Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by Flashplayer_xxx.exe


  • This topic is locked This topic is locked
10 replies to this topic

#1 Mstikes

Mstikes

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 20 February 2014 - 03:41 PM

I've been infected with a Malaware that keeps popping up a window that prompts me to grant access to FlashPlayerupdate.exe to modify my computer. The alert is similar than the one in this pic:
 
310px-Windows_7_UAC.png
 
When I click ''No'' or try to close the window it keeps popping up ! I've scanned my computer with Malaware Bytes and it detects infected files but when I restart the computer the next day the same window pops up again after a few minutes of surfing the web with Iexplorer. I've deleted IE cache, removed temp files with CC cleaner and even did a System restore from Safe Mode to an earlier point but nothing seems to work. I'm on WIndows 7 with IE 11.
 
Do you guys have any idea how to get rid of this ?
 
Here's the results of a couple of my MBytes Removal Logs:
 

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
 
18/02/2014 10:50:53 PM
mbam-log-2014-02-18 (22-50-53).txt
 
Memory Processes Detected: 0 (No malicious items detected)
Memory Modules Detected: 0 (No malicious items detected)
Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0
(No malicious items detected) Registry Data Items Detected: 0
(No malicious items detected) Folders Detected: 0(No malicious items detected)
 
Files Detected: 5
C:\Users\B...\AppData\Local\Temp\UpdateFlashPlayer_5fbef799.exe (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Users\B...\AppData\Local\Temp\UpdateFlashPlayer_dc28c333.exe (Trojan.Zbot.FBD) -> Quarantined and deleted successfully.
C:\Users\B...\Local Settings\tbumwfgx.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\B...\AppData\Local\tbumwfgx.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Security Center Update - 3142730981.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
 
 

 
19/02/2014 9:33:55 PM
 
mbam-log-2014-02-19 (21-33-55).txt
 
 
Memory Processes Detected: 3
C:\Users\B...\AppData\Roaming\Efyvev\cyycty.exe (Trojan.Zbot.FBD) -> 3704 -> Delete on reboot.
C:\Users\B...\AppData\Roaming\Efyvev\cyycty.exe (Trojan.Zbot.FBD) -> 4012 -> Delete on reboot.
C:\Users\B...\AppData\Roaming\Efyvev\cyycty.exe (Trojan.Zbot.FBD) -> 6480 -> Delete on reboot.
 
 
Files Detected: 1
C:\Users\B...\AppData\Roaming\Efyvev\cyycty.exe (Trojan.Zbot.FBD) -> Delete on reboot.

Edited by Mstikes, 20 February 2014 - 04:19 PM.


BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:04 AM

Posted 21 February 2014 - 04:30 AM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 Mstikes

Mstikes
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 21 February 2014 - 01:05 PM

Here are the results from the Scan. It seems to be somekind of infection involving with IExplorer.exe because the same alert keeps being detected by Avast. And I noticed my browsing session is much smoother when I use Chrome. Under IE, I get browsing errors and ''Stop Script''.

Also Avast has detected a threat it can't delete called Boot Cidox [rtk]
 
 

Application errors:
==================
Error: (02/21/2014 00:45:57 PM) (Source: Application Hang) (User: )
Description: The program FRST64.exe version 3.3.10.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1b94
 
Start Time: 01cf2f2c7e292bfc
 
Termination Time: 0
 
Application Path: C:\Users\Blazer\Desktop\FRST64.exe
 
Report Id: f74a742b-9b1f-11e3-9285-984be1c0a2ac
 
Error: (02/21/2014 11:50:48 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 11.0.9600.16518 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 19f4
 
Start Time: 01cf2f22ab701d3b
 
Termination Time: 20
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id: 47d864a5-9b18-11e3-9285-984be1c0a2ac
 
Error: (02/21/2014 11:47:08 AM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.16518 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 6d4
 
Start Time: 01cf2f2468b14ae0
 
Termination Time: 70
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (02/21/2014 11:46:03 AM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.16518 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 7e4
 
