Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possibly Hijacked Too


  • This topic is locked This topic is locked
83 replies to this topic

#1 sweetsuzee

sweetsuzee

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 20 November 2013 - 05:28 PM

Dear TB Psychotic - I, too, believe I have been hijacked.  I ran HijackThis and while reviewing the results I was Googling something I thought suspicious which wound up taking me to bleepingcomputer. A little searching and I wound up here (heading of Possibly Hijacked - however, I wasn't allowed to post a reply so I'm here now). After reading that post, I carefully followed your instructions to drj and followed your path. Now that I have a bunch of saved files, can you help me? If so, should I start with the HijackThis log and then copy and paste the other ones in the order your specified?  Please advise and thank you.



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:09 PM

Posted 20 November 2013 - 06:21 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.


We need to see some information about what is happening in your machine.  Please perform the following scan :
 

  •    1. Please download OTL from one of the following mirrors:
             
  • This is THE Mirror
       2. Save it to your desktop.
       3. Double click on the otlDesktopIcon.png  icon on your desktop.
       4. Under the Custom Scan box paste this in
         

    c:\windows\*. /SL
    c:\windows\*. /RP
    netsvcs
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
       5. Push the Quick Scan button.
       6. Two reports will open, copy and paste them in a reply here:
             
  • OTL.txt <-- Will be opened
             
  • Extra.txt <-- Will be minimized

 

Information on A/V control HERE


We also need a new log from the Roguekiller

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again






Thanks and again sorry for the delay.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 sweetsuzee

sweetsuzee
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 20 November 2013 - 08:14 PM

Dear fireman4it:  Before I download anything more, I thought I'd answer your first part and then get your directions.  My OS is Windows 8, 64 bit. No, I have not posted a DDS although I do have a log from today which I ran in HijackThis.  I started having problems a few months ago in that sometimes it takes up to 20 minutes for a link or a site to open.  Other times addresses entered into the URL are ignored and the computer heads to a site I opened maybe 4 or 5 sites earlier such as going to nbc.com when I'm trying to get to google.com.  Sometimes I am directed to a site I’ve never visited but thank God that is infrequently.   But, it does happen. I have also had a lot of "not responding" prompts whereby the computer lags for a long time or actually freezes and I have to shut down and relaunch.  The past 2 days has been the worst in that half the time I open a webpage, I do not see the graphics, etc. but rather the Java script. If I close out and go back to the site a couple of times, eventually the page will open correctly. I clean my cache daily. I’ve run MS’s FixIt.  I've repeatedly flushed my DNS.  I've run Spybot S&D, anti-malware programs, etc. and nothing really serious has been found. Today I had some spare time and decided I must get to the bottom of this because it is really wasting a lot of my time.  I happened to see some instructions given by Marius under the title "Possibly Hijacked" here at BC.  I followed his advice to the letter in that I downloaded, launched and inserted the logs to my desktop for 1) FRST in normal mode, 2) TDSS-Killer, and 3) aswMBR including the most recent update.  So to make sure I understand this correctly, rather than worry about those 3 downloaded, launched and recorded programs, you want me to download 1) OTL, and, 2) Roguekiller.
 
Please advise.  Thanks.  Sue


#4 sweetsuzee

sweetsuzee
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 20 November 2013 - 08:52 PM

OTL logfile created on: 11/20/2013 5:30:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\suesarkis\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.90 Gb Total Physical Memory | 5.63 Gb Available Physical Memory | 71.32% Memory free
9.09 Gb Paging File | 6.54 Gb Available in Paging File | 71.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 445.79 Gb Total Space | 372.59 Gb Free Space | 83.58% Space Free | Partition Type: NTFS
Drive D: | 19.19 Gb Total Space | 2.42 Gb Free Space | 12.60% Space Free | Partition Type: NTFS
 
Computer Name: SUESBABY | User Name: suesarkis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/11/20 17:23:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\suesarkis\Desktop\OTL.exe
PRC - [2013/11/20 08:01:40 | 002,334,384 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/11/20 08:01:40 | 001,643,696 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe
PRC - [2013/11/20 08:01:40 | 000,161,968 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\loggingserver.exe
PRC - [2013/11/06 07:28:31 | 000,166,352 | ---- | M] (APN LLC.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2013/10/31 21:31:24 | 008,252,744 | ---- | M] (Pokki) -- C:\Users\suesarkis\AppData\Local\Pokki\Engine\pokki.exe
PRC - [2013/10/28 17:49:48 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2013/10/07 17:27:35 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2013/09/07 09:20:56 | 000,071,224 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
PRC - [2013/09/07 09:20:48 | 000,045,624 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.7a\shellmon.exe
PRC - [2013/09/06 19:53:15 | 002,368,568 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.7a\AOLBrowser\aolbrowser.exe
PRC - [2013/08/14 14:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/07/23 18:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/19 10:07:36 | 034,072,896 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
PRC - [2013/07/04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/06/03 17:46:06 | 000,015,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2013/05/20 20:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/05/11 02:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/29 14:54:08 | 000,193,576 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe
PRC - [2013/01/28 07:28:58 | 003,179,560 | ---- | M] (Copernic Inc.) -- C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearch.exe
PRC - [2013/01/28 07:28:58 | 001,692,200 | ---- | M] (Copernic Inc.) -- C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe
PRC - [2012/11/06 08:18:50 | 001,140,672 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012/11/06 08:18:34 | 001,120,192 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012/11/05 15:14:34 | 001,343,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2012/10/02 16:23:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2012/08/28 07:53:14 | 000,036,744 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
PRC - [2012/08/24 10:09:20 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/07/25 19:50:01 | 000,088,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\OpenWith.exe
PRC - [2012/07/17 17:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 17:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/17 17:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2011/09/14 21:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/03/07 23:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\AOL\1374881847\ee\aolsoftware.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
PRC - [2003/03/07 04:02:30 | 000,069,632 | ---- | M] (Corel Corporation Limited) -- C:\Program Files (x86)\WordPerfect Office 11\Programs\wpwin11.exe
PRC - [2002/10/10 20:47:44 | 000,589,824 | ---- | M] (PC Dynamics, Inc.) -- C:\Program Files (x86)\Corkboard\CORK.EXE
PRC - [1998/12/23 15:15:20 | 000,359,936 | ---- | M] () -- C:\Program Files (x86)\The Cleaner 2\CLEANER.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/11/20 08:01:40 | 002,334,384 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
MOD - [2013/11/20 08:01:40 | 000,521,904 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\log4cplusU.dll
MOD - [2013/11/20 08:01:40 | 000,145,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.3\SiteSafety.dll
MOD - [2013/11/16 22:54:55 | 016,237,448 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
MOD - [2013/09/07 09:20:57 | 000,048,640 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7a\zlib.dll
MOD - [2013/09/07 09:19:37 | 021,117,440 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7a\libcef.dll
MOD - [2013/09/07 09:19:35 | 000,648,704 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7a\libGLESv2.dll
MOD - [2013/09/07 09:19:35 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7a\libEGL.dll
MOD - [2013/09/07 09:19:22 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7a\components\Tier2Svc.dll
MOD - [2013/09/07 09:19:22 | 000,060,928 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7a\components\DataSvcs.dll
MOD - [2013/09/06 18:11:12 | 001,400,846 | ---- | M] () -- C:\Users\suesarkis\AppData\Local\Pokki\Engine\avcodec-54.dll
MOD - [2013/09/06 18:11:12 | 000,569,856 | ---- | M] () -- C:\Users\suesarkis\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
MOD - [2013/09/06 18:11:12 | 000,222,734 | ---- | M] () -- C:\Users\suesarkis\AppData\Local\Pokki\Engine\avformat-54.dll
MOD - [2013/09/06 18:11:12 | 000,151,054 | ---- | M] () -- C:\Users\suesarkis\AppData\Local\Pokki\Engine\avutil-51.dll
MOD - [2012/05/29 22:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll
MOD - [2003/03/07 04:00:36 | 000,454,723 | ---- | M] () -- C:\Program Files (x86)\WordPerfect Office 11\Programs\PrintEngine110.dll
MOD - [2003/03/07 03:57:38 | 000,057,404 | ---- | M] () -- C:\Program Files (x86)\WordPerfect Office 11\Programs\axcntrls.dll
MOD - [1998/12/23 15:15:20 | 000,359,936 | ---- | M] () -- C:\Program Files (x86)\The Cleaner 2\CLEANER.EXE
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/08/15 21:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/07/01 16:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/06/24 14:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 01:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/03 22:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/03 22:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/08 20:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/01 18:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 18:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/09 15:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 15:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/09/24 15:03:12 | 001,153,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/09/24 15:02:54 | 000,272,176 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012/09/24 15:02:42 | 000,617,776 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/09/24 15:02:16 | 000,149,296 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/09/24 12:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2012/09/19 22:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/09/13 03:33:50 | 000,731,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2012/08/19 21:45:20 | 000,323,072 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/08/16 19:36:54 | 000,149,032 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
SRV:64bit: - [2012/08/15 16:08:14 | 000,135,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012/07/25 19:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/25 19:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 19:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 19:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 19:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 19:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 19:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 19:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 19:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 19:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 19:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 16:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 16:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 16:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 16:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 16:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 16:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/20 14:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2013/11/20 08:01:40 | 001,643,696 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe -- (vToolbarUpdater17.1.3)
SRV - [2013/11/16 22:54:55 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/15 18:52:14 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/06 07:28:31 | 000,166,352 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2013/10/28 17:49:48 | 000,069,792 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet)
SRV - [2013/08/14 14:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/07/23 18:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/06/03 17:46:06 | 000,015,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2013/06/03 14:38:50 | 000,277,640 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/05/20 20:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
SRV - [2013/05/11 02:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/29 14:54:08 | 000,193,576 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)
SRV - [2013/02/05 07:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/11/06 08:18:50 | 001,140,672 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012/11/06 08:18:34 | 001,120,192 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012/09/27 10:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/07 21:06:26 | 002,464,400 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/08/24 10:09:20 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/07/25 19:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/25 19:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/25 19:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012/07/25 19:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2012/07/17 17:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 17:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/17 17:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/04/24 13:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2011/09/14 21:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/11/20 12:17:26 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/11/20 11:23:46 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
DRV:64bit: - [2013/09/05 00:43:42 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/15 21:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/07/20 00:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 00:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/07/20 00:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 00:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/18 01:04:48 | 000,248,632 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgwfpa.sys -- (Avgwfpa)
DRV:64bit: - [2013/07/09 00:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/01 17:41:47 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/07/01 17:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/01 17:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/07/01 16:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/07/01 14:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/07/01 00:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/06/28 22:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/18 17:02:15 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/06/10 13:17:46 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/06/03 14:38:37 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/06/03 13:39:45 | 000,650,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/05/31 19:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/05/22 21:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/20 21:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/05/15 21:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/05/03 23:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/04/29 14:54:08 | 000,043,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\irstrtdv.sys -- (irstrtdv)
DRV:64bit: - [2013/04/24 16:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/04/15 18:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013/03/04 17:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/03/04 17:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/03/02 02:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 02:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/03/02 02:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/01/29 17:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/01/09 17:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/11/26 19:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/19 20:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/06 08:19:20 | 001,345,920 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2012/11/05 19:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/30 10:31:16 | 000,131,968 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2012/10/26 03:17:44 | 000,020,912 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\avgboota.sys -- (Avgboota)
DRV:64bit: - [2012/10/12 00:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/10 23:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/10 10:18:16 | 004,309,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwew00.sys -- (NETwNe64)
DRV:64bit: - [2012/09/24 12:40:56 | 000,043,840 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012/09/24 12:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012/09/19 23:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/19 23:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/09/17 05:57:36 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/09/14 14:09:34 | 000,457,528 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/09/14 14:09:32 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/09/14 14:09:32 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2012/09/13 03:35:08 | 000,162,344 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012/09/13 03:35:08 | 000,162,344 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012/09/06 15:14:02 | 000,273,040 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2012/08/31 09:40:24 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2012/08/19 21:45:20 | 000,542,208 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/08/16 19:31:28 | 000,046,016 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2012/08/16 19:31:28 | 000,019,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\imsevent.sys -- (imsevent)
DRV:64bit: - [2012/08/16 19:31:26 | 000,020,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ikbevent.sys -- (ikbevent)
DRV:64bit: - [2012/08/12 03:47:16 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012/08/06 10:07:08 | 000,068,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2012/07/31 00:04:12 | 000,690,832 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/07/25 21:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/25 21:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/25 21:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/25 21:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/25 21:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/25 21:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/25 21:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/25 21:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/25 21:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/25 21:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/25 21:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/25 21:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/25 21:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/25 21:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/25 21:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/25 21:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/25 21:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 20:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 20:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 19:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 18:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 18:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 18:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 18:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 18:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 18:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 18:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 18:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 18:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 18:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 18:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 18:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 18:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 18:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 18:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 18:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 18:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 18:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 18:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/25 18:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 18:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 18:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/02 15:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/20 13:27:30 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symelam.sys -- (SymELAM)
DRV:64bit: - [2012/06/19 22:40:52 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2006/11/29 14:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\wanatw64.sys -- (wanatw)
DRV - [2013/05/01 03:05:28 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130516.003\ex64.sys -- (NAVEX15)
DRV - [2013/05/01 03:05:28 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/05/01 03:05:28 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/05/01 03:05:28 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130516.003\eng64.sys -- (NAVENG)
DRV - [2013/04/30 14:47:40 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130515.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/04/12 23:09:32 | 001,390,680 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130502.001\BHDrvx64.sys -- (BHDrvx64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
IE - HKLM\..\URLSearchHook: {845cab51-d8d2-472f-8bd9-2b44642d97c2} - C:\Program Files (x86)\Vafmusic9\prxtbVafm.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {E33F5319-BF45-4B58-91F5-608FF08AFD51}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{3ED50F13-D9B3-45AD-9D82-E4AFB74E7E09}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={161D8711-46E8-4D68-8FC4-A6005C9D12A7}&mid=b5a29dbfddf547d39cbabd72a39f4b82-5fe379cac391f6cdd897d42e2165b36221cc1bbf&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-11-04 18:16:37&v=17.0.1.12&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://search.coupons.com/search.asp?p=df&q={searchTerms}
IE - HKCU\..\SearchScopes\{9A607316-AA49-403E-820E-AE5F5D52960B}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
IE - HKCU\..\SearchScopes\{D7A59045-AE04-4DD9-82FF-0753CBC8C10C}: "URL" = http://isearch.shopathome.com?user_id={13642C07-A1E8-4E41-803F-E4D27D32D6F7}&q={searchTerms}
IE - HKCU\..\SearchScopes\{E33F5319-BF45-4B58-91F5-608FF08AFD51}: "URL" = http://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62082;https=127.0.0.1:62082
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://mysearch.avg.com?cid={161D8711-46E8-4D68-8FC4-A6005C9D12A7}&mid=b5a29dbfddf547d39cbabd72a39f4b82-5fe379cac391f6cdd897d42e2165b36221cc1bbf&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-11-04 18:16:37&v=17.1.3.1&pid=safeguard&sg=0&sap=hp"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.3\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\suesarkis\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pokki.com/PokkiDownloadHelper: C:\Users\suesarkis\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll (Pokki)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ [2013/11/20 11:26:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn\ [2013/04/14 12:16:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.1.3.1 [2013/11/20 08:02:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/10/26 14:18:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}: C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2013/07/15 08:54:55 | 000,185,164 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/10/26 14:18:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/15 18:52:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{57319509-7821-41B0-9FDF-3B58F146AE33}: c:\program files (x86)\copernic desktop search - home\firefoxconnector [2013/06/17 15:56:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/15 18:52:11 | 000,000,000 | ---D | M]
 
