _____ () C:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00016896 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wave.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00253440 _____ () C:\Program Files (x86)\Winamp\libsndfile.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00313344 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wm.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00022528 _____ () C:\Program Files (x86)\Winamp\Plugins\out_disk.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00052224 _____ () C:\Program Files (x86)\Winamp\Plugins\out_ds.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00018432 _____ () C:\Program Files (x86)\Winamp\Plugins\out_wave.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 01737728 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_ff.dll
2011-03-22 13:38 - 2011-04-27 16:01 - 00083968 _____ () C:\Program Files (x86)\Winamp\tataki.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00027648 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_hotkeys.dll
2010-11-10 12:29 - 2011-04-27 16:00 - 00183808 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_jumpex.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00312832 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_ml.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00293888 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_local.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00082944 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_playlists.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00126464 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_online.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00250368 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_devices.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00200704 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_disc.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00240640 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_pmp.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00060928 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_android.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00171008 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_ipod.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00020480 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_njb.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00118272 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_p4s.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00053760 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_usb.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00113152 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_wifi.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00027648 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_bookmarks.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00052224 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_history.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00028672 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_autotag.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00057344 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_impex.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00083456 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_plg.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00033792 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_rg.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00031744 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_transcode.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00057344 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_orgler.dll
2011-03-22 13:38 - 2011-04-27 16:00 - 00025600 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_tray.dll
2011-03-22 13:38 - 2011-04-27 16:01 - 00237056 _____ () C:\Program Files (x86)\Winamp\System\aacPlusDecoder.w5s
2012-11-29 16:59 - 2012-11-29 16:59 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-11-15 15:35 - 2013-11-14 06:28 - 00702416 _____ () C:\Users\Funtown\AppData\Local\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
2013-11-15 15:35 - 2013-11-14 06:28 - 00099792 _____ () C:\Users\Funtown\AppData\Local\Google\Chrome\Application\31.0.1650.57\libegl.dll
2013-11-15 15:35 - 2013-11-14 06:29 - 04055504 _____ () C:\Users\Funtown\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
2013-11-15 15:35 - 2013-11-14 06:29 - 00399312 _____ () C:\Users\Funtown\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
2013-11-15 15:35 - 2013-11-14 06:28 - 01619408 _____ () C:\Users\Funtown\AppData\Local\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
2013-11-15 15:35 - 2013-11-14 06:29 - 13582800 _____ () C:\Users\Funtown\AppData\Local\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Internet Access Server
Description: Internet Access Server
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: SASDIFSV
Description: SASDIFSV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SASDIFSV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: SASKUTIL
Description: SASKUTIL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SASKUTIL
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 23%
Total physical RAM: 12279.89 MB
Available physical RAM: 9358.29 MB
Total Pagefile: 24557.97 MB
Available Pagefile: 21280.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:1849.29 GB) (Free:1667.31 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:13.52 GB) (Free:1.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive l: (External Drive) (Fixed) (Total:1863.01 GB) (Free:743.18 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: B64EFDBD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-213368438784) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=-198626934272) - (Type=07 NTFS)
 
==================== End Of Log ============================


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:52 PM

Posted 21 November 2013 - 11:15 AM

Greetings,

Thanks for providing the information. Please consider and do these things for me.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
C:\Users\Funtown\AppData\Local\Temp\Quarantine.exe
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List devices >>(Problem only)<<

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • FSS log
  • MiniToolBox log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 deiph

deiph
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:52 PM

Posted 21 November 2013 - 12:54 PM

  • Fixlog
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-11-2013
Ran by Funtown at 2013-11-21 12:50:52 Run:1
Running from C:\Users\Funtown\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
C:\Users\Funtown\AppData\Local\Temp\Quarantine.exe
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
*****************
 
HKCR\PROTOCOLS\Handler\linkscanner => Key deleted successfully.
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\linkscanner => Key not found.
HKCR\Wow6432Node\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key not found.
C:\Users\Funtown\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\ProgramData\Temp => ":0B4227B4" ADS removed successfully.
 
==== End of Fixlog ====

 

  • FSS log
Farbar Service Scanner Version: 10-11-2013
Ran by Funtown (administrator) on 21-11-2013 at 12:51:17
Running from "C:\Users\Funtown\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-11-15 15:08] - [2013-09-27 20:09] - 0497152 ____A (Microsoft Corporation) 79059559E89D06E8B80CE2944BE20228
 
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-10-09 01:22] - [2013-09-07 21:30] - 1903552 ____A (Microsoft Corporation) 40AF23633D197905F03AB5628C558C51
 
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
  • MiniToolBox log
MiniToolBox by Farbar  Version: 13-07-2013
Ran by Funtown (administrator) on 21-11-2013 at 12:52:09
Running from "C:\Users\Funtown\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
 
There are 14937 more lines starting with "127.0.0.1"
 