Start Time: 01cf2f24519da852
 
Termination Time: 60
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (02/20/2014 10:02:43 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c92c
Exception code: 0xc0000005
Fault offset: 0x000000000002f177
Faulting process id: 0xb3c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (02/20/2014 09:55:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000008
Fault offset: 0x00000000000cd7e8
Faulting process id: 0x52c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (02/20/2014 04:06:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Exception code: 0xc000041d
Fault offset: 0x00000000000587ba
Faulting process id: 0x8e4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (02/20/2014 09:32:32 AM) (Source: Application Error) (User: )
Description: Faulting application name: nfnkmien.exe, version: 0.0.0.0, time stamp: 0x52d18d45
Faulting module name: nfnkmien.exe, version: 0.0.0.0, time stamp: 0x52d18d45
Exception code: 0xc0000005
Fault offset: 0x00001063
Faulting process id: 0x1180
Faulting application start time: 0xnfnkmien.exe0
Faulting application path: nfnkmien.exe1
Faulting module path: nfnkmien.exe2
Report Id: nfnkmien.exe3
 
Error: (02/19/2014 07:17:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16518, time stamp: 0x52f347b2
Faulting module name: Flash32_12_0_0_44.ocx, version: 12.0.0.44, time stamp: 0x52e70c6e
Exception code: 0xc0000005
Fault offset: 0x0012618a
Faulting process id: 0xaa0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (02/19/2014 07:16:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16518, time stamp: 0x52f347b2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x20296425
Faulting process id: 0x1ce4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
 
System errors:
=============
Error: (02/21/2014 10:56:20 AM) (Source: Service Control Manager) (User: )
Description: The HP Health Check Service service failed to start due to the following error: 
%%1053
 
Error: (02/21/2014 10:56:20 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
 
Error: (02/21/2014 00:30:21 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (02/21/2014 00:17:14 AM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error: 
%%1053
 
Error: (02/21/2014 00:17:14 AM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error: 
%%1053
 
Error: (02/21/2014 00:17:14 AM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Identity Manager service failed to start due to the following error: 
%%1053
 
Error: (02/21/2014 00:17:14 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Peer Networking Identity Manager service to connect.
 
Error: (02/21/2014 00:14:53 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
 
Error: (02/20/2014 11:56:15 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (02/20/2014 11:56:00 PM) (Source: DCOM) (User: )
Description: {60A90A2F-858D-42AF-8929-82BE9D99E8A1}
 
 
Microsoft Office Sessions:
=========================
Error: (02/21/2014 00:45:57 PM) (Source: Application Hang)(User: )
Description: FRST64.exe3.3.10.21b9401cf2f2c7e292bfc0C:\Users\Blazer\Desktop\FRST64.exef74a742b-9b1f-11e3-9285-984be1c0a2ac
 
Error: (02/21/2014 11:50:48 AM) (Source: Application Hang)(User: )
Description: iexplore.exe11.0.9600.1651819f401cf2f22ab701d3b20C:\Program Files\Internet Explorer\iexplore.exe47d864a5-9b18-11e3-9285-984be1c0a2ac
 
Error: (02/21/2014 11:47:08 AM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE11.0.9600.165186d401cf2f2468b14ae070C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Error: (02/21/2014 11:46:03 AM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE11.0.9600.165187e401cf2f24519da85260C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Error: (02/20/2014 10:02:43 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ole32.dll6.1.7601.175144ce7c92cc0000005000000000002f177b3c01cf2eb072546aafC:\Windows\Explorer.EXEC:\Windows\system32\ole32.dlla10f2616-9aa4-11e3-bdb3-984be1c0a2ac
 
Error: (02/20/2014 09:55:06 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c000000800000000000cd7e852c01cf2eab3df62e94C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll8fd9698f-9aa3-11e3-bdb3-984be1c0a2ac
 
Error: (02/20/2014 04:06:24 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4Explorer.EXE6.1.7601.175674d672ee4c000041d00000000000587ba8e401cf2e6fa74623d4C:\Windows\Explorer.EXEC:\Windows\Explorer.EXEda569aa7-9a72-11e3-967f-984be1c0a2ac
 
Error: (02/20/2014 09:32:32 AM) (Source: Application Error)(User: )
Description: nfnkmien.exe0.0.0.052d18d45nfnkmien.exe0.0.0.052d18d45c000000500001063118001cf2e48938cb753C:\Users\Blazer\AppData\Local\nfnkmien.exeC:\Users\Blazer\AppData\Local\nfnkmien.exed4a97f3f-9a3b-11e3-a337-984be1c0a2ac
 
Error: (02/19/2014 07:17:03 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1651852f347b2Flash32_12_0_0_44.ocx12.0.0.4452e70c6ec00000050012618aaa001cf2dcfd842e6a3C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\Macromed\Flash\Flash32_12_0_0_44.ocx525ea8ab-99c4-11e3-be40-984be1c0a2ac
 
Error: (02/19/2014 07:16:38 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1651852f347b2unknown0.0.0.000000000c0000005202964251ce401cf2dd0ecac5318C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown4390a4b9-99c4-11e3-be40-984be1c0a2ac
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 64%
Total physical RAM: 3893.86 MB
Available physical RAM: 1363.15 MB
Total Pagefile: 7787.72 MB
Available Pagefile: 5002.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:446.97 GB) (Free:16.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:18.49 GB) (Free:2.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 6642F8C4)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End Of Log ============================
 
 


Edited by Mstikes, 21 February 2014 - 01:26 PM.