[2013/09/20 13:14:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\suesarkis\AppData\Roaming\Mozilla\Extensions
[2013/11/18 18:26:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\suesarkis\AppData\Roaming\Mozilla\Firefox\Profiles\lkyzsjpu.default\extensions
[2013/11/13 15:11:33 | 000,000,000 | ---D | M] (InternetHelper3.1) -- C:\Users\suesarkis\AppData\Roaming\Mozilla\Firefox\Profiles\lkyzsjpu.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}
[2013/11/18 18:26:17 | 000,000,000 | ---D | M] (WhiteSmoke New) -- C:\Users\suesarkis\AppData\Roaming\Mozilla\Firefox\Profiles\lkyzsjpu.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
[2013/10/22 09:26:37 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\suesarkis\AppData\Roaming\Mozilla\Firefox\Profiles\lkyzsjpu.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2013/10/24 12:13:13 | 000,000,000 | ---D | M] (Vafmusic9) -- C:\Users\suesarkis\AppData\Roaming\Mozilla\Firefox\Profiles\lkyzsjpu.default\extensions\{845cab51-d8d2-472f-8bd9-2b44642d97c2}
[2013/10/24 12:12:26 | 000,044,294 | ---- | M] () (No name found) -- C:\Users\suesarkis\AppData\Roaming\Mozilla\Firefox\Profiles\lkyzsjpu.default\extensions\addon@defaulttab.com.xpi
[2013/10/27 12:57:33 | 000,002,273 | ---- | M] () -- C:\Users\suesarkis\AppData\Roaming\Mozilla\Firefox\Profiles\lkyzsjpu.default\searchplugins\bingp.xml
[2013/11/15 18:52:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/15 18:52:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/10/26 14:17:50 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://mysearch.avg.com/search?cid={161D8711-46E8-4D68-8FC4-A6005C9D12A7}&mid=b5a29dbfddf547d39cbabd72a39f4b82-5fe379cac391f6cdd897d42e2165b36221cc1bbf&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-11-04 18:16:37&v=17.0.1.12&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://toolbar.avg.com/acp?q={searchTerms}&o=1,
CHR - homepage: http://mysearch.avg.com?cid={161D8711-46E8-4D68-8FC4-A6005C9D12A7}&mid=b5a29dbfddf547d39cbabd72a39f4b82-5fe379cac391f6cdd897d42e2165b36221cc1bbf&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-11-04 18:16:37&v=17.0.1.12&pid=safeguard&sg=0&sap=hp
CHR - Extension: Google Docs = C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Google Drive = C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Vafmusic9 = C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cepjofekolhpdankoembdgfbpehkfkjm\10.22.3.518_0\
CHR - Extension: Vafmusic9 = C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cepjofekolhpdankoembdgfbpehkfkjm\10.22.3.518_0\nativeMessaging\nmHost
CHR - Extension: Google Search = C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: RealDownloader = C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: Norton Identity Protection = C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_1\
CHR - Extension: AVG SafeGuard = C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.1.3.1_0\
CHR - Extension: Google Wallet = C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2012/07/25 21:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Ask Toolbar) - {41525333-2D56-3700-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ARS3-V7\Passport_x64.dll (APN LLC.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (Ask Toolbar) - {41525333-2D56-3700-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ARS3-V7\Passport.dll (APN LLC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Vafmusic9 Toolbar) - {845cab51-d8d2-472f-8bd9-2b44642d97c2} - C:\Program Files (x86)\Vafmusic9\prxtbVafm.dll (Conduit Ltd.)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.3.1\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Ask Toolbar) - {41525333-2D56-3700-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ARS3-V7\Passport_x64.dll (APN LLC.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {41525333-2D56-3700-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ARS3-V7\Passport.dll (APN LLC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Vafmusic9 Toolbar) - {845cab51-d8d2-472f-8bd9-2b44642d97c2} - C:\Program Files (x86)\Vafmusic9\prxtbVafm.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.3.1\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vafmusic9 Toolbar) - {845CAB51-D8D2-472F-8BD9-2B44642D97C2} - C:\Program Files (x86)\Vafmusic9\prxtbVafm.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1374881847\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files (x86)\AOL Desktop 9.7a\AOL.EXE (AOL Inc.)
O4 - HKCU..\Run: [BackgroundContainer] C:\Users\suesarkis\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll (Conduit Ltd.)
O4 - HKCU..\Run: [Copernic Desktop Search - Home] C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe (Copernic Inc.)
O4 - HKCU..\Run: [Pokki] C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform File not found
O4 - HKCU..\Run: [Private WiFi Client] C:\Program Files (x86)\Private Communications\PRIVATE WiFi\WiFiPrivacyClient.exe (Private Communications Corp)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TBHostSupport] C:\Users\suesarkis\AppData\Local\TBHostSupport\TBHostSupport.dll (Conduit Ltd.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyCorkboard.lnk = C:\Program Files (x86)\Corkboard\CORK.EXE (PC Dynamics, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8 - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.4.1 8.8.8.8 8.8.4.4 4.2.2.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1A05F8D-24DB-43C5-8454-FC2348130097}: DhcpNameServer = 192.168.4.1 8.8.8.8 8.8.4.4 4.2.2.6
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.3\ViProtocol.dll (AVG Secure Search)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL) -  File not found
O20 - AppInit_DLLs: (c:\progra~2\optimi~1\optpro~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {74166507-F39E-305E-A972-2C3478E47350} - .NET Framework
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U %SystemRoot%\System32\shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {3A8403F3-90B5-35DC-8926-EB9B907209F9} - .NET Framework
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\SysWow64\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/20 17:15:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\suesarkis\Desktop\OTL.exe
[2013/11/20 13:44:28 | 000,000,000 | ---D | C] -- C:\FRST
[2013/11/20 13:41:55 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\suesarkis\Desktop\aswmbr.exe
[2013/11/20 13:39:30 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\suesarkis\Desktop\tdsskiller.exe
[2013/11/20 13:33:22 | 001,957,964 | ---- | C] (Farbar) -- C:\Users\suesarkis\Desktop\FRST64.exe
[2013/11/17 11:27:08 | 000,000,000 | ---D | C] -- C:\Users\suesarkis\AppData\Local\NativeMessaging
[2013/11/17 11:27:07 | 000,000,000 | ---D | C] -- C:\Users\suesarkis\AppData\Local\WhiteListing
[2013/11/15 18:52:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/13 21:30:54 | 000,000,000 | ---D | C] -- C:\Users\suesarkis\Documents\NovemberChargeFail
[2013/11/04 09:57:30 | 001,859,296 | ---- | C] (Coupons.com Incorporated) -- C:\Program Files (x86)\couponprinter.exe
[2013/10/31 22:05:37 | 000,000,000 | ---D | C] -- C:\Users\suesarkis\AppData\Local\TBHostSupport
[2013/10/29 09:40:40 | 000,000,000 | ---D | C] -- C:\Users\suesarkis\Documents\WONDERFULGRADUATIONMEMORY
[2013/10/26 19:10:12 | 000,000,000 | ---D | C] -- C:\Users\suesarkis\Documents\image001
[2013/10/26 14:19:35 | 000,000,000 | ---D | C] -- C:\Users\suesarkis\AppData\Roaming\RealNetworks
[2013/10/26 14:18:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2013/10/26 14:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/10/26 14:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2013/10/26 14:17:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/10/26 14:17:31 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/10/26 14:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2013/10/26 14:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/26 14:15:42 | 000,000,000 | ---D | C] -- C:\Users\suesarkis\AppData\Roaming\Real
[2013/10/26 14:15:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/10/26 14:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/10/24 12:16:46 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/10/24 12:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vafmusic9
[2013/10/24 12:15:15 | 000,000,000 | ---D | C] -- C:\Users\suesarkis\AppData\Local\Conduit
[2013/10/24 12:14:32 | 000,000,000 | ---D | C] -- C:\Users\suesarkis\AppData\Local\CRE
[2013/10/24 12:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/10/24 12:12:26 | 000,000,000 | ---D | C] -- C:\Users\suesarkis\AppData\Roaming\defaulttab
[2013/10/22 09:26:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AOL Toolbar
[2013/10/22 09:26:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2013/10/22 09:25:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AOL Desktop 9.7a
[2013/10/22 08:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/20 17:32:08 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/20 17:23:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\suesarkis\Desktop\OTL.exe
[2013/11/20 17:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/20 16:39:19 | 000,000,512 | ---- | M] () -- C:\Users\suesarkis\Desktop\MBR.dat
[2013/11/20 13:42:05 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\suesarkis\Desktop\aswmbr.exe
[2013/11/20 13:39:35 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\suesarkis\Desktop\tdsskiller.exe
[2013/11/20 13:33:26 | 001,957,964 | ---- | M] (Farbar) -- C:\Users\suesarkis\Desktop\FRST64.exe
[2013/11/20 12:46:06 | 000,001,457 | ---- | M] () -- C:\Users\suesarkis\Desktop\HijackThis.exe - Shortcut.lnk
[2013/11/20 12:18:39 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/20 12:17:40 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job
[2013/11/20 12:17:26 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013/11/20 12:15:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/20 12:15:08 | 000,017,408 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2013/11/20 11:30:49 | 000,942,994 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/20 11:30:49 | 000,784,932 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/20 11:30:49 | 000,158,904 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/20 11:23:46 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2013/11/20 11:23:36 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2013/11/20 11:23:36 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2013/11/20 11:23:33 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForsuesarkis.job
[2013/11/20 11:23:30 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/11/20 11:23:29 | 2489,966,591 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/20 11:23:13 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2013/11/20 11:23:11 | 000,029,336 | ---- | M] () -- C:\Windows\SysNative\wpbbin.exe
[2013/11/20 08:02:06 | 000,003,723 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/11/20 08:01:40 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/11/17 21:30:15 | 000,000,186 | -H-- | M] () -- C:\IPH.PH
[2013/11/16 21:15:24 | 000,178,252 | ---- | M] () -- C:\Users\suesarkis\Documents\=windows-1252Qrangers_May_be_Spreading_=AB_CBS_DC=2Ehtm=
[2013/11/16 12:10:55 | 000,002,279 | ---- | M] () -- C:\Users\suesarkis\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/16 12:10:54 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/16 10:54:01 | 000,045,328 | ---- | M] () -- C:\Users\suesarkis\Documents\teewww.nrcc.org-NationalRepublicanCongressionalCommittee.htm