========================= IP Configuration: ================================
 
Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Hardware not present)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : mdeifer
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.pa.comcast.net.
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : hsd1.pa.comcast.net.
   Description . . . . . . . . . . . : Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter
   Physical Address. . . . . . . . . : 00-21-79-C2-CC-18
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:b:ab00:5a2:640d:3dbc:5dcd:7473(Preferred) 
   IPv6 Address. . . . . . . . . . . : fd17:51ac:22c6:0:640d:3dbc:5dcd:7473(Preferred) 
   Temporary IPv6 Address. . . . . . : 2601:b:ab00:5a2:c5a6:9387:9074:e8ea(Preferred) 
   Temporary IPv6 Address. . . . . . : fd17:51ac:22c6:0:5d9d:12d0:a93a:690e(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::640d:3dbc:5dcd:7473%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.123(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, November 20, 2013 11:53:13 PM
   Lease Expires . . . . . . . . . . : Friday, November 22, 2013 12:45:19 PM
   Default Gateway . . . . . . . . . : fe80::cad7:19ff:fe92:ff4%11
                                       192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 318775673
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-3E-83-D9-D4-85-64-9E-C0-2C
   DNS Servers . . . . . . . . . . . : 2001:558:feed::1
                                       2001:558:feed::2
                                       75.75.75.75
                                       75.75.76.76
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.pa.comcast.net.
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : D4-85-64-9E-C0-2C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.hsd1.pa.comcast.net.:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.pa.comcast.net.
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:1c81:b07:b81e:4eb4(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::1c81:b07:b81e:4eb4%12(Preferred) 
   Default Gateway . . . . . . . . . : 
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  cdns01.comcast.net
Address:  2001:558:feed::1
 
Name:    google.com
Addresses:  2607:f8b0:4006:801::1002
 74.125.226.226
 74.125.226.230
 74.125.226.232
 74.125.226.225
 74.125.226.229
 74.125.226.233
 74.125.226.238
 74.125.226.227
 74.125.226.224
 74.125.226.228
 74.125.226.231
 
 
Pinging google.com [2607:f8b0:4006:800::1005] with 32 bytes of data:
Reply from 2607:f8b0:4006:800::1005: time=26ms 
Reply from 2607:f8b0:4006:800::1005: time=26ms 
 
Ping statistics for 2607:f8b0:4006:800::1005:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 26ms, Maximum = 26ms, Average = 26ms
Server:  cdns01.comcast.net
Address:  2001:558:feed::1
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.139.183.24
 98.138.253.109
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=107ms TTL=41
Reply from 206.190.36.45: bytes=32 time=103ms TTL=41
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 103ms, Maximum = 107ms, Average = 105ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...00 21 79 c2 cc 18 ......Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter
 10...d4 85 64 9e c0 2c ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.123     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.123    281
    192.168.1.123  255.255.255.255         On-link     192.168.1.123    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.123    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.123    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.123    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 11    281 ::/0                     fe80::cad7:19ff:fe92:ff4
  1    306 ::1/128                  On-link
 12     58 2001::/32                On-link
 12    306 2001:0:9d38:6abd:1c81:b07:b81e:4eb4/128
                                    On-link
 11     33 2601:b:ab00:5a2::/64     On-link
 11     41 2601:b:ab00:5a2::/64     fe80::cad7:19ff:fe92:ff4
 11    281 2601:b:ab00:5a2:640d:3dbc:5dcd:7473/128
                                    On-link
 11    281 2601:b:ab00:5a2:c5a6:9387:9074:e8ea/128
                                    On-link
 11     33 fd17:51ac:22c6::/64      On-link
 11    281 fd17:51ac:22c6:0:5d9d:12d0:a93a:690e/128
                                    On-link
 11    281 fd17:51ac:22c6:0:640d:3dbc:5dcd:7473/128
                                    On-link
 11    281 fe80::/64                On-link
 12    306 fe80::/64                On-link
 12    306 fe80::1c81:b07:b81e:4eb4/128
                                    On-link
 11    281 fe80::640d:3dbc:5dcd:7473/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
 
System errors:
=============
Error: (11/21/2013 00:44:56 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (11/21/2013 00:44:54 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (11/21/2013 02:23:30 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Realtek11nSU service.
 
Error: (11/21/2013 01:23:18 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Realtek11nSU service.
 
 
Microsoft Office Sessions:
=========================
 
========================= Devices: ================================
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Internet Access Server
Description: Internet Access Server
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: SASDIFSV
Description: SASDIFSV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SASDIFSV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: SASKUTIL
Description: SASKUTIL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SASKUTIL
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
**** End of log ****
 
  • How is your computer running?

I'll restart and let ya know! 



#12 deiph

deiph
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:52 PM

Posted 21 November 2013 - 01:00 PM

I still have to choose the network and put in my password everytime... and it shows a yellow caution signal then tells me my username and password aren't correct. But I still stay connected! Sad face! 
 



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:52 PM

Posted 21 November 2013 - 03:13 PM

Let's check/modify a setting.

===================================================

Automatic Network Login with Saved Password

--------------------
  • Click Start, Control Panel, then select Network and Sharing Center
  • Click Manage wireless networks on the left side
  • Left click on the Network you would like to automatically connect to
  • Right click and select Properties
  • On the Connection tab place a checkmark in Connect automatically when this network is in range
  • Click OK
  • Reboot your computer
  • If you are asked to enter a password, enter it and allow it to remember your password
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 deiph

deiph
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:52 PM

Posted 22 November 2013 - 04:46 PM

That setting was already checked. I restarted and it still makes me put in the password! 



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:52 PM

Posted 22 November 2013 - 05:35 PM

Thanks for trying. Please do this.

===================================================

Network Adapters Listed in Device Manager

----------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type devmgmt.msc and press Enter
  • Expand the Network Adapters section by clicking + sign
  • Please list all the entries located under this category
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • List of Network Adapters

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users