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:04 AM

Posted 22 February 2014 - 01:48 PM

Hello,

the log you've posted is incomplete. You should have got two log files (FRST.txt and Addition.txt). Please post them again.
And in addition also run this scan:


Please download TDSSKiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.


#5 Mstikes

Mstikes
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 22 February 2014 - 04:56 PM

Here are the FRST scan logs...For now the errors and crashes appear only if I start IExplorer 11 so for now I'm using Chrome only
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-02-2014
 
==================== Security Center ========================
 
AV: Lavasoft Ad-Watch Live! Anti-Virus (Enabled - Up to date) {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spyware Doctor (Disabled - Up to date) {94076BB2-F3DA-227F-9A1E-F060FF73600F}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Lavasoft Ad-Watch Live! (Enabled - Up to date) {24938260-56EE-C1E5-047B-DC2BDD234BAB}
 
==================== Installed Programs ======================
 
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Ad-Aware (x32 Version: 9.0.1 - Lavasoft Limited)
Adobe Reader XI (11.0.06) - Français (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.8.612 - Adobe Systems, Inc)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (x32 Version: 1.4.1 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.1.116 - Apple Inc.)
avast! Pro Antivirus (x32 Version: 9.0.2013 - Avast Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (x32 Version: 7.3.124.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (x32 Version: 2.0.5350 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Browser Defender 3.0 (x32 Version: 3.0.0.300 - Threat Expert Ltd.)
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (Version: 3.06 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
CyberLink DVD Suite (x32 Version: 7.0.3320 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.3320 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (x32 Version: 9.0.1.4604 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.1.4604 - CyberLink Corp.) Hidden
CyberLink YouCam (x32 Version: 3.2.3321 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.2.3321 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
EA SPORTS Game Face Browser Plugin 1.5.3.0 (HKCU Version: 1.5.3.0 - Electronic Arts)
Energy Star Digital Logo (x32 Version: 1.0.1 - Hewlett-Packard)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESU for Microsoft Windows 7 (x32 Version: 1.0.0 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKCU Version: 32.0.1700.107 - Google Inc.)
Google Drive (x32 Version: 1.14.6059.644 - Google, Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.0.12656.3472 - Hewlett-Packard) Hidden
HP CloudDrive (x32 Version:  - Zecter Inc.)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (x32 Version: 1.4.0.0 - Hewlett-Packard)
HP Game Console (x32 Version:  - WildTangent) Hidden
HP Games (x32 Version: 1.0.1.5 - WildTangent)
HP Power Manager (x32 Version: 1.1.2 - Hewlett-Packard Company)
HP Quick Launch (x32 Version: 2.2.7 - Hewlett-Packard Company)
HP Setup (x32 Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Setup Manager (x32 Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP Software Framework (x32 Version: 4.0.70.1 - Hewlett-Packard Company)
HP Support Assistant (x32 Version: 5.1.8.12 - Hewlett-Packard Company)
HP Wireless Assistant (Version: 4.0.10.0 - Hewlett-Packard Company)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
HyperCam 2 (x32 Version: 2.24.01 - Hyperionics Technology LLC)
HyperCam Toolbar (x32 Version:  - )
Intel® Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (x32 Version: 8.15.10.2086 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (x32 Version: 9.6.2.1001 - Intel Corporation)
Java 7 Update 11 (64-bit) (Version: 7.0.110 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 21 (64-bit) (Version: 6.0.210 - Oracle)
Java™ 6 Update 37 (x32 Version: 6.0.370 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 9.9.5 (x32 Version: 9.9.5 - )
LabelPrint (x32 Version: 2.5.3220 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3220 - CyberLink Corp.) Hidden
LightScribe System Software (x32 Version: 1.18.18.1 - LightScribe)
Logitech SetPoint 6.61 (Version: 6.61.15 - Logitech)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Norton Online Backup (x32 Version: 2.1.17869 - Symantec Corporation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
PictureMover (x32 Version: 3.5.0.33 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (x32 Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (x32 Version: 6.1.4419 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4419 - CyberLink Corp.) Hidden
PowerDirector (x32 Version: 8.0.3320 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3320 - CyberLink Corp.) Hidden
QuickTime (x32 Version: 7.69.80.9 - Apple Inc.)
Ralink RT5390 802.11b/g/n WiFi Adapter (x32 Version: 3.1.11.0 - Ralink)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (x32 Version:  - RealNetworks)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6206 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30120 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.3223 - CyberLink Corp.) Hidden
Remote Mouse version 1.50 (x32 Version: 1.50 - Remote Mouse)
RtVOsd (Version: 1.0.6 - Realtek Semiconductor Corp.)
Skype Click to Call (x32 Version: 7.0.14735.1561 - Microsoft Corporation)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
SopCast 3.3.2 (x32 Version: 3.3.2 - www.sopcast.com)
SpyHunter (Version: 4.5.7.3531 - Enigma Software Group USA, LLC)
Spyware Doctor 8.0 (x32 Version: 8.0 - PC Tools)
Square Enix Secure Launcher (HKCU Version: 1.0.0.106 - Square Enix)
StreamTorrent 1.0 (x32 Version:  - )
Synaptics Pointing Device Driver (Version: 15.1.6.64 - Synaptics Incorporated)
Unity Web Player (HKCU Version:  - Unity Technologies ApS)
Veetle TV 0.9.18 (x32 Version: 0.9.18 - Veetle, Inc)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.00 (64-bit) (Version: 4.00.0 - win.rar GmbH)
World Cup Cricket 20-20 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Xvid Video Codec (x32 Version: 1.3.2 - Xvid Team)
XYplorer 11.90 (x32 Version: 11.90 - Donald Lessau)
Yahoo! Software Update (x32 Version:  - )
Yahoo! Toolbar (x32 Version:  - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Restore Points  =========================
 