[2013/11/14 21:04:13 | 000,039,287 | ---- | M] () -- C:\Users\suesarkis\Documents\Albertson list.wpd
[2013/11/14 20:42:53 | 000,004,150 | ---- | M] () -- C:\Users\suesarkis\Documents\Vons List.wpd
[2013/11/14 20:38:17 | 000,047,289 | ---- | M] () -- C:\Users\suesarkis\Documents\Ralphs current.wpd
[2013/11/13 21:30:54 | 000,056,513 | ---- | M] () -- C:\Users\suesarkis\Documents\NovemberChargeFail.zip
[2013/11/08 22:10:07 | 000,032,752 | ---- | M] () -- C:\Windows\SysWow64\NTAgent.exe
[2013/11/08 07:55:38 | 007,109,105 | ---- | M] () -- C:\Users\suesarkis\Documents\You_Picked_a_Fine_Time.wmv
[2013/11/06 15:23:38 | 000,028,940 | ---- | M] () -- C:\Users\suesarkis\Documents\1450237_10200924221575685_1328301829_n.jpg
[2013/11/04 09:02:21 | 001,859,296 | ---- | M] (Coupons.com Incorporated) -- C:\Program Files (x86)\couponprinter.exe
[2013/10/31 08:06:58 | 001,177,088 | ---- | M] () -- C:\Users\suesarkis\Documents\AFewMoreCritters.pps
[2013/10/30 12:12:51 | 000,026,120 | ---- | M] () -- C:\Users\suesarkis\Documents\1173823_10200555030254274_1340834328_n
[2013/10/29 09:40:40 | 000,109,052 | ---- | M] () -- C:\Users\suesarkis\Documents\WONDERFULGRADUATIONMEMORY.zip
[2013/10/29 08:27:20 | 000,002,985 | ---- | M] () -- C:\Users\suesarkis\Documents\Mike -Unless I hear back differently.wpd
[2013/10/28 21:03:04 | 000,043,520 | ---- | M] () -- C:\Users\suesarkis\Documents\Mr
[2013/10/28 19:55:31 | 000,043,520 | ---- | M] () -- C:\Users\suesarkis\Documents\Pirouzians case
[2013/10/28 17:49:48 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.exe
[2013/10/27 16:01:02 | 000,371,582 | ---- | M] () -- C:\Users\suesarkis\Documents\GLN1012813GPDOpechee.pdf
[2013/10/27 11:40:33 | 000,061,678 | ---- | M] () -- C:\Users\suesarkis\AppData\Roaming\PFP110JPR.{PB
[2013/10/27 11:40:33 | 000,012,358 | ---- | M] () -- C:\Users\suesarkis\AppData\Roaming\PFP110JCM.{PB
[2013/10/27 11:26:29 | 356,947,576 | ---- | M] () -- C:\Users\suesarkis\Desktop\Backup.reg
[2013/10/26 19:10:11 | 000,870,099 | ---- | M] () -- C:\Users\suesarkis\Documents\image001.zip
[2013/10/26 14:19:09 | 000,001,264 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/10/26 14:17:31 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/10/26 14:12:53 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/10/26 11:41:28 | 000,419,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/24 13:18:48 | 000,003,505 | ---- | M] () -- C:\Windows\wininit.ini
[2013/10/24 12:12:34 | 000,000,258 | RHS- | M] () -- C:\Users\suesarkis\ntuser.pol
[2013/10/22 09:27:00 | 000,001,130 | ---- | M] () -- C:\Users\suesarkis\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Desktop 9.7.lnk
[2013/10/22 09:26:55 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\AOL Desktop 9.7.lnk
[2013/10/22 08:07:31 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/11/20 14:21:10 | 000,000,512 | ---- | C] () -- C:\Users\suesarkis\Desktop\MBR.dat
[2013/11/20 12:46:06 | 000,001,457 | ---- | C] () -- C:\Users\suesarkis\Desktop\HijackThis.exe - Shortcut.lnk
[2013/11/17 21:29:55 | 000,000,186 | -H-- | C] () -- C:\IPH.PH
[2013/11/16 21:15:21 | 000,178,252 | ---- | C] () -- C:\Users\suesarkis\Documents\=windows-1252Qrangers_May_be_Spreading_=AB_CBS_DC=2Ehtm=
[2013/11/16 10:54:00 | 000,045,328 | ---- | C] () -- C:\Users\suesarkis\Documents\teewww.nrcc.org-NationalRepublicanCongressionalCommittee.htm
[2013/11/14 21:04:13 | 000,039,287 | ---- | C] () -- C:\Users\suesarkis\Documents\Albertson list.wpd
[2013/11/14 20:42:53 | 000,004,150 | ---- | C] () -- C:\Users\suesarkis\Documents\Vons List.wpd
[2013/11/14 20:38:17 | 000,047,289 | ---- | C] () -- C:\Users\suesarkis\Documents\Ralphs current.wpd
[2013/11/13 21:30:53 | 000,056,513 | ---- | C] () -- C:\Users\suesarkis\Documents\NovemberChargeFail.zip
[2013/11/08 22:08:57 | 000,032,752 | ---- | C] () -- C:\Windows\SysWow64\NTAgent.exe
[2013/11/08 07:54:51 | 007,109,105 | ---- | C] () -- C:\Users\suesarkis\Documents\You_Picked_a_Fine_Time.wmv
[2013/11/06 15:23:37 | 000,028,940 | ---- | C] () -- C:\Users\suesarkis\Documents\1450237_10200924221575685_1328301829_n.jpg
[2013/10/31 08:05:42 | 001,177,088 | ---- | C] () -- C:\Users\suesarkis\Documents\AFewMoreCritters.pps
[2013/10/30 12:12:50 | 000,026,120 | ---- | C] () -- C:\Users\suesarkis\Documents\1173823_10200555030254274_1340834328_n
[2013/10/29 09:40:39 | 000,109,052 | ---- | C] () -- C:\Users\suesarkis\Documents\WONDERFULGRADUATIONMEMORY.zip
[2013/10/29 08:04:56 | 000,002,985 | ---- | C] () -- C:\Users\suesarkis\Documents\Mike -Unless I hear back differently.wpd
[2013/10/28 21:03:03 | 000,043,520 | ---- | C] () -- C:\Users\suesarkis\Documents\Mr
[2013/10/28 19:55:30 | 000,043,520 | ---- | C] () -- C:\Users\suesarkis\Documents\Pirouzians case
[2013/10/27 16:00:59 | 000,371,582 | ---- | C] () -- C:\Users\suesarkis\Documents\GLN1012813GPDOpechee.pdf
[2013/10/27 11:26:09 | 356,947,576 | ---- | C] () -- C:\Users\suesarkis\Desktop\Backup.reg
[2013/10/26 19:10:06 | 000,870,099 | ---- | C] () -- C:\Users\suesarkis\Documents\image001.zip
[2013/10/26 14:19:07 | 000,001,264 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/10/26 11:41:14 | 000,419,648 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/24 22:16:31 | 000,386,923 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013/10/24 14:07:36 | 000,002,058 | ---- | C] () -- C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
[2013/10/24 13:18:26 | 000,003,505 | ---- | C] () -- C:\Windows\wininit.ini
[2013/10/24 12:12:33 | 000,000,258 | RHS- | C] () -- C:\Users\suesarkis\ntuser.pol
[2013/09/28 12:24:11 | 000,003,723 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/09/25 09:06:38 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2013/09/12 08:49:08 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/07/26 15:26:30 | 000,000,006 | ---- | C] () -- C:\Windows\msoffice.ini
[2013/07/16 22:05:15 | 000,007,607 | ---- | C] () -- C:\Users\suesarkis\AppData\Local\resmon.resmoncfg
[2013/06/03 14:39:25 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2013/06/03 14:39:15 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/06/03 14:39:13 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2013/05/02 11:48:49 | 000,061,678 | ---- | C] () -- C:\Users\suesarkis\AppData\Roaming\PFP110JPR.{PB
[2013/05/02 11:48:49 | 000,012,358 | ---- | C] () -- C:\Users\suesarkis\AppData\Roaming\PFP110JCM.{PB
[2013/05/02 11:17:48 | 000,000,264 | ---- | C] () -- C:\Windows\SysWow64\BDEMERGE.INI
[2013/04/14 12:49:52 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2013/04/14 12:03:16 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2012/08/03 14:40:09 | 000,959,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/26 00:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 00:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/25 23:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 17:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 12:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 12:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/25 12:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012/07/25 12:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012/07/25 12:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012/06/02 06:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2012/10/31 17:24:30 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/08/01 22:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/08/01 21:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 19:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 19:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 19:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/08/22 08:34:08 | 000,000,000 | ---D | M] -- C:\Users\suesarkis\AppData\Roaming\AVG
[2013/07/13 11:11:20 | 000,000,000 | ---D | M] -- C:\Users\suesarkis\AppData\Roaming\AVG2013
[2013/10/24 17:19:23 | 000,000,000 | ---D | M] -- C:\Users\suesarkis\AppData\Roaming\defaulttab
[2013/09/28 09:28:46 | 000,000,000 | ---D | M] -- C:\Users\suesarkis\AppData\Roaming\DriverCure
[2013/09/28 09:28:46 | 000,000,000 | ---D | M] -- C:\Users\suesarkis\AppData\Roaming\SpeedMaxPc
[2013/04/14 12:11:50 | 000,000,000 | ---D | M] -- C:\Users\suesarkis\AppData\Roaming\Synaptics
[2013/07/13 11:10:26 | 000,000,000 | ---D | M] -- C:\Users\suesarkis\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< c:\windows\*. /SL >
[2012/07/25 23:22:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2013/04/17 11:07:14 | 000,000,918 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/04/17 11:07:17 | 000,000,922 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013/04/30 15:30:29 | 000,000,366 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForsuesarkis.job
[2013/09/11 11:43:51 | 000,000,444 | ---- | C] () -- C:\Windows\Tasks\DriverUpdate Startup.job
[2013/09/20 13:18:39 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< c:\windows\*. /RP >
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2013/05/08 11:26:45 | 000,000,000 | ---D | M] -- C:\Users\suesarkis\AppData\Roaming\Adobe
[2013/09/04 08:59:35 | 000,000,000 | ---D | M] -- C:\Users\suesarkis\AppData\Roaming\AOL
[2013/08/22 08:34:08 | 000,000,000 | ---D | M] -- C:\Users\suesarkis\AppData\Roaming\AVG
[2013/07/13 11:11:20 | 000,000,000 | ---D | M] -- C:\Users\suesarkis\AppData\Roaming\AVG2013
[2013/05/17 15:28:44 | 000,000,000 | ---D | M] -- C:\Users\suesarkis\AppData\Roaming\Corel
[2013/10/24 17:19:23 | 000,000,000 | ---D | M] -- C:\Users\suesarkis\AppData\Roaming\defaulttab
[2013/09/28 09:28:46 | 000,000,000 | ---D | M] -- C:\Users\suesarkis\AppData\Roaming\DriverCure
[2013/04/29 14:43:00 | 000,000,000 | ---D | M] -- C:\Users\suesarkis\AppData\Roaming\Hewlett-Packard
[2013/04/29 14:55:36 | 000,000,000 | ---D | M] -- C:\Users\suesarkis\AppData\Roaming\hpqlog
[2013/06/03 18:37:54 | 000,000,000 | ---D | M] -- C:\Users\suesarkis\AppData\Roaming\Intel
[2012/10/31 17:33:17 | 000,000,000 | ---D | M] -- C:\Users\suesarkis\AppData\Roaming\Macromedia
[2013/07/13 12:56:16 | 000,000,000 | ---D | M] -- C:\Users\suesarkis\AppData\Roaming\Malwarebytes
[2013/10/28 19:55:38 | 000,000,000 | --SD | M] -- C:\Users\suesarkis\AppData\Roaming\Microsoft
[2013/10/22 09:21:36 | 000,000,000 | ---D | M] -- C:\Users\suesarkis\AppData\Roaming\Mozilla
[2013/10/26 14:19:22 | 000,000,000 | ---D | M] -- C:\Users\suesarkis\AppData\Roaming\Real
[2013/10/26 14:19:35 | 000,000,000 | ---D | M] -- C:\Users\suesarkis\AppData\Roaming\RealNetworks
[2013/09/28 09:28:46 | 000,000,000 | ---D | M] -- C:\Users\suesarkis\AppData\Roaming\SpeedMaxPc
[2013/04/14 12:11:50 | 000,000,000 | ---D | M] -- C:\Users\suesarkis\AppData\Roaming\Synaptics
[2013/07/13 11:10:26 | 000,000,000 | ---D | M] -- C:\Users\suesarkis\AppData\Roaming\TuneUp Software
[2013/08/06 07:32:32 | 000,000,000 | ---D | M] -- C:\Users\suesarkis\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2012/10/31 17:33:14 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\suesarkis\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012/06/12 12:33:12 | 000,470,528 | ---- | M] () -- C:\Users\suesarkis\AppData\Roaming\Mozilla\Firefox\Profiles\lkyzsjpu.default\aolToolbarData\install\sqlite3.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[10 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\drivers\*.sys /90 >
 