20-02-2014 19:16:33 Windows Update
21-02-2014 04:19:40 avast! antivirus system restore point
21-02-2014 04:31:31 avast! antivirus system restore point
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {115A3938-D080-4AAC-AE4D-9FA168AB4D05} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-21] (Google Inc.)
Task: {1664B45A-4005-494D-9AD9-C876CC8843F4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3465161066-3672477318-4282566715-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-11-29] (RealNetworks, Inc.)
Task: {21DFE400-9DC0-4524-B525-E3638ED16BD2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-21] (Google Inc.)
Task: {5AD462BE-18E8-460C-8530-F5466A7BB65F} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe
Task: {6297C393-350F-4794-9931-B36E877A96E3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-20] (AVAST Software)
Task: {6BA8B3BE-75B9-4BA4-B62A-94D316FDF9DF} - System32\Tasks\HPCeeScheduleForBLAZER-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {76CEA9CE-4636-4D7F-862A-CEBC77A62429} - System32\Tasks\Dealply => C:\Users\Blazer\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {95890FCA-CD0F-4812-8465-EE6E2F1E23A5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-17] (Hewlett-Packard Company)
Task: {AA03D43D-781C-4990-8F05-9F71B55475EB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe
Task: {B8A8E210-D457-4715-ADBB-560B92C742EC} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3465161066-3672477318-4282566715-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-11-29] (RealNetworks, Inc.)
Task: {BD3F47A5-804D-432B-B40D-E1F19B8DB45A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3465161066-3672477318-4282566715-1001Core => C:\Users\Blazer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-26] (Google Inc.)
Task: {C7FC9BF1-1A84-4958-BFBB-D5D90115DBE8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3465161066-3672477318-4282566715-1001UA => C:\Users\Blazer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-26] (Google Inc.)
Task: {D3ECE0D2-F9CE-409A-90BB-4E45B4C567D5} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-09-27] ()
Task: {E1EDA332-5A95-4A44-8BE3-ADF95F15AE93} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-09-29] (CyberLink)
Task: {FC1544AF-DE71-4F83-B0FC-8D0B68A3E8CD} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\Blazer\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3465161066-3672477318-4282566715-1001Core.job => C:\Users\Blazer\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3465161066-3672477318-4282566715-1001UA.job => C:\Users\Blazer\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBLAZER-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-07-21 16:33 - 2010-07-21 16:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2010-07-21 16:33 - 2010-07-21 16:33 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-07-21 16:33 - 2010-07-21 16:33 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2014-02-21 12:12 - 2014-02-19 10:30 - 07620312 _____ () C:\Users\Blazer\AppData\Local\Google\Update\Install\{11DFB7FC-BBD2-4091-8C31-83E71BAF165C}\33.0.1750.117_32.0.1700.107_chrome_updater.exe
2014-02-21 10:57 - 2014-02-21 03:33 - 02181120 _____ () C:\Program Files\AVAST Software\Avast\defs\14022100\algo.dll
2011-04-29 14:11 - 2011-06-28 06:19 - 00589184 _____ () C:\Program Files (x86)\Lavasoft\Ad-Aware\RPAPI.dll
2011-04-29 14:11 - 2011-06-28 06:19 - 00430568 _____ () C:\Program Files (x86)\Lavasoft\Ad-Aware\viprebridge.dll
2011-04-29 14:11 - 2011-06-16 10:32 - 00308560 _____ () C:\Program Files (x86)\Lavasoft\Ad-Aware\Vipre.dll
2011-05-01 19:13 - 2011-09-20 09:06 - 00210288 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
2011-05-01 19:13 - 2011-09-20 09:06 - 00193904 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
2011-05-01 19:13 - 2011-06-07 04:44 - 00508776 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\thorax.aaw
2010-08-16 16:21 - 2010-08-16 16:21 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-08-16 16:21 - 2010-08-16 16:21 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-08-16 16:21 - 2010-08-16 16:21 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-02-20 23:36 - 2014-02-20 23:36 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-04 20:08 - 2014-02-01 18:41 - 00715592 _____ () C:\Users\Blazer\AppData\Local\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-04 20:08 - 2014-02-01 18:41 - 00100168 _____ () C:\Users\Blazer\AppData\Local\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-04 20:08 - 2014-02-01 18:42 - 04055368 _____ () C:\Users\Blazer\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-04 20:08 - 2014-02-01 18:42 - 00399688 _____ () C:\Users\Blazer\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-04 20:08 - 2014-02-01 18:41 - 01634632 _____ () C:\Users\Blazer\AppData\Local\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:430C6D84
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/21/2014 00:45:57 PM) (Source: Application Hang) (User: )
Description: The program FRST64.exe version 3.3.10.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1b94
 
Start Time: 01cf2f2c7e292bfc
 
Termination Time: 0
 
Application Path: C:\Users\Blazer\Desktop\FRST64.exe
 
Report Id: f74a742b-9b1f-11e3-9285-984be1c0a2ac
 
Error: (02/21/2014 11:50:48 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 11.0.9600.16518 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 19f4
 
Start Time: 01cf2f22ab701d3b
 
Termination Time: 20
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id: 47d864a5-9b18-11e3-9285-984be1c0a2ac
 
Error: (02/21/2014 11:47:08 AM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.16518 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 6d4
 
Start Time: 01cf2f2468b14ae0
 
Termination Time: 70
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (02/21/2014 11:46:03 AM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.16518 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 7e4
 
Start Time: 01cf2f24519da852
 
Termination Time: 60
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (02/20/2014 10:02:43 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c92c
Exception code: 0xc0000005
Fault offset: 0x000000000002f177
Faulting process id: 0xb3c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (02/20/2014 09:55:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000008
Fault offset: 0x00000000000cd7e8
Faulting process id: 0x52c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (02/20/2014 04:06:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Exception code: 0xc000041d
Fault offset: 0x00000000000587ba
Faulting process id: 0x8e4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (02/20/2014 09:32:32 AM) (Source: Application Error) (User: )
Description: Faulting application name: nfnkmien.exe, version: 0.0.0.0, time stamp: 0x52d18d45
Faulting module name: nfnkmien.exe, version: 0.0.0.0, time stamp: 0x52d18d45
Exception code: 0xc0000005
Fault offset: 0x00001063
Faulting process id: 0x1180
Faulting application start time: 0xnfnkmien.exe0
Faulting application path: nfnkmien.exe1
Faulting module path: nfnkmien.exe2
Report Id: nfnkmien.exe3
 
Error: (02/19/2014 07:17:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16518, time stamp: 0x52f347b2
Faulting module name: Flash32_12_0_0_44.ocx, version: 12.0.0.44, time stamp: 0x52e70c6e
Exception code: 0xc0000005
Fault offset: 0x0012618a
Faulting process id: 0xaa0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (02/19/2014 07:16:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16518, time stamp: 0x52f347b2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x20296425
Faulting process id: 0x1ce4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
 