< End of report >
OTL Extras logfile created on: 11/20/2013 5:30:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\suesarkis\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.90 Gb Total Physical Memory | 5.63 Gb Available Physical Memory | 71.32% Memory free
9.09 Gb Paging File | 6.54 Gb Available in Paging File | 71.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 445.79 Gb Total Space | 372.59 Gb Free Space | 83.58% Space Free | Partition Type: NTFS
Drive D: | 19.19 Gb Total Space | 2.42 Gb Free Space | 12.60% Space Free | Partition Type: NTFS
 
Computer Name: SUESBABY | User Name: suesarkis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = aolfile_HTM] -- C:\Program Files (x86)\AOL Desktop 9.7a\aol.exe (AOL Inc.)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B551A16-5C2F-432A-84DC-6CB6F0B1DCAA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{74D637B9-FE86-4E29-A2F5-F445D01791B2}" = lport=8182 | protocol=6 | dir=in | name=smedioaccessdb8182 | 
"{A2CDF64A-FE35-46E5-B00D-EBE977FECCE3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{C349E5EA-922E-4E2E-BAC4-002BD4CA6111}" = lport=5353 | protocol=17 | dir=in | name=smedioaccessdb5353 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0072AD7C-A9A5-4F27-A367-07C39A368331}" = dir=out | name=skype | 
"{045F71D1-522B-4A54-ABB1-5D8887CC13E5}" = dir=in | app=c:\users\administrator\appdata\local\microsoft\skydrive\skydrive.exe | 
"{0B54DB0D-384F-4E03-AAD9-F39FF54C0356}" = dir=out | name=ebay | 
"{0C4FC554-9EF8-4D52-83C3-98F1FA488276}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | 
"{0F957D7F-A12A-4D08-9828-A8F82E8A0E0C}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7a\waol.exe | 
"{12D948AC-749D-4239-9C1C-123BF3A06D5A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{1713F984-34AF-4638-A773-F9EBF4190DF0}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe | 
"{2002C6CC-1219-478D-A531-5AA63FABB95A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{267C2001-A4D5-48C4-BB01-1A8AE6EA0D18}" = dir=in | name=skype | 
"{285A5AEB-317C-4AFB-9BD7-AF64DBC577B7}" = dir=out | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{2D5622A6-9055-4598-BE1D-5301BE7DBAB4}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | 
"{2E586298-16E1-497F-8731-DCD1CC45837B}" = dir=out | name=getting started with windows 8 | 
"{3288874B-5ED4-4571-B045-D44289ACE0D4}" = dir=in | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe | 
"{37741DB8-64BD-42BE-BCC4-DC237FD19547}" = dir=out | name=@{microsoft.zunemusic_1.5.177.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{3858B30E-F439-4C7C-AF35-9BC71385E279}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{3941C2E3-BD4B-4839-918A-505A06368D5C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | 
"{39F5207A-2E87-456B-9EA4-62C31579CE39}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | 
"{3C966EFD-0BD9-446D-AF2F-C9723F025EC4}" = dir=in | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe | 
"{3CD857EC-DEFA-4442-8FDC-A80103929E78}" = dir=out | name=google search | 
"{3F9247C7-1ED3-43D9-BA1F-BB353859D7CE}" = dir=in | name=smedio 360 suite for hp | 
"{41CC8747-F781-473E-BAD3-65DD47B031B6}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7\waol.exe | 
"{4541A7B3-ACAF-4120-A4CC-8BE7AAC39702}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7\waol.exe | 
"{495B4BC1-0156-4EF5-B186-FB8E9418A173}" = dir=out | name=iheartradio | 
"{49B628E8-B4D3-4DAC-9AE1-9DE332AD9421}" = dir=out | name=microsoft mahjong | 
"{4CB9C900-D250-43FF-84ED-F2FFBD9ACCF6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{4EF40E4C-60D6-419E-A371-A1357266DA26}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{4FA64809-28E5-4705-A9EF-52A532D261F9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{53CFAD8E-92C1-40DB-8740-25813668D4AB}" = dir=out | name=taptiles | 
"{57B5395E-D0D9-4115-8554-061F6FE126E9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | 
"{59DEFC1D-F579-4424-B5D0-D797B5E49FFD}" = dir=in | name=hp connected photo powered by snapfish | 
"{5A2387B8-E19D-4201-9E1E-D78A563DE041}" = dir=out | name=smedio 360 suite for hp | 
"{5B4572C8-4A0D-43E7-88C8-B3FDC9F75871}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6227DCF1-6CD2-41F3-AF50-465AA542E38E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{626FF99F-7C27-47D5-B815-C3004BE9BFA8}" = dir=out | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{64D9B524-6161-4855-B9AD-8B03A8045F29}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7\waol.exe | 
"{67590D4E-F810-401D-816B-345E35B22060}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{6DC33EEB-90B5-4A00-8C21-7A6E66A7CCCF}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7a\waol.exe | 
"{6EAF657A-7579-483E-8B35-8C42EAD3A91B}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | 
"{7002C500-AA74-4FA5-8ADD-D75C4B0ED66E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{75623F03-B945-41F5-9980-0C9C21330221}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | 
"{7A0F7F9A-0293-41ED-81D0-A277387AD39C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{7AF73B20-6268-4B4C-8AEE-964BBBF33F3F}" = dir=out | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe | 
"{7F5685F6-A9F9-4654-85B4-E485619A0628}" = dir=out | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{8B89E679-05A4-4F3F-94F3-3051D15D7CD3}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7\waol.exe | 
"{95EFDD46-C5F8-4833-A86C-AA5AA2962C43}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{993591CD-6FE7-4597-9BA5-BD8AB96C213C}" = dir=out | name=norton studio | 
"{9A238D50-FF6D-48B8-9E5F-5C9F92866CC3}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{A06BAEBC-C53B-4D3C-A1B7-D8C5C61BFCA6}" = dir=out | name=@{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{A1297289-516A-4E82-9AF4-6E23758ED2AD}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{A4AFF179-D329-4923-BC53-D02A5BC134AB}" = dir=out | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{A90191B3-D785-4115-96FE-1024EE8B7B8D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1374881847\ee\aolsoftware.exe | 
"{B0007DEC-CAD9-4287-ADC7-FA1DBD65E4F2}" = dir=out | name=kindle | 
"{B064A898-B30B-483F-ADB8-208FF17E1861}" = dir=out | name=netflix | 
"{B07FC62A-66BF-4CC2-A540-09EDAF8AF55E}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{B56568FA-BAB1-4789-A0E1-E24F3E4643A9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BD6E906E-7258-4331-A10C-16B8AB55974E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{BE565188-D229-4AD3-B508-D857087926F6}" = dir=out | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe | 
"{C059E332-0929-46E9-B9CC-DD32A207D3D0}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{C072A735-22EA-478D-B30D-84FD4655F925}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{C09358B6-94A3-4546-BFF8-AD13E4CF3307}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{C285DB7D-4679-43F6-B7DD-0719FD6C397B}" = dir=out | name=files&folders | 
"{C2EE8B2F-012B-4809-922C-621E95D38E66}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{C35164CA-A5E5-4B65-B575-168E10508B29}" = dir=out | name=@{microsoft.bingtravel_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{C3670A17-3534-4BB8-917F-3F873B4706D7}" = dir=in | name=microsoft mahjong | 
"{C4F1032D-7EA8-45D2-A930-8A035811E92A}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{C5D75607-406A-4A75-935D-37F18E672263}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{C85D177D-B6A2-412F-B938-C56D8194029D}" = dir=out | name=windows_ie_ac_001 | 
"{CAAC7DF6-0505-4D94-91CA-820460A2C432}" = dir=in | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{CB457D10-8236-4D53-94ED-A83E1C1EFB14}" = dir=out | name=hp connected photo powered by snapfish | 
"{CFADB809-917B-4BB0-B636-28854892D725}" = dir=out | name=windows_ie_ac_001 | 
"{D33A45A7-7D8F-44D8-ABDA-4E173E239E73}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1374881847\ee\aolsoftware.exe | 
"{D35F3C74-3140-4D7E-81A0-DE52086DFC7B}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7\aolbrowser\aolbrowser.exe | 
"{D7F11EB9-844A-49F4-BF94-C8EE7BF77898}" = dir=out | name=@{microsoft.bingsports_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{D8691058-119B-42ED-8328-E1B9A795A295}" = dir=out | name=microsoft solitaire collection | 
"{D8D2340F-38BE-4078-AA32-E671C07867F1}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7a\aolbrowser\aolbrowser.exe | 
"{D94F6A90-ADD7-4D6D-91DA-84E2DA5D1CF0}" = dir=out | name=wordament | 
"{DAE85481-0F3F-4FCA-926B-33E687BEB279}" = dir=out | name=hp registration | 
"{DC11A98A-5D41-487B-A21A-9655D5E0DCDC}" = dir=out | name=fresh paint | 
"{DD51A55C-0E6F-492B-BB8F-CAD3606135F3}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7a\aolbrowser\aolbrowser.exe | 
"{DD743321-6C47-42C5-8A6B-F173B3B01497}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | 
"{E78E2E9B-212C-40B6-B414-ED4CF07EB830}" = dir=in | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E828CEE6-39D3-48CE-93BE-E4A3E4478DD7}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{E82D300F-9816-4A75-A7EC-29D07F49ED81}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7\aolbrowser\aolbrowser.exe | 
"{EB9F8F37-ED47-4394-8BB5-EA3FBA6E484A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{ED30D0D0-6ED8-4237-A0A4-91520015EC91}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{F47E22F8-21F6-47D0-B3F2-FE43CD78FB6C}" = dir=out | name=@{microsoft.zunevideo_1.5.177.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{F720339B-3C71-4F71-BC94-13EF0177AB25}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1593C708-5535-47A4-8C0F-F8D4BE2B4560}" = Intel® PROSet/Wireless WiFi Software
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{24F93B56-61F5-415F-85B9-AA444DA34AFC}" = Microsoft Mouse and Keyboard Center
"{26A24AE4-039D-4CA4-87B4-2F86417040FF}" = Java 7 Update 40 (64-bit)
"{26F481C6-8DBE-4F8B-9D8D-715081C23ADE}" = Adobe Premiere Elements 10
"{273A027B-C0E5-43DD-8880-0F4D6D98949E}" = AVG 2013
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}" = HP 3D DriveGuard
"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170400}" = Java SE Development Kit 7 Update 40 (64-bit)
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}" = HP Registration Service
"{DA2600C1-6BDF-4FD1-1211-148929CC1385}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{DE788AD4-F7CE-4995-ADF8-56174A7B613C}" = Intel® Smart Connect Technology 3.0 x64
"{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}" = Intel® PROSet/Wireless for Bluetooth® + High Speed
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F55C2C4D-694F-4569-A3BC-5FB6C1FDD84C}" = AVG 2013
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"AVG" = AVG 2013
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 3.0
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"PremElem100" = Adobe Premiere Elements 10
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0C57987A-A03A-4B95-A309-D23F78F406CA}" = HP Utility Center
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1ABB46E8-B20F-4567-9A0A-D1D2280FA870}" = HP Documentation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 45
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{3638D219-4AA5-4700-AC4B-272EF2F2DF1B}" = sMedio 360 TrueSync
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40DEF4E7-EECA-415D-9E40-6E0C6E4E80E3}" = DriverUpdate
"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
"{41525333-2D56-3700-76A7-A758B70C0700}" = Ask Toolbar
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{528AB81B-D65A-4AB0-A2B6-82B51A087D01}" = HP Recovery Manager
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{59F8C5AA-91BD-423D-BF05-09A80F39898F}" = HP CoolSense
"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{675D093B-815D-47FD-AB2C-192EC751E8E2}" = HP Software Framework
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77CC64F2-74CE-47D7-A4B0-5AEBA688FC69}" = HP Quick Launch
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869A65AF-221D-4D60-841D-C5D8A231680A}" = PRIVATE WiFi
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{909A6090-E01E-386C-9141-24B2207F2DB4}" = Microsoft Visual C++ 11 x86 Minimum Runtime - 11.0.50503
"{941DE69D-6CEE-4171-8F1F-3D7E352AA498}" = HP Wireless Button Driver
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom
"{9EFDF993-DE8F-355E-96FE-1F9DA7FDCFF3}" = Microsoft Visual C++ 11 x86 Additional Runtime - 11.0.50503
"{9F06F464-479A-403E-AF92-70CBB8D674A1}" = PRE10STI64Installer
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{e87d21bb-3ad1-42d4-94ed-bbc9b8856c25}" = Microsoft Visual C++ 11 Beta Redistributable (x86) - 11.0.50503
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}" = Energy Star
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel® Rapid Start Technology
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CopernicDesktopSearch2" = Copernic Desktop Search - Home
"Corkboard" = MyCorkboard Screen Saver
"Coupon Printer for Windows5.0.0.4" = Coupon Printer for Windows
"CouponBar5.0.0.5" = CouponBar
"DMUninstaller" = DMUninstaller
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PRIVATE WiFi" = PRIVATE WiFi
"RealPlayer 16.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL Inc.)
"StartHPConnectedMusic" = HP Connected Music (Meridian - installer)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 2.0.2
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AOL Toolbar" = AOL Toolbar
"HPConnectedMusic" = HP Connected Music (Meridian - player)
"Pokki" = Pokki
"PokkiDownloadHelper" = Pokki Download Helper
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/4/2013 11:47:42 AM | Computer Name = Suesbaby | Source = Application Error | ID = 1000
Description = Faulting application name: sinf.exe, version: 2.6.6.1, time stamp:
 0x502d93e5  Faulting module name: SysInfo.dll, version: 2.6.6.1, time stamp: 0x502d93da
Exception
 code: 0xc0000005  Fault offset: 0x000424ed  Faulting process id: 0xef0  Faulting application
 start time: 0x01cea986145b51f4  Faulting application path: C:\Program Files (x86)\Common
 Files\AOL\System Information\sinf.exe  Faulting module path: c:\program files (x86)\common
 files\aol\1374881847\ee\services\sysinfo\ver2_6_6_1\SysInfo.dll  Report Id: 54eb0098-1579-11e3-bf3b-6c3be57ba271
Faulting
 package full name:   Faulting package-relative application ID: 
 
Error - 9/4/2013 11:55:34 AM | Computer Name = Suesbaby | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app DefaultBrowser_NOPUBLISHERID!Chrome failed with 
error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional
 information.
 
Error - 9/4/2013 11:58:58 AM | Computer Name = Suesbaby | Source = Application Hang | ID = 1002
Description = The program wwahost.exe version 6.2.9200.16420 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1828    Start
 Time: 01cea98797daaca5    Termination Time: 31    Application Path: C:\Windows\system32\wwahost.exe
 
Report
 Id: e6719a77-157a-11e3-bf3b-6c3be57ba271    Faulting package full name: Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe
 
Faulting
 package-relative application ID: Microsoft.Bing  
 
Error - 9/4/2013 12:03:00 PM | Computer Name = Suesbaby | Source = Microsoft-Windows-Immersive-Shell | ID = 2484
Description = Package Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe was terminated
 because it took too long to suspend.
 
Error - 9/4/2013 12:03:02 PM | Computer Name = Suesbaby | Source = Application Hang | ID = 1002
Description = The program wwahost.exe version 6.2.9200.16420 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1894    Start
 Time: 01cea987b9ce732f    Termination Time: 4294967295    Application Path: C:\Windows\system32\wwahost.exe
 
Report
 Id: 7855649b-157b-11e3-bf3b-6c3be57ba271    Faulting package full name: Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe
 
Faulting
 package-relative application ID: Microsoft.Bing  
 
Error - 9/4/2013 12:21:12 PM | Computer Name = Suesbaby | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app DefaultBrowser_NOPUBLISHERID!Chrome failed with 
error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional
 information.
 
Error - 9/4/2013 12:21:53 PM | Computer Name = Suesbaby | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app DefaultBrowser_NOPUBLISHERID!Chrome failed with 
error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional
 information.
 
Error - 9/4/2013 12:28:26 PM | Computer Name = Suesbaby | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 9/4/2013 12:28:26 PM | Computer Name = Suesbaby | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15484
 
Error - 9/4/2013 12:28:26 PM | Computer Name = Suesbaby | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15484
 
[ System Events ]
Error - 11/4/2013 10:55:59 PM | Computer Name = Suesbaby | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 11/5/2013 12:07:50 PM | Computer Name = Suesbaby | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This 
may result in termination of the connection. The TLS protocol defined fatal error
 code is 70. The Windows SChannel error state is 105.
 
Error - 11/5/2013 12:07:52 PM | Computer Name = Suesbaby | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This 
may result in termination of the connection. The TLS protocol defined fatal error
 code is 70. The Windows SChannel error state is 105.
 
Error - 11/5/2013 12:07:54 PM | Computer Name = Suesbaby | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This 
may result in termination of the connection. The TLS protocol defined fatal error
 code is 70. The Windows SChannel error state is 105.
 
Error - 11/6/2013 1:58:34 PM | Computer Name = Suesbaby | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 11/9/2013 1:06:47 AM | Computer Name = Suesbaby | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:00:50 PM on ?11/?8/?2013 was unexpected.
 
Error - 11/9/2013 1:07:23 AM | Computer Name = Suesbaby | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This 
may result in termination of the connection. The TLS protocol defined fatal error
 code is 43. The Windows SChannel error state is 552.
 
Error - 11/9/2013 1:07:23 AM | Computer Name = Suesbaby | Source = Schannel | ID = 36884
Description = The certificate received from the remote server does not contain the
 expected name. It is therefore not possible to determine whether we are connecting
 to the correct server. The server name we were expecting is client.wns.windows.com.
 The SSL connection request has failed. The attached data contains the server certificate.
 
Error - 11/9/2013 2:06:39 AM | Computer Name = Suesbaby | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:36:48 PM on ?11/?8/?2013 was unexpected.
 
Error - 11/14/2013 4:50:36 AM | Computer Name = Suesbaby | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
 
< End of report >


#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:09 PM

Posted 20 November 2013 - 09:20 PM

1.

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

 

2.

Download AdwCleaner

  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    "Run as administrator"
  • Click the Scan button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 sweetsuzee

sweetsuzee
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 20 November 2013 - 09:56 PM

Here's the RK report - I did not do anything to fix anything since you didn't tell me to - the file on the desktop would not open so I just copied and pasted - Well, I take that back, it will not C&P.  There are some suspicious files and a couple that I have suspected all along.  Should I repeat Rogue Killer and have it fix them?  Please advise.  However, there are 2 files related to Pokki that I do not want to remove.