System errors:
=============
Error: (02/21/2014 10:56:20 AM) (Source: Service Control Manager) (User: )
Description: The HP Health Check Service service failed to start due to the following error: 
%%1053
 
Error: (02/21/2014 10:56:20 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
 
Error: (02/21/2014 00:30:21 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (02/21/2014 00:17:14 AM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error: 
%%1053
 
Error: (02/21/2014 00:17:14 AM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error: 
%%1053
 
Error: (02/21/2014 00:17:14 AM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Identity Manager service failed to start due to the following error: 
%%1053
 
Error: (02/21/2014 00:17:14 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Peer Networking Identity Manager service to connect.
 
Error: (02/21/2014 00:14:53 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
 
Error: (02/20/2014 11:56:15 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (02/20/2014 11:56:00 PM) (Source: DCOM) (User: )
Description: {60A90A2F-858D-42AF-8929-82BE9D99E8A1}
 
 
Microsoft Office Sessions:
=========================
Error: (02/21/2014 00:45:57 PM) (Source: Application Hang)(User: )
Description: FRST64.exe3.3.10.21b9401cf2f2c7e292bfc0C:\Users\Blazer\Desktop\FRST64.exef74a742b-9b1f-11e3-9285-984be1c0a2ac
 
Error: (02/21/2014 11:50:48 AM) (Source: Application Hang)(User: )
Description: iexplore.exe11.0.9600.1651819f401cf2f22ab701d3b20C:\Program Files\Internet Explorer\iexplore.exe47d864a5-9b18-11e3-9285-984be1c0a2ac
 
Error: (02/21/2014 11:47:08 AM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE11.0.9600.165186d401cf2f2468b14ae070C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Error: (02/21/2014 11:46:03 AM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE11.0.9600.165187e401cf2f24519da85260C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Error: (02/20/2014 10:02:43 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ole32.dll6.1.7601.175144ce7c92cc0000005000000000002f177b3c01cf2eb072546aafC:\Windows\Explorer.EXEC:\Windows\system32\ole32.dlla10f2616-9aa4-11e3-bdb3-984be1c0a2ac
 
Error: (02/20/2014 09:55:06 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c000000800000000000cd7e852c01cf2eab3df62e94C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll8fd9698f-9aa3-11e3-bdb3-984be1c0a2ac
 
Error: (02/20/2014 04:06:24 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4Explorer.EXE6.1.7601.175674d672ee4c000041d00000000000587ba8e401cf2e6fa74623d4C:\Windows\Explorer.EXEC:\Windows\Explorer.EXEda569aa7-9a72-11e3-967f-984be1c0a2ac
 
Error: (02/20/2014 09:32:32 AM) (Source: Application Error)(User: )
Description: nfnkmien.exe0.0.0.052d18d45nfnkmien.exe0.0.0.052d18d45c000000500001063118001cf2e48938cb753C:\Users\Blazer\AppData\Local\nfnkmien.exeC:\Users\Blazer\AppData\Local\nfnkmien.exed4a97f3f-9a3b-11e3-a337-984be1c0a2ac
 
Error: (02/19/2014 07:17:03 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1651852f347b2Flash32_12_0_0_44.ocx12.0.0.4452e70c6ec00000050012618aaa001cf2dcfd842e6a3C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\Macromed\Flash\Flash32_12_0_0_44.ocx525ea8ab-99c4-11e3-be40-984be1c0a2ac
 
Error: (02/19/2014 07:16:38 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1651852f347b2unknown0.0.0.000000000c0000005202964251ce401cf2dd0ecac5318C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown4390a4b9-99c4-11e3-be40-984be1c0a2ac
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 64%
Total physical RAM: 3893.86 MB
Available physical RAM: 1363.15 MB
Total Pagefile: 7787.72 MB
Available Pagefile: 5002.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:446.97 GB) (Free:16.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:18.49 GB) (Free:2.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 6642F8C4)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
__________________________________________________________________________________________________
 