I have an XP type of desktop thanks to Pokki although I am using Windows 8.  Pokki's been on the computer since the beginning, about 10 months old.

 



#7 sweetsuzee

sweetsuzee
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 21 November 2013 - 01:13 PM

Sorry - I forgot to include the Adw report - here it is -

 

 

# AdwCleaner v3.012 - Report created 21/11/2013 at 10:10:02
# Updated 11/11/2013 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : suesarkis - SUESBABY
# Running from : C:\Users\suesarkis\Desktop\adwcleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : APNMCP
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Found : C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Found : C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
File Found : C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal
File Found : C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Found : C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Found : C:\Users\suesarkis\AppData\Roaming\Mozilla\Firefox\Profiles\lkyzsjpu.default\Extensions\addon@defaulttab.com.xpi
File Found : C:\Users\suesarkis\AppData\Roaming\Mozilla\Firefox\Profiles\lkyzsjpu.default\searchplugins\bingp.xml
File Found : C:\Users\suesarkis\AppData\Roaming\Mozilla\Firefox\Profiles\lkyzsjpu.default\user.js
File Found : C:\Windows\Downloaded Program Files\popcaploader.inf
File Found : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
File Found : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
Folder Found : C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cepjofekolhpdankoembdgfbpehkfkjm
Folder Found : C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\suesarkis\AppData\Roaming\Mozilla\Firefox\Profiles\lkyzsjpu.default\Extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}
Folder Found : C:\Users\suesarkis\AppData\Roaming\Mozilla\Firefox\Profiles\lkyzsjpu.default\Extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
Folder Found : C:\Users\suesarkis\AppData\Roaming\Mozilla\Firefox\Profiles\lkyzsjpu.default\Extensions\{845cab51-d8d2-472f-8bd9-2b44642d97c2}
Folder Found C:\Program Files (x86)\AskPartnerNetwork
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\Program Files (x86)\Common Files\Software Update Utility
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\Searchprotect
Folder Found C:\Program Files (x86)\Vafmusic9
Folder Found C:\Program Files (x86)\Viewpoint
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\AskPartnerNetwork
Folder Found C:\ProgramData\Conduit
Folder Found C:\ProgramData\SpeedMaxPc
Folder Found C:\ProgramData\Viewpoint
Folder Found C:\Users\suesarkis\AppData\Local\Conduit
Folder Found C:\Users\suesarkis\AppData\Local\PackageAware
Folder Found C:\Users\suesarkis\AppData\Local\SwvUpdater
Folder Found C:\Users\suesarkis\AppData\LocalLow\Conduit
Folder Found C:\Users\suesarkis\AppData\LocalLow\PriceGong
Folder Found C:\Users\suesarkis\AppData\LocalLow\Toolbar4
Folder Found C:\Users\suesarkis\AppData\LocalLow\Vafmusic9
Folder Found C:\Users\suesarkis\AppData\Roaming\DefaultTab
Folder Found C:\Users\suesarkis\AppData\Roaming\DriverCure
Folder Found C:\Users\suesarkis\AppData\Roaming\Mozilla\Firefox\Profiles\lkyzsjpu.default\CT3289663
Folder Found C:\Users\suesarkis\AppData\Roaming\Mozilla\Firefox\Profiles\lkyzsjpu.default\CT3289847
Folder Found C:\Users\suesarkis\AppData\Roaming\Mozilla\Firefox\Profiles\lkyzsjpu.default\CT3303002
Folder Found C:\Users\suesarkis\AppData\Roaming\SpeedMaxPc
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\smartbar
Key Found : HKCU\Software\AppDataLow\Software\Vafmusic9
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AskPartnerNetwork
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\cepjofekolhpdankoembdgfbpehkfkjm
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{845CAB51-D8D2-472F-8BD9-2B44642D97C2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{845CAB51-D8D2-472F-8BD9-2B44642D97C2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D20C3CEF-1AC2-4058-85B2-1F4C61C1F06A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\SearchProtect
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SpeedMaxPC
Key Found : [x64] HKCU\Software\AskPartnerNetwork
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\SearchProtect
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\SpeedMaxPC
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\AskPartnerNetwork
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{845CAB51-D8D2-472F-8BD9-2B44642D97C2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D20C3CEF-1AC2-4058-85B2-1F4C61C1F06A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Found : HKLM\Software\Classes\popcaploader.popcaploaderctrl2
Key Found : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3303002
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DefaultTab
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cepjofekolhpdankoembdgfbpehkfkjm
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\Software\hdcode
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37E193D1-CB93-4601-A7E2-8D515DFABAAF}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F2AF1D4F-654D-4477-8B07-F9DF5EC2A8B8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{845CAB51-D8D2-472F-8BD9-2B44642D97C2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D20C3CEF-1AC2-4058-85B2-1F4C61C1F06A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\SpeedMaxPC
Key Found : HKLM\Software\Vafmusic9
Key Found : HKLM\Software\Viewpoint
Key Found : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Found : [x64] HKLM\SOFTWARE\DomaIQ
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{845CAB51-D8D2-472F-8BD9-2B44642D97C2}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{845CAB51-D8D2-472F-8BD9-2B44642D97C2}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{845CAB51-D8D2-472F-8BD9-2B44642D97C2}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Mozilla Firefox v25.0.1 (en-US)
 
[ File : C:\Users\suesarkis\AppData\Roaming\Mozilla\Firefox\Profiles\lkyzsjpu.default\prefs.js ]
 
Line Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
 
-\\ Google Chrome v31.0.1650.57
 
[ File : C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [18402 octets] - [21/11/2013 10:10:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [18463 octets] ##########


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:09 PM

Posted 21 November 2013 - 04:02 PM

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Delete 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 sweetsuzee

sweetsuzee
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 21 November 2013 - 05:06 PM

I believe this is what you are looking for.  Apparently I missed it on the desktop. If this is not what you want, please advise.  Thanks, Sue

 

 

RogueKiller V8.7.8 [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : suesarkis [Admin rights]
Mode : Scan -- Date : 11/20/2013 18:24:35
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Pokki (C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform [-][7][x]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : TBHostSupport ("C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\suesarkis\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin [-][7][x]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : BackgroundContainer ("C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\suesarkis\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [-][7][x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2069550446-780284186-1707450264-1001\[...]\Run : Pokki (C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform [-][7][x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2069550446-780284186-1707450264-1001\[...]\Run : TBHostSupport ("C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\suesarkis\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin [-][7][x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2069550446-780284186-1707450264-1001\[...]\Run : BackgroundContainer ("C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\suesarkis\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [-][7][x]) -> FOUND
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:62082;hxxps=127.0.0.1:62082 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] BackgroundContainer Startup Task : "C:\Windows\SysWOW64\Rundll32.exe" - "C:\Users\suesarkis\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [-][7][x] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) Hitachi HTS545050A7E380 +++++
--- User ---
[MBR] ab654c95aea60a88b8c1d9539cfe94bc
[BSP] ff7f3942db08323cbd166469b1f1bfd5 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ SCSI) Intel Raid 0 Volume +++++
--- User ---
[MBR] 1aeb3382e510f075182e2cec1f94b0de
[BSP] c1b98e95b91780bcfade6a5f5a08a906 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
 
Finished : << RKreport[0]_S_11202013_182435.txt >>


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:09 PM

Posted 21 November 2013 - 07:20 PM

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

 

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Delete 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 sweetsuzee

sweetsuzee
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 22 November 2013 - 12:41 AM

Here's the Adw Cleaner log -

 

 

# AdwCleaner v3.012 - Report created 21/11/2013 at 21:14:38
# Updated 11/11/2013 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : suesarkis - SUESBABY
# Running from : C:\Users\suesarkis\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\suesarkis\AppData\Local\PackageAware
Folder Deleted : C:\Users\suesarkis\AppData\LocalLow\Vafmusic9
Folder Deleted : C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Windows\Downloaded Program Files\popcaploader.inf
File Deleted : C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
File Deleted : C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal
File Deleted : C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
File Deleted : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D20C3CEF-1AC2-4058-85B2-1F4C61C1F06A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D20C3CEF-1AC2-4058-85B2-1F4C61C1F06A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D20C3CEF-1AC2-4058-85B2-1F4C61C1F06A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F2AF1D4F-654D-4477-8B07-F9DF5EC2A8B8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37E193D1-CB93-4601-A7E2-8D515DFABAAF}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\SpeedMaxPC
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Vafmusic9
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\hdcode
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\SpeedMaxPC
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\Software\Vafmusic9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Mozilla Firefox v25.0.1 (en-US)
 
[ File : C:\Users\suesarkis\AppData\Roaming\Mozilla\Firefox\Profiles\lkyzsjpu.default\prefs.js ]
 
Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
 
-\\ Google Chrome v31.0.1650.57
 
[ File : C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [18652 octets] - [21/11/2013 10:10:02]
AdwCleaner[R1].txt - [8229 octets] - [21/11/2013 21:01:13]
AdwCleaner[R2].txt - [8289 octets] - [21/11/2013 21:13:00]
AdwCleaner[R3].txt - [8349 octets] - [21/11/2013 21:13:45]
AdwCleaner[S0].txt - [8338 octets] - [21/11/2013 21:14:38]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8398 octets] ##########

here's the RK log - however, it appears that things are much worse now.  I will go check out a few things.

 

 

RogueKiller V8.7.8 [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : suesarkis [Admin rights]
Mode : Remove -- Date : 11/21/2013 21:33:49
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 2 ¤¤¤
[HIDDEN] MtsAxInstaller.exe -- C:\Users\SUESAR~1\AppData\Local\Temp\vwpt\MtsAxInstaller.exe [-] -> KILLED [TermProc]
[Microsoft][HIDDEN] dllhost.exe -- \Device\HarddiskVolume4\Windows\System32\dllhost.exe [x] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Pokki (C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform [-][x][x]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-2069550446-780284186-1707450264-1001\[...]\Run : Pokki (C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform [-][x][x]) -> [0x2] The system cannot find the file specified. 
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
ÿþ1
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) Hitachi HTS545050A7E380 +++++
--- User ---
[MBR] ab654c95aea60a88b8c1d9539cfe94bc
[BSP] ff7f3942db08323cbd166469b1f1bfd5 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ SCSI) Intel Raid 0 Volume +++++
--- User ---
[MBR] 1aeb3382e510f075182e2cec1f94b0de
[BSP] c1b98e95b91780bcfade6a5f5a08a906 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
 
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) pny USB 2.0 FD USB Device +++++
--- User ---
[MBR] d8e35410f9e2c3fd54a4a1028c920f61
[BSP] d544754c0413e84fe09bfa0a10d0aa82 : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 2 | Size: 30671 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
 
+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) UT163 USB Flash Disk USB Device +++++
--- User ---
[MBR] 3209783a0bf4ddae12e51cd2a3ab7ee9
[BSP] dec9f0908d0564afbcbcc26fa1ab4266 : Empty MBR Code
Partition table:
0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 63 | Size: 1967 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
 
Finished : << RKreport[0]_D_11212013_213349.txt >>
RKreport[0]_S_11202013_182435.txt;RKreport[0]_S_11212013_212535.txt;RKreport[0]_S_11212013_213233.txt


#12 sweetsuzee

sweetsuzee
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 23 November 2013 - 04:02 PM

Here's an update. After cleaning everything out via Rogue Killer, I went to launch the Walgreens site at IE and for the very first time I received a notice that my flash player was not up to date. This made no sense to me as that was one of the very first things I checked. I verified what the current ver is and went to my Control Panel which clearly indicated the correct version. I then decided to launch Adobe's flash player check site on all 4 browsers. AOL, Firefox and Chrome met with positive results. However, IE did not. When I went to install the update, I was prompted that it wasn't necessary since the current version comes embedded in Win 8. However, I knew that was wrong. I then attempted to manually update and I spent the better part of yesterday repeatedly attempting to do the same to no avail following Adobe's instructions to the best of my ability. However, eventually it worked after I received a prompt informing me that the c: drive recycle bin was corrupted and I emptied it. So, now I have the correct flash player version working on this computer completely and I still cannot work the websites I previously complained about such as Walgreens and nuwavepic.com. However, I have seen improvements in other areas although my pages still load slower than they should. However, I do want to thank you for your time and energy already expended in trying to help me solve this problem. Any other thoughts or suggestions about what I should try? Please advise. Sincerely, Sue 

 

 



#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:09 PM

Posted 24 November 2013 - 11:58 AM

 

Any other thoughts or suggestions about what I should try? Please advise. Sincerely, Sue

We are just getting started. We have alot more things we can try. First off we need to make sure there is no malware left on the machine. :whistle:

 

1.