 
bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Threat Expert Ltd.) C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Threat Expert Ltd.) C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe
() C:\Users\Blazer\AppData\Local\Google\Update\Install\{11DFB7FC-BBD2-4091-8C31-83E71BAF165C}\33.0.1750.117_32.0.1700.107_chrome_updater.exe
(Google Inc.) C:\Users\Blazer\AppData\Local\Temp\CR_0D923.tmp\setup.exe
(Google Inc.) C:\Users\Blazer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Blazer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Blazer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Blazer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Blazer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Blazer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Blazer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Blazer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Blazer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Blazer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Blazer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Blazer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Blazer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Blazer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Blazer\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2010-09-21] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [584760 2010-09-28] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PCTools FGuard] - C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe [108496 2011-01-07] (Threat Expert Ltd.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296056 2012-01-16] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-20] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-19] (Microsoft Corporation)
HKU\S-1-5-21-3465161066-3672477318-4282566715-1001\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company)
HKU\S-1-5-21-3465161066-3672477318-4282566715-1001\...\Run: [Xvid] - C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-3465161066-3672477318-4282566715-1001\...\Run: [Google Update] - C:\Users\Blazer\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-04-26] (Google Inc.)
HKU\S-1-5-21-3465161066-3672477318-4282566715-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3465161066-3672477318-4282566715-1001\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-04-21] (Google Inc.)
HKU\S-1-5-21-3465161066-3672477318-4282566715-1001\...\MountPoints2: {70530fca-6c2b-11e0-95d3-984be1c0a2ac} - F:\HPLauncher.exe
HKU\S-1-5-21-3465161066-3672477318-4282566715-1001\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3465161066-3672477318-428256671
 