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

 

 

 

2.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 sweetsuzee

sweetsuzee
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 25 November 2013 - 12:04 AM

 
For starters, no matter how many times I try, I have been unable to paste the log from the TDSSKiller here. When I click POST, all it does is show that it is attempting to post but it never finishes.  I waited over an hour one time.  There were NO issues found if tha tmeans anything.  So, I'll try sending this first and maybe try the other again when finished.  However, the FRST was not run the way you instructed. There was absolutely NO way in heck I could get the Advanced Boot Options to work.  When attempting from the flash drive, I would just be told the drive failed. When trying to follow your instructions regarding the boot up, nothing worked and the Lord knows I tried everything.  I've used F8 for "safe mode" startups through the years without problems. Today I was pulling my hair out. I went to the Net and tried a million suggestions, all to no avail.  Therefore, this log was obtained running directly in Windows 8.  
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-11-2013
Ran by suesarkis (administrator) on SUESBABY on 24-11-2013 17:42:57
Running from F:\
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(WinZip Computing, S.L. (WinZip Computing)) C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Conduit) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Conduit) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(PC Dynamics, Inc.) C:\Program Files (x86)\Corkboard\CORK.EXE
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1374881847\ee\aolsoftware.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-19] (IDT, Inc.)
HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2874168 2012-09-14] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-11-05] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Private WiFi Client] - C:\Program Files (x86)\Private Communications\PRIVATE WiFi\WiFiPrivacyClient.exe [971776 2012-12-06] (Private Communications Corp)
HKCU\...\Run: [Copernic Desktop Search - Home] - C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe [1692200 2013-01-28] (Copernic Inc.)
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [AOL Fast Start] - C:\Program Files (x86)\AOL Desktop 9.7a\aol.exe [72760 2013-09-07] (AOL Inc.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-08-24] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-09-23] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HostManager] - C:\Program Files (x86)\Common Files\AOL\1374881847\ee\aolsoftware.exe [41800 2010-03-07] (AOL Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-10-26] (RealNetworks, Inc.)
HKU\Administrator\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
AppInit_DLLs: C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1316640 2013-10-31] (Conduit)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1008928 2013-10-31] (Conduit)
Startup: C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyCorkboard.lnk
ShortcutTarget: MyCorkboard.lnk -> C:\Program Files (x86)\Corkboard\CORK.EXE (PC Dynamics, Inc.)
Startup: C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - No Name - {41525333-2D56-3700-76A7-7A786E7484D7} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
Toolbar: HKCU - No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} -  No File
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.4.1 8.8.8.8 8.8.4.4 4.2.2.6
 
FireFox:
========
FF ProfilePath: C:\Users\suesarkis\AppData\Roaming\Mozilla\Firefox\Profiles\lkyzsjpu.default
FF SearchEngineOrder.3: Bing 
FF Keyword.URL: hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q=
FF Homepage: hxxp://search.conduit.com/?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP183A6681-725B-4F77-9CCD-F478577029F9&SSPV=
FF SelectedSearchEngine: Conduit Search
FF NewTab: hxxp://search.conduit.com/?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP183A6681-725B-4F77-9CCD-F478577029F9
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @viewpoint.com/VMP - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\suesarkis\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\suesarkis\AppData\Roaming\Mozilla\Firefox\Profiles\lkyzsjpu.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [{57319509-7821-41B0-9FDF-3B58F146AE33}] - c:\program files (x86)\copernic desktop search - home\firefoxconnector
FF Extension: Copernic Desktop Search - Search Firefox content - c:\program files (x86)\copernic desktop search - home\firefoxconnector
 
Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP183A6681-725B-4F77-9CCD-F478577029F9&SSPV=
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP183A6681-725B-4F77-9CCD-F478577029F9&SSPV="]},"translate_blocked_languages":["en"
CHR Extension: (Google Docs) - C:\Users\SUESAR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1
CHR Extension: (Google Drive) - C:\Users\SUESAR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1
CHR Extension: (YouTube) - C:\Users\SUESAR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
CHR Extension: (Google Search) - C:\Users\SUESAR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
CHR Extension: (RealDownloader) - C:\Users\SUESAR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0
CHR Extension: (Google Wallet) - C:\Users\SUESAR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\SUESAR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2
CHR HKLM-x32\...\Chrome\Extension: [cepjofekolhpdankoembdgfbpehkfkjm] - C:\Users\suesarkis\AppData\Local\CRE\cepjofekolhpdankoembdgfbpehkfkjm.crx
CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
 
==================== Services (Whitelisted) =================
 
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [1735968 2013-10-31] (Conduit)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2013-04-29] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [149032 2012-08-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)
R2 WINZIPSSDiskOptimizer; C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe [290424 2013-07-15] (WinZip Computing, S.L. (WinZip Computing))
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
S2 vToolbarUpdater17.1.3; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248632 2013-07-18] (AVG Technologies CZ, s.r.o.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [131968 2012-10-30] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1345920 2012-11-06] (Motorola Solutions, Inc.)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [20968 2012-08-16] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [19944 2012-08-16] ()
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2013-04-29] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46016 2012-08-16] ()
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-12] (Corel Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2012-09-06] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-14] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-14] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2013-11-21] ()
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2013-11-24] ()
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-24 16:06 - 2013-11-24 16:06 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2013-11-24 14:14 - 2013-11-24 16:06 - 00002274 _____ C:\Windows\PFRO.log
2013-11-24 14:14 - 2013-11-24 14:15 - 00419648 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-24 11:09 - 2013-11-24 11:09 - 00001342 _____ C:\Windows\IE10_main.log
2013-11-24 11:07 - 2013-11-24 14:15 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-11-24 11:07 - 2013-11-24 11:07 - 00001087 _____ C:\Users\suesarkis\Desktop\MyPC Backup.lnk
2013-11-24 11:07 - 2013-11-24 11:07 - 00000000 ____D C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-11-24 11:07 - 2013-11-24 11:07 - 00000000 ____D C:\Users\suesarkis\AppData\Local\SearchProtect
2013-11-24 11:07 - 2013-11-24 11:07 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-11-24 11:07 - 2013-11-24 11:07 - 00000000 ____D C:\Program Files (x86)\DealsCompare
2013-11-24 11:04 - 2013-11-24 11:04 - 00460224 _____ C:\Users\suesarkis\Downloads\7-zip.exe
2013-11-23 21:37 - 2013-11-23 21:37 - 00000000 ____D C:\Users\suesarkis\AppData\Roaming\WinZip
2013-11-23 21:35 - 2013-11-24 14:15 - 00000536 _____ C:\Windows\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job
2013-11-23 21:35 - 2013-11-24 14:15 - 00000498 _____ C:\Windows\Tasks\WINZIPSS-WINZIPSSOneClickCare.job
2013-11-23 21:35 - 2013-11-23 21:35 - 00003398 _____ C:\Windows\System32\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days
2013-11-23 21:35 - 2013-11-23 21:35 - 00003356 _____ C:\Windows\System32\Tasks\WINZIPSS-WINZIPSSOneClickCare
2013-11-23 21:35 - 2013-07-15 16:41 - 00019064 _____ (WinZip Computing, S.L.(WinZip Computing)) C:\Windows\system32\roboot64.exe
2013-11-23 21:35 - 2012-07-12 17:25 - 00020480 _____ C:\Windows\system32\sasnative64.exe
2013-11-23 21:34 - 2013-11-23 21:37 - 00000000 ____D C:\Program Files (x86)\WinZip System Utilities Suite
2013-11-23 21:34 - 2013-11-23 21:34 - 00002306 _____ C:\Users\Public\Desktop\WinZip System Utilities Suite.lnk
2013-11-23 21:34 - 2013-11-23 21:34 - 00000000 ____D C:\ProgramData\WinZip
2013-11-23 21:33 - 2013-11-23 21:34 - 14166656 _____ (WinZip                                                      ) C:\Users\suesarkis\Downloads\wzsus18.exe
2013-11-23 14:46 - 2013-11-23 14:53 - 44335120 _____ (Microsoft Corporation) C:\Users\suesarkis\Desktop\IE10-Windows6.1-x64-en-us.exe
2013-11-23 08:46 - 2013-11-23 08:46 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-11-23 08:42 - 2013-11-05 14:58 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-23 08:42 - 2013-11-05 14:58 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-23 08:35 - 2013-11-23 08:35 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-11-22 22:03 - 2013-10-10 03:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-11-22 22:03 - 2013-10-10 01:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-22 22:03 - 2013-10-10 01:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-11-22 22:02 - 2013-10-12 00:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-22 22:02 - 2013-10-12 00:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-22 22:02 - 2013-10-12 00:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-22 22:02 - 2013-10-11 23:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-22 22:02 - 2013-10-11 23:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-22 22:02 - 2013-10-11 23:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-22 22:02 - 2013-10-02 15:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-22 22:02 - 2013-10-01 15:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-22 22:02 - 2013-10-01 15:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-22 22:02 - 2013-10-01 14:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-22 22:02 - 2013-09-13 17:15 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-11-22 22:02 - 2013-09-13 14:36 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-11-22 22:02 - 2013-09-13 14:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-11-22 22:02 - 2013-09-13 14:36 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-11-22 22:02 - 2013-09-13 14:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-11-22 22:02 - 2013-09-13 14:36 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-11-22 22:02 - 2013-09-13 14:34 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-11-22 22:02 - 2013-09-13 14:33 - 03279360 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-11-22 22:02 - 2013-09-13 14:33 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-11-22 22:02 - 2013-09-13 14:33 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-11-22 22:02 - 2013-09-13 14:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2013-11-22 22:02 - 2013-09-13 14:33 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-11-22 22:02 - 2013-09-13 14:33 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-11-22 22:02 - 2013-09-13 14:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-11-22 22:02 - 2013-09-13 14:33 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-11-22 22:02 - 2013-09-03 19:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-22 22:02 - 2013-08-29 21:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2013-11-22 22:02 - 2013-08-29 21:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2013-11-22 22:02 - 2013-08-29 15:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2013-11-22 22:02 - 2013-08-20 22:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-11-22 22:02 - 2013-08-09 22:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2013-11-22 22:02 - 2013-08-09 21:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-11-22 22:02 - 2013-08-09 19:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-11-22 22:02 - 2013-07-24 15:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-11-22 22:02 - 2013-07-24 15:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2013-11-22 22:02 - 2013-07-11 17:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2013-11-22 22:02 - 2013-07-11 17:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2013-11-22 22:01 - 2013-10-12 00:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-22 22:01 - 2013-10-12 00:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-22 22:01 - 2013-10-12 00:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-22 22:01 - 2013-10-12 00:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-22 22:01 - 2013-10-12 00:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-22 22:01 - 2013-10-12 00:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-22 22:01 - 2013-10-11 23:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-22 22:01 - 2013-10-11 23:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-22 22:01 - 2013-10-11 23:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-22 22:01 - 2013-10-11 23:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-22 22:01 - 2013-10-11 23:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-22 22:01 - 2013-09-23 14:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-22 22:01 - 2013-09-23 14:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-22 17:31 - 2013-11-22 17:41 - 10378638 _____ C:\Users\suesarkis\Downloads\Windows8.1-KB2898108-x64 (1).msu
2013-11-22 11:46 - 2013-11-22 11:46 - 00869456 _____ C:\Users\suesarkis\Downloads\Norton_Removal_Tool (1).exe
2013-11-22 11:45 - 2013-11-22 11:45 - 00869456 _____ C:\Users\suesarkis\Downloads\Norton_Removal_Tool.exe
2013-11-22 09:54 - 2013-11-22 09:54 - 00002654 _____ C:\Users\suesarkis\Documents\Albertsonss 11-22-2013.wpd
2013-11-22 09:37 - 2013-11-22 09:55 - 00003820 _____ C:\Users\suesarkis\Documents\Vons 11-22-2013.wpd
2013-11-21 21:33 - 2013-11-21 21:33 - 00003316 _____ C:\Users\suesarkis\Desktop\RKreport[0]_D_11212013_213349.txt
2013-11-21 21:32 - 2013-11-21 21:32 - 00003214 _____ C:\Users\suesarkis\Desktop\RKreport[0]_S_11212013_213233.txt
2013-11-21 21:29 - 2013-11-21 21:29 - 00000000 ____D C:\ProgramData\Viewpoint
2013-11-21 21:29 - 2013-11-21 21:29 - 00000000 ____D C:\Program Files (x86)\Viewpoint
2013-11-21 21:25 - 2013-11-21 21:25 - 00001628 _____ C:\Users\suesarkis\Desktop\RKreport[0]_S_11212013_212535.txt
2013-11-21 15:47 - 2013-11-21 15:47 - 00012146 _____ C:\Users\suesarkis\Desktop\JRT.txt
2013-11-21 15:38 - 2013-11-21 15:38 - 00000000 ____D C:\Windows\ERUNT
2013-11-21 15:36 - 2013-11-21 15:36 - 01034531 _____ (Thisisu) C:\Users\suesarkis\Desktop\JRT.exe
2013-11-21 14:36 - 2013-11-21 14:36 - 00000000 ____D C:\_OTL
2013-11-21 10:09 - 2013-11-21 21:37 - 00000000 ____D C:\AdwCleaner
2013-11-21 10:09 - 2013-11-21 10:09 - 01085542 _____ C:\Users\suesarkis\Desktop\adwcleaner.exe
2013-11-20 22:32 - 2013-11-20 22:32 - 00915368 _____ (Oracle Corporation) C:\Users\suesarkis\Desktop\chromeinstall-7u45.exe
2013-11-20 18:24 - 2013-11-20 18:24 - 00003381 _____ C:\Users\suesarkis\Desktop\RKreport[0]_S_11202013_182435.txt
2013-11-20 18:15 - 2013-11-21 21:33 - 00000000 ____D C:\Users\suesarkis\Desktop\RK_Quarantine
2013-11-20 17:53 - 2013-11-20 17:54 - 03679744 _____ C:\Users\suesarkis\Desktop\RogueKiller.exe
2013-11-20 17:44 - 2013-11-20 17:44 - 00079620 _____ C:\Users\suesarkis\Desktop\Extras.Txt
2013-11-20 17:43 - 2013-11-23 13:40 - 00187118 _____ C:\Users\suesarkis\Desktop\OTL.Txt
2013-11-20 17:15 - 2013-11-20 17:23 - 00602112 _____ (OldTimer Tools) C:\Users\suesarkis\Desktop\OTL.exe
2013-11-20 16:29 - 2013-11-20 16:29 - 00347304 _____ (Microsoft Corporation) C:\Users\suesarkis\Downloads\MicrosoftFixit.IEPerformance.RNP.Run.exe
2013-11-20 14:21 - 2013-11-20 16:39 - 00004079 _____ C:\Users\suesarkis\Desktop\aswMBR.txt
2013-11-20 14:21 - 2013-11-20 16:39 - 00000512 _____ C:\Users\suesarkis\Desktop\MBR.dat
2013-11-20 14:01 - 2013-11-20 14:01 - 00030447 _____ C:\Users\suesarkis\Desktop\Addition.txt
2013-11-20 14:00 - 2013-11-20 14:01 - 00067153 _____ C:\Users\suesarkis\Desktop\FRST.txt
2013-11-20 13:44 - 2013-11-20 13:44 - 00000000 ____D C:\FRST
2013-11-20 13:41 - 2013-11-20 13:42 - 04745728 _____ (AVAST Software) C:\Users\suesarkis\Desktop\aswmbr.exe
2013-11-20 13:39 - 2013-11-20 13:39 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\suesarkis\Desktop\tdsskiller.exe
2013-11-20 13:33 - 2013-11-20 13:33 - 01957964 _____ (Farbar) C:\Users\suesarkis\Desktop\FRST64.exe
2013-11-20 12:46 - 2013-11-20 12:46 - 00001457 _____ C:\Users\suesarkis\Desktop\HijackThis.exe - Shortcut.lnk
2013-11-20 07:28 - 2013-11-24 17:00 - 00957002 _____ C:\Windows\WindowsUpdate.log
2013-11-17 21:29 - 2013-11-22 18:09 - 00000369 ____H C:\IPH.PH
2013-11-17 10:38 - 2013-11-17 10:38 - 00018543 _____ C:\Users\suesarkis\Downloads\hijackthis.log
2013-11-16 21:15 - 2013-11-16 21:15 - 00178252 _____ C:\Users\suesarkis\Documents\=windows-1252Qrangers_May_be_Spreading_=AB_CBS_DC=2Ehtm=
2013-11-16 12:11 - 2013-11-16 12:11 - 04434992 _____ (AVG Technologies) C:\Users\suesarkis\Downloads\avg_free_stb_all_2014_4161_affiliate (1).exe
2013-11-16 10:54 - 2013-11-16 10:54 - 00045328 _____ C:\Users\suesarkis\Documents\teewww.nrcc.org-NationalRepublicanCongressionalCommittee.htm
2013-11-15 18:52 - 2013-11-15 18:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 21:04 - 2013-11-14 21:04 - 00039287 _____ C:\Users\suesarkis\Documents\Albertson list.wpd
2013-11-14 20:42 - 2013-11-14 20:42 - 00004150 _____ C:\Users\suesarkis\Documents\Vons List.wpd
2013-11-14 20:38 - 2013-11-14 20:38 - 00047289 _____ C:\Users\suesarkis\Documents\Ralphs current.wpd
2013-11-13 21:30 - 2013-11-13 21:30 - 00056513 _____ C:\Users\suesarkis\Documents\NovemberChargeFail.zip
2013-11-13 21:30 - 2013-11-13 21:30 - 00000000 ____D C:\Users\suesarkis\Documents\NovemberChargeFail
2013-11-08 07:54 - 2013-11-08 07:55 - 07109105 _____ C:\Users\suesarkis\Documents\You_Picked_a_Fine_Time.wmv
2013-10-31 08:05 - 2013-10-31 08:06 - 01177088 _____ C:\Users\suesarkis\Documents\AFewMoreCritters.pps
2013-10-30 12:12 - 2013-10-30 12:12 - 00026120 _____ C:\Users\suesarkis\Documents\1173823_10200555030254274_1340834328_n
2013-10-29 09:40 - 2013-10-29 09:40 - 00109052 _____ C:\Users\suesarkis\Documents\WONDERFULGRADUATIONMEMORY.zip
2013-10-29 09:40 - 2013-10-29 09:40 - 00000000 ____D C:\Users\suesarkis\Documents\WONDERFULGRADUATIONMEMORY
2013-10-29 08:04 - 2013-10-29 08:27 - 00002985 _____ C:\Users\suesarkis\Documents\Mike -Unless I hear back differently.wpd
2013-10-29 07:21 - 2013-10-29 07:21 - 07371616 _____ C:\Users\suesarkis\Downloads\SCUDownloader.exe
2013-10-28 21:03 - 2013-10-28 21:03 - 00043520 _____ C:\Users\suesarkis\Documents\Mr
2013-10-28 19:55 - 2013-10-28 19:55 - 00043520 _____ C:\Users\suesarkis\Documents\Pirouzians case
2013-10-27 11:26 - 2013-10-27 11:26 - 356947576 _____ C:\Users\suesarkis\Desktop\Backup.reg
2013-10-26 19:10 - 2013-10-26 19:10 - 00870099 _____ C:\Users\suesarkis\Documents\image001.zip
2013-10-26 19:10 - 2013-10-26 19:10 - 00000000 ____D C:\Users\suesarkis\Documents\image001
2013-10-26 14:22 - 2013-10-26 14:22 - 00004154 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-26 14:22 - 2013-10-08 06:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-26 14:22 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-26 14:22 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-26 14:22 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-26 14:19 - 2013-10-26 14:19 - 00001264 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2013-10-26 14:19 - 2013-10-26 14:19 - 00000000 ____D C:\Users\suesarkis\AppData\Roaming\RealNetworks
2013-10-26 14:18 - 2013-10-26 14:18 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-10-26 14:18 - 2013-10-26 14:18 - 00000000 ____D C:\ProgramData\RealNetworks
2013-10-26 14:18 - 2013-10-26 14:18 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-10-26 14:17 - 2013-10-26 14:17 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-10-26 14:17 - 2013-10-26 14:17 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-10-26 14:17 - 2013-10-26 14:17 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-10-26 14:16 - 2013-10-26 14:18 - 00000000 ____D C:\Program Files (x86)\Real
2013-10-26 14:15 - 2013-10-26 14:22 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-26 14:15 - 2013-10-26 14:19 - 00000000 ____D C:\Users\suesarkis\AppData\Roaming\Real
2013-10-26 14:14 - 2013-10-26 14:20 - 00000000 ____D C:\ProgramData\Real
2013-10-26 14:11 - 2013-10-26 14:11 - 05938856 _____ (ParetoLogic, Inc.) C:\Users\suesarkis\Downloads\RegCureProSetup.exe
2013-10-26 14:05 - 2013-10-26 14:05 - 00773296 _____ (RealNetworks, Inc.) C:\Users\suesarkis\Downloads\RealPlayer-New-Build-0827.exe
2013-10-25 16:54 - 2013-10-25 16:54 - 04379048 _____ (Piriform Ltd) C:\Users\suesarkis\Downloads\ccsetup407.exe
 
==================== One Month Modified Files and Folders =======
 
2013-11-24 17:37 - 2013-07-26 20:15 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B2E84DCE-1944-445C-A875-3E8412E6C94E}
2013-11-24 17:32 - 2013-04-17 11:07 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-24 17:19 - 2013-07-13 10:59 - 00000000 ____D C:\ProgramData\MFAData
2013-11-24 17:12 - 2013-09-20 13:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-24 17:02 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\system32\sru
2013-11-24 17:00 - 2013-11-20 07:28 - 00957002 _____ C:\Windows\WindowsUpdate.log
2013-11-24 16:21 - 2013-04-14 13:59 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2069550446-780284186-1707450264-1001
2013-11-24 16:07 - 2013-04-17 11:07 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-24 16:06 - 2013-11-24 16:06 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2013-11-24 16:06 - 2013-11-24 14:14 - 00002274 _____ C:\Windows\PFRO.log
2013-11-24 16:06 - 2013-09-25 09:06 - 00017408 _____ C:\Windows\SysWOW64\rpcnetp.dll
2013-11-24 16:06 - 2013-09-25 09:06 - 00017408 _____ C:\Windows\system32\rpcnetp.exe
2013-11-24 16:06 - 2013-06-15 10:24 - 00034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys
2013-11-24 16:06 - 2013-04-16 14:00 - 00069792 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2013-11-24 16:06 - 2013-04-14 12:03 - 00029336 _____ C:\Windows\system32\wpbbin.exe
2013-11-24 16:06 - 2013-04-14 12:03 - 00017408 _____ C:\Windows\SysWOW64\rpcnetp.exe
2013-11-24 16:06 - 2012-07-25 23:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-24 16:05 - 2012-07-25 21:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-11-24 15:07 - 2013-04-23 15:54 - 00000000 ____D C:\Users\suesarkis\Documents\ARTICLES
2013-11-24 14:15 - 2013-11-24 14:14 - 00419648 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-24 14:15 - 2013-11-24 11:07 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-11-24 14:15 - 2013-11-23 21:35 - 00000536 _____ C:\Windows\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job
2013-11-24 14:15 - 2013-11-23 21:35 - 00000498 _____ C:\Windows\Tasks\WINZIPSS-WINZIPSSOneClickCare.job
2013-11-24 12:00 - 2013-04-20 21:38 - 00000000 ____D C:\Users\suesarkis\AppData\Local\CrashDumps
2013-11-24 11:09 - 2013-11-24 11:09 - 00001342 _____ C:\Windows\IE10_main.log
2013-11-24 11:07 - 2013-11-24 11:07 - 00001087 _____ C:\Users\suesarkis\Desktop\MyPC Backup.lnk
2013-11-24 11:07 - 2013-11-24 11:07 - 00000000 ____D C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-11-24 11:07 - 2013-11-24 11:07 - 00000000 ____D C:\Users\suesarkis\AppData\Local\SearchProtect
2013-11-24 11:07 - 2013-11-24 11:07 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-11-24 11:07 - 2013-11-24 11:07 - 00000000 ____D C:\Program Files (x86)\DealsCompare
2013-11-24 11:07 - 2013-04-14 12:13 - 00000000 ___RD C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-24 11:04 - 2013-11-24 11:04 - 00460224 _____ C:\Users\suesarkis\Downloads\7-zip.exe
2013-11-23 21:37 - 2013-11-23 21:37 - 00000000 ____D C:\Users\suesarkis\AppData\Roaming\WinZip
2013-11-23 21:37 - 2013-11-23 21:34 - 00000000 ____D C:\Program Files (x86)\WinZip System Utilities Suite
2013-11-23 21:35 - 2013-11-23 21:35 - 00003398 _____ C:\Windows\System32\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days
2013-11-23 21:35 - 2013-11-23 21:35 - 00003356 _____ C:\Windows\System32\Tasks\WINZIPSS-WINZIPSSOneClickCare
2013-11-23 21:34 - 2013-11-23 21:34 - 00002306 _____ C:\Users\Public\Desktop\WinZip System Utilities Suite.lnk
2013-11-23 21:34 - 2013-11-23 21:34 - 00000000 ____D C:\ProgramData\WinZip
2013-11-23 21:34 - 2013-11-23 21:33 - 14166656 _____ (WinZip                                                      ) C:\Users\suesarkis\Downloads\wzsus18.exe
2013-11-23 16:58 - 2013-07-13 12:54 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-11-23 14:53 - 2013-11-23 14:46 - 44335120 _____ (Microsoft Corporation) C:\Users\suesarkis\Desktop\IE10-Windows6.1-x64-en-us.exe
2013-11-23 13:40 - 2013-11-20 17:43 - 00187118 _____ C:\Users\suesarkis\Desktop\OTL.Txt
2013-11-23 12:30 - 2013-04-23 17:10 - 00000000 ____D C:\Users\suesarkis\Documents\Vanguard
2013-11-23 09:56 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\rescache
2013-11-23 08:48 - 2013-01-14 09:10 - 00000000 ____D C:\ProgramData\Intel
2013-11-23 08:46 - 2013-11-23 08:46 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-11-23 08:46 - 2013-01-14 09:09 - 00000000 ____D C:\Program Files (x86)\Intel
2013-11-23 08:40 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\WinStore
2013-11-23 08:38 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\system32\NDF
2013-11-23 08:35 - 2013-11-23 08:35 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-11-23 08:35 - 2013-01-14 09:12 - 00000000 ____D C:\Program Files\Intel
2013-11-23 08:34 - 2013-04-16 15:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-23 08:34 - 2013-01-14 09:20 - 00000000 ____D C:\ProgramData\Package Cache
2013-11-23 08:34 - 2013-01-14 09:09 - 00000000 ____D C:\Intel
2013-11-23 08:31 - 2013-07-17 15:21 - 00000000 ____D C:\Windows\system32\MRT
2013-11-23 08:30 - 2013-04-17 03:18 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-22 21:45 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-11-22 19:45 - 2013-04-16 14:00 - 00069792 ____N (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
2013-11-22 18:09 - 2013-11-17 21:29 - 00000369 ____H C:\IPH.PH
2013-11-22 18:09 - 2013-10-22 09:25 - 00000000 ____D C:\Program Files (x86)\AOL Desktop 9.7a
2013-11-22 17:41 - 2013-11-22 17:31 - 10378638 _____ C:\Users\suesarkis\Downloads\Windows8.1-KB2898108-x64 (1).msu
2013-11-22 16:59 - 2013-04-30 15:30 - 00000366 _____ C:\Windows\Tasks\HPCeeScheduleForsuesarkis.job
2013-11-22 15:17 - 2013-04-30 15:30 - 00003188 _____ C:\Windows\System32\Tasks\HPCeeScheduleForsuesarkis
2013-11-22 15:17 - 2013-04-14 12:07 - 00000000 ____D C:\Users\suesarkis
2013-11-22 12:25 - 2013-04-23 15:55 - 00000000 ____D C:\Users\suesarkis\Documents\COMPUTER
2013-11-22 11:51 - 2013-01-14 09:31 - 00000000 ____D C:\ProgramData\Norton
2013-11-22 11:50 - 2013-01-14 09:32 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-11-22 11:46 - 2013-11-22 11:46 - 00869456 _____ C:\Users\suesarkis\Downloads\Norton_Removal_Tool (1).exe
2013-11-22 11:45 - 2013-11-22 11:45 - 00869456 _____ C:\Users\suesarkis\Downloads\Norton_Removal_Tool.exe
2013-11-22 11:18 - 2013-09-20 13:18 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-22 11:17 - 2013-04-14 12:14 - 00000000 ____D C:\Users\suesarkis\AppData\Local\Adobe
2013-11-22 09:55 - 2013-11-22 09:37 - 00003820 _____ C:\Users\suesarkis\Documents\Vons 11-22-2013.wpd
2013-11-22 09:54 - 2013-11-22 09:54 - 00002654 _____ C:\Users\suesarkis\Documents\Albertsonss 11-22-2013.wpd
2013-11-22 09:47 - 2013-05-15 10:30 - 00000000 ____D C:\Users\suesarkis\Documents\PASSWORDS
2013-11-22 09:06 - 2013-05-23 09:20 - 00000000 ____D C:\Users\suesarkis\Documents\Legislation
2013-11-21 21:37 - 2013-11-21 10:09 - 00000000 ____D C:\AdwCleaner
2013-11-21 21:33 - 2013-11-21 21:33 - 00003316 _____ C:\Users\suesarkis\Desktop\RKreport[0]_D_11212013_213349.txt
2013-11-21 21:33 - 2013-11-20 18:15 - 00000000 ____D C:\Users\suesarkis\Desktop\RK_Quarantine
2013-11-21 21:32 - 2013-11-21 21:32 - 00003214 _____ C:\Users\suesarkis\Desktop\RKreport[0]_S_11212013_213233.txt
2013-11-21 21:29 - 2013-11-21 21:29 - 00000000 ____D C:\ProgramData\Viewpoint
2013-11-21 21:29 - 2013-11-21 21:29 - 00000000 ____D C:\Program Files (x86)\Viewpoint
2013-11-21 21:25 - 2013-11-21 21:25 - 00001628 _____ C:\Users\suesarkis\Desktop\RKreport[0]_S_11212013_212535.txt
2013-11-21 15:47 - 2013-11-21 15:47 - 00012146 _____ C:\Users\suesarkis\Desktop\JRT.txt
2013-11-21 15:38 - 2013-11-21 15:38 - 00000000 ____D C:\Windows\ERUNT
2013-11-21 15:36 - 2013-11-21 15:36 - 01034531 _____ (Thisisu) C:\Users\suesarkis\Desktop\JRT.exe
2013-11-21 14:44 - 2012-07-25 21:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-11-21 14:41 - 2013-09-11 11:43 - 00016152 _____ C:\Windows\system32\Drivers\SWDUMon.sys
2013-11-21 14:36 - 2013-11-21 14:36 - 00000000 ____D C:\_OTL
2013-11-21 10:09 - 2013-11-21 10:09 - 01085542 _____ C:\Users\suesarkis\Desktop\adwcleaner.exe
2013-11-20 22:32 - 2013-11-20 22:32 - 00915368 _____ (Oracle Corporation) C:\Users\suesarkis\Desktop\chromeinstall-7u45.exe
2013-11-20 18:24 - 2013-11-20 18:24 - 00003381 _____ C:\Users\suesarkis\Desktop\RKreport[0]_S_11202013_182435.txt
2013-11-20 17:54 - 2013-11-20 17:53 - 03679744 _____ C:\Users\suesarkis\Desktop\RogueKiller.exe
2013-11-20 17:44 - 2013-11-20 17:44 - 00079620 _____ C:\Users\suesarkis\Desktop\Extras.Txt
2013-11-20 17:23 - 2013-11-20 17:15 - 00602112 _____ (OldTimer Tools) C:\Users\suesarkis\Desktop\OTL.exe
2013-11-20 16:39 - 2013-11-20 14:21 - 00004079 _____ C:\Users\suesarkis\Desktop\aswMBR.txt
2013-11-20 16:39 - 2013-11-20 14:21 - 00000512 _____ C:\Users\suesarkis\Desktop\MBR.dat
2013-11-20 16:29 - 2013-11-20 16:29 - 00347304 _____ (Microsoft Corporation) C:\Users\suesarkis\Downloads\MicrosoftFixit.IEPerformance.RNP.Run.exe
2013-11-20 14:01 - 2013-11-20 14:01 - 00030447 _____ C:\Users\suesarkis\Desktop\Addition.txt
2013-11-20 14:01 - 2013-11-20 14:00 - 00067153 _____ C:\Users\suesarkis\Desktop\FRST.txt
2013-11-20 13:44 - 2013-11-20 13:44 - 00000000 ____D C:\FRST
2013-11-20 13:42 - 2013-11-20 13:41 - 04745728 _____ (AVAST Software) C:\Users\suesarkis\Desktop\aswmbr.exe
2013-11-20 13:39 - 2013-11-20 13:39 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\suesarkis\Desktop\tdsskiller.exe
2013-11-20 13:33 - 2013-11-20 13:33 - 01957964 _____ (Farbar) C:\Users\suesarkis\Desktop\FRST64.exe
2013-11-20 12:46 - 2013-11-20 12:46 - 00001457 _____ C:\Users\suesarkis\Desktop\HijackThis.exe - Shortcut.lnk
2013-11-20 11:30 - 2012-07-25 23:28 - 00942994 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-20 08:02 - 2013-09-28 12:24 - 00003723 _____ C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-11-20 08:01 - 2013-07-13 11:10 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-11-20 08:01 - 2013-07-13 11:10 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-11-18 23:07 - 2013-05-19 13:42 - 00000000 ____D C:\Users\suesarkis\Documents\LOCATES
2013-11-18 20:27 - 2013-05-23 09:22 - 00000000 ____D C:\Users\suesarkis\Documents\PHONE BOOK
2013-11-18 15:17 - 2013-04-29 14:40 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-11-18 15:17 - 2013-04-29 14:40 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-11-18 15:14 - 2013-04-24 07:40 - 00000000 ____D C:\Users\suesarkis\Documents\POLITICAL
2013-11-17 21:18 - 2013-04-23 15:57 - 00000000 ____D C:\Users\suesarkis\Documents\PERSONAL
2013-11-17 10:38 - 2013-11-17 10:38 - 00018543 _____ C:\Users\suesarkis\Downloads\hijackthis.log
2013-11-16 21:15 - 2013-11-16 21:15 - 00178252 _____ C:\Users\suesarkis\Documents\=windows-1252Qrangers_May_be_Spreading_=AB_CBS_DC=2Ehtm=
2013-11-16 17:44 - 2013-05-20 13:48 - 00000000 ____D C:\Users\suesarkis\Documents\JOKES
2013-11-16 12:46 - 2013-09-20 16:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-16 12:11 - 2013-11-16 12:11 - 04434992 _____ (AVG Technologies) C:\Users\suesarkis\Downloads\avg_free_stb_all_2014_4161_affiliate (1).exe
2013-11-16 12:10 - 2013-10-03 16:59 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-16 10:54 - 2013-11-16 10:54 - 00045328 _____ C:\Users\suesarkis\Documents\teewww.nrcc.org-NationalRepublicanCongressionalCommittee.htm
2013-11-15 18:52 - 2013-11-15 18:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 21:04 - 2013-11-14 21:04 - 00039287 _____ C:\Users\suesarkis\Documents\Albertson list.wpd
2013-11-14 20:42 - 2013-11-14 20:42 - 00004150 _____ C:\Users\suesarkis\Documents\Vons List.wpd
2013-11-14 20:38 - 2013-11-14 20:38 - 00047289 _____ C:\Users\suesarkis\Documents\Ralphs current.wpd
2013-11-13 21:30 - 2013-11-13 21:30 - 00056513 _____ C:\Users\suesarkis\Documents\NovemberChargeFail.zip
2013-11-13 21:30 - 2013-11-13 21:30 - 00000000 ____D C:\Users\suesarkis\Documents\NovemberChargeFail
2013-11-12 15:21 - 2013-05-13 18:57 - 00000000 ____D C:\Users\suesarkis\Documents\DATABASES
2013-11-11 15:21 - 2012-10-31 17:39 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2013-11-11 15:21 - 2012-08-03 16:02 - 00000000 ____D C:\SWSetup
2013-11-08 07:55 - 2013-11-08 07:54 - 07109105 _____ C:\Users\suesarkis\Documents\You_Picked_a_Fine_Time.wmv
2013-11-07 21:59 - 2013-10-24 14:07 - 00002058 _____ C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2013-11-05 14:58 - 2013-11-23 08:42 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-05 14:58 - 2013-11-23 08:42 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-04 09:02 - 2013-09-25 11:48 - 01859296 _____ (Coupons.com Incorporated) C:\Users\suesarkis\Downloads\couponprinter.exe
2013-10-31 08:06 - 2013-10-31 08:05 - 01177088 _____ C:\Users\suesarkis\Documents\AFewMoreCritters.pps
2013-10-30 12:12 - 2013-10-30 12:12 - 00026120 _____ C:\Users\suesarkis\Documents\1173823_10200555030254274_1340834328_n
2013-10-29 09:40 - 2013-10-29 09:40 - 00109052 _____ C:\Users\suesarkis\Documents\WONDERFULGRADUATIONMEMORY.zip
2013-10-29 09:40 - 2013-10-29 09:40 - 00000000 ____D C:\Users\suesarkis\Documents\WONDERFULGRADUATIONMEMORY
2013-10-29 08:27 - 2013-10-29 08:04 - 00002985 _____ C:\Users\suesarkis\Documents\Mike -Unless I hear back differently.wpd
2013-10-29 07:21 - 2013-10-29 07:21 - 07371616 _____ C:\Users\suesarkis\Downloads\SCUDownloader.exe
2013-10-28 21:03 - 2013-10-28 21:03 - 00043520 _____ C:\Users\suesarkis\Documents\Mr
2013-10-28 19:55 - 2013-10-28 19:55 - 00043520 _____ C:\Users\suesarkis\Documents\Pirouzians case
2013-10-27 11:40 - 2013-05-02 11:48 - 00061678 _____ C:\Users\suesarkis\AppData\Roaming\PFP110JPR.{PB
2013-10-27 11:40 - 2013-05-02 11:48 - 00012358 _____ C:\Users\suesarkis\AppData\Roaming\PFP110JCM.{PB
2013-10-27 11:26 - 2013-10-27 11:26 - 356947576 _____ C:\Users\suesarkis\Desktop\Backup.reg
2013-10-27 11:00 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-10-26 19:10 - 2013-10-26 19:10 - 00870099 _____ C:\Users\suesarkis\Documents\image001.zip
2013-10-26 19:10 - 2013-10-26 19:10 - 00000000 ____D C:\Users\suesarkis\Documents\image001
2013-10-26 14:23 - 2013-10-04 08:42 - 00000000 ____D C:\ProgramData\Oracle
2013-10-26 14:22 - 2013-10-26 14:22 - 00004154 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-26 14:22 - 2013-10-26 14:15 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-26 14:20 - 2013-10-26 14:14 - 00000000 ____D C:\ProgramData\Real
2013-10-26 14:19 - 2013-10-26 14:19 - 00001264 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2013-10-26 14:19 - 2013-10-26 14:19 - 00000000 ____D C:\Users\suesarkis\AppData\Roaming\RealNetworks
2013-10-26 14:19 - 2013-10-26 14:15 - 00000000 ____D C:\Users\suesarkis\AppData\Roaming\Real
2013-10-26 14:18 - 2013-10-26 14:18 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-10-26 14:18 - 2013-10-26 14:18 - 00000000 ____D C:\ProgramData\RealNetworks
2013-10-26 14:18 - 2013-10-26 14:18 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-10-26 14:18 - 2013-10-26 14:16 - 00000000 ____D C:\Program Files (x86)\Real
2013-10-26 14:17 - 2013-10-26 14:17 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-10-26 14:17 - 2013-10-26 14:17 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-10-26 14:17 - 2013-10-26 14:17 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-10-26 14:12 - 2013-06-01 15:12 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-26 14:12 - 2013-06-01 15:12 - 00000000 ____D C:\Program Files\CCleaner
2013-10-26 14:11 - 2013-10-26 14:11 - 05938856 _____ (ParetoLogic, Inc.) C:\Users\suesarkis\Downloads\RegCureProSetup.exe
2013-10-26 14:05 - 2013-10-26 14:05 - 00773296 _____ (RealNetworks, Inc.) C:\Users\suesarkis\Downloads\RealPlayer-New-Build-0827.exe
2013-10-25 16:54 - 2013-10-25 16:54 - 04379048 _____ (Piriform Ltd) C:\Users\suesarkis\Downloads\ccsetup407.exe
2013-10-25 07:33 - 2013-04-14 12:13 - 00000000 ___RD C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-25 07:31 - 2013-09-21 14:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-25 07:31 - 2013-09-21 14:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-25 07:28 - 2012-07-26 00:12 - 00000000 ___RD C:\Windows\ToastData
 
Some content of TEMP:
====================
C:\Users\suesarkis\AppData\Local\Temp\BackupSetup.exe
C:\Users\suesarkis\AppData\Local\Temp\install.dll
C:\Users\suesarkis\AppData\Local\Temp\nsf600F.exe
C:\Users\suesarkis\AppData\Local\Temp\nsf8760.exe
C:\Users\suesarkis\AppData\Local\Temp\nsl6204.exe
C:\Users\suesarkis\AppData\Local\Temp\nsm89A4.exe
C:\Users\suesarkis\AppData\Local\Temp\nss8CD1.exe
C:\Users\suesarkis\AppData\Local\Temp\nsw63CA.exe
C:\Users\suesarkis\AppData\Local\Temp\progupd.dll
C:\Users\suesarkis\AppData\Local\Temp\{F359D533-CEBE-43E6-82BB-EF08C41134D8}.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-11-18 07:01
 
==================== End Of Log ============================


#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:09 PM

Posted 25 November 2013 - 05:53 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP183A6681-725B-4F77-9CCD-F478577029F9&SSPV=
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP183A6681-725B-4F77-9CCD-F478577029F9&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP183A6681-725B-4F77-9CCD-F478577029F9&q={searchTerms}&SSPV=
HKCU\...\Run: [Copernic Desktop Search - Home] - C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe [1692200 2013-01-28] (Copernic Inc.)
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
Toolbar: HKLM - No Name - {41525333-2D56-3700-76A7-7A786E7484D7} -  No File
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
Toolbar: HKCU - No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} -  No File
FF Homepage: hxxp://search.conduit.com/?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP183A6681-725B-4F77-9CCD-F478577029F9&SSPV=
FF SelectedSearchEngine: Conduit Search
FF NewTab: hxxp://search.conduit.com/?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP183A6681-725B-4F77-9CCD-F478577029F9
FF HKCU\...\Firefox\Extensions: [{57319509-7821-41B0-9FDF-3B58F146AE33}] - c:\program files (x86)\copernic desktop search - home\firefoxconnector
FF Extension: Copernic Desktop Search - Search Firefox content - c:\program files (x86)\copernic desktop search - home\firefoxconnector
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP183A6681-725B-4F77-9CCD-F478577029F9&SSPV=
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP183A6681-725B-4F77-9CCD-F478577029F9&SSPV="]},"translate_blocked_languages":["en"
S2 vToolbarUpdater17.1.3; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [x]
2013-11-24 11:07 - 2013-11-24 14:15 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-11-24 11:07 - 2013-11-24 11:07 - 00001087 _____ C:\Users\suesarkis\Desktop\MyPC Backup.lnk
2013-11-24 11:07 - 2013-11-24 11:07 - 00000000 ____D C:\Users\suesarkis\AppData\Local\SearchProtect
2013-11-24 11:07 - 2013-11-24 11:07 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-11-24 11:07 - 2013-11-24 11:07 - 00000000 ____D C:\Program Files (x86)\DealsCompare
C:\Users\suesarkis\AppData\Local\Temp\BackupSetup.exe
C:\Users\suesarkis\AppData\Local\Temp\install.dll
C:\Users\suesarkis\AppData\Local\Temp\nsf600F.exe
C:\Users\suesarkis\AppData\Local\Temp\nsf8760.exe
C:\Users\suesarkis\AppData\Local\Temp\nsl6204.exe
C:\Users\suesarkis\AppData\Local\Temp\nsm89A4.exe
C:\Users\suesarkis\AppData\Local\Temp\nss8CD1.exe
C:\Users\suesarkis\AppData\Local\Temp\nsw63CA.exe
C:\Users\suesarkis\AppData\Local\Temp\progupd.dll
C:\Users\suesarkis\AppData\Local\Temp\{F359D533-CEBE-43E6-82BB-EF08C41134D8}.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please from within Windows 8
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


Edited by fireman4it, 25 November 2013 - 05:53 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users