______________________________________________________________________________________________________
 
1.196:8090
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
URLSearchHook: HKCU - PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/706-111074-26712-0/4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {9CEFAE34-32CA-4314-905D-FFE8771A9965} URL = http://startsear.ch/?aff=1&src=sp&cf=c33faa65-08b4-11e1-985b-984be1c0a2ac&q={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/706-111074-26712-0/4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKCU - {AC129BF9-68BF-4bc4-A1DC-ECB62712FF99} URL = http://search.kikin.com/search/?q={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/706-111074-26712-0/4?satitle={searchTerms}&mfe=Notebooks
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ALOT Toolbar Helper - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files (x86)\alot\bin\BHO\alotBHO.dll (Vertro)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: PC Tools Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files (x86)\alot\bin\alot.dll (Vertro)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 17 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9-x64 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [449496] (PC Tools Research Pty Ltd.)
Winsock: Catalog9-x64 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [449496] (PC Tools Research Pty Ltd.)
Winsock: Catalog9-x64 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [449496] (PC Tools Research Pty Ltd.)
Winsock: Catalog9-x64 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [449496] (PC Tools Research Pty Ltd.)
Winsock: Catalog9-x64 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [449496] (PC Tools Research Pty Ltd.)
Winsock: Catalog9-x64 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [449496] (PC Tools Research Pty Ltd.)
Winsock: Catalog9-x64 17 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [449496] (PC Tools Research Pty Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
Chrome: 
=======
CHR HomePage: hxxp://google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Blazer\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Blazer\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Blazer\AppData\Local\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (TelevisionFanatic Installer Plugin Stub) - C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll (TelevisionFanatic)
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Unity Player) - C:\Users\Blazer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Game Face Plugin) - C:\Users\Blazer\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll No File
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2012-08-04]
CHR Extension: (ESPN Radio 710 Los Angeles) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amejdobfhnobkodkdkgacjomfidkhimi [2013-09-14]
CHR Extension: (Bookmarks list from context menu) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkcifdimicnaigofdfmpdiippchcegp [2012-05-23]
CHR Extension: (Google Docs) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-14]
CHR Extension: (Google Drive) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-07-12]
CHR Extension: (NHL.com™) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\baopcahoihofeemhccilmnjmmakanfpa [2013-09-14]
CHR Extension: (iCloud) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjhodfififgcgedifpkenofdhlaafokk [2013-05-30]
CHR Extension: (YouTube) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-21]
CHR Extension: (Facebook) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2012-10-29]
CHR Extension: (Download FB Album mod) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjnhhjpfcdhbhlcmmjppicjmgfkppok [2013-05-29]
CHR Extension: (NFL.com™) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cikplmfaaedjcghgjnoldekgcmebpmkj [2013-09-14]
CHR Extension: (Google Search) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-21]
CHR Extension: (Google News) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2012-10-17]
CHR Extension: (Google+) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2012-10-29]
CHR Extension: (ESPN) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjnmljhhgladbahmmaigjjolibeafdc [2012-07-12]
CHR Extension: (Twitter ) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\epeocalkhefgmfkfddklifoomcfjemdk [2012-05-22]
CHR Extension: (Google Finance) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp [2012-12-26]
CHR Extension: (CNET RSS Feed Reader) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpefgccpnhdpichdlnibmakopclflloo [2012-10-17]
CHR Extension: (LockerPulse) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilnpgomgjbahckkbkjkdoaakmjohlnj [2012-10-17]
CHR Extension: (Hola Better Internet) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2013-08-11]
CHR Extension: (avast! Online Security) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-20]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2012-06-22]
CHR Extension: (VoiceNote - speech to text.) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfknjgplnkgjihghcidajejfmldhibfm [2012-12-10]
CHR Extension: (Voice Search) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfkcobomkalfdlmkongnhnhahkmnaad [2012-11-01]
CHR Extension: (Google Keep) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2013-09-14]
CHR Extension: (Crackle) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2013-07-12]
CHR Extension: (Search Instagram - FindGram) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibokieldaedafeobljabgoccppilebki [2012-10-30]
CHR Extension: (Google Play Music) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2013-09-14]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2013-05-01]
CHR Extension: (WeatherBug (Legacy App)) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak [2013-09-14]
CHR Extension: (Are You Watching This?! Sports) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihnicgbfaikpklojpccmikdmjngflehc [2012-10-07]
CHR Extension: (MLB.com™) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\inabhnkdljljphcppihgclfbfppbjbmd [2013-09-14]
CHR Extension: (Dropbox) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2012-12-26]
CHR Extension: (Eurosport.com) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfckibmjhbkjhjplimmnlnmgienindde [2012-07-12]
CHR Extension: (Google Play) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2013-05-01]
CHR Extension: (Evernote Web) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2012-11-22]
CHR Extension: (Skype Click to Call) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-01-11]
CHR Extension: (Google Maps) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2012-11-22]
CHR Extension: (Google Mail Checker) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2012-05-23]
CHR Extension: (Exfm) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mleeljpaahmfjalppocodgakabmgekim [2013-09-13]
CHR Extension: (Jolidrive) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfakdllpdfjjbfommlcnfkedmbigkfdo [2013-09-14]
CHR Extension: (SkyDrive) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2013-10-02]
CHR Extension: (Search Instagram) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpekjgmpkfjblmnaelennkeanoocmil [2013-07-12]
CHR Extension: (Pocket (formerly Read It Later)) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-11-26]
CHR Extension: (TwitGrids.com - Twitter Trends) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkcoacgepapejajcjcjhmaegmbdhclj [2012-06-22]
CHR Extension: (Google Wallet) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (Live Online TV 24/7) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdlhfeockcidgemjbccenihbmiadbnm [2012-10-17]
CHR Extension: (Twitter Trends) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocelbaicmmmaaakmpgfoealfmjmeegal [2012-06-22]
CHR Extension: (Any.do) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocgddccilgpeepgglnlpchkpgamkgmld [2013-09-14]
CHR Extension: (NetStagram) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojclphfkljfgdbggobfllbnochlnlhei [2012-05-22]
CHR Extension: (Picasa) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2012-07-12]
CHR Extension: (Instagram for Chrome) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2012-10-29]
CHR Extension: (Outlook.com) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2013-10-02]
CHR Extension: (World Clocks) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjgoijhajhaahklokegbfnohialajpej [2012-05-22]
CHR Extension: (Gmail) - C:\Users\Blazer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-21]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-02-20]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]
 
==================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-20] (AVAST Software)
R2 Browser Defender Update Service; C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [247760 2011-01-07] (Threat Expert Ltd.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
R2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2152152 2011-09-02] (Lavasoft Limited)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 sdAuxService; C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [366840 2010-03-15] (PC Tools)
S3 sdCoreService; C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [1150936 2010-11-19] (PC Tools)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [985504 2011-04-22] (Enigma Software Group USA, LLC.)
 
==================== Drivers (Whitelisted) ====================
 
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-02-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-02-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-02-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-20] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-02-20] ()
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 HP8207_8307; C:\Windows\System32\DRIVERS\HP8207_8307.sys [15360 2010-02-05] (Windows ® Win 7 DDK provider)
R3 Lavasoft Kernexplorer; C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-05-01] ()
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-04-29] (Lavasoft AB)
R0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [257232 2010-12-10] (PC Tools)
R0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [452872 2010-06-29] (PC Tools)
R0 pctEFA; C:\Windows\System32\drivers\pctEFA64.sys [816016 2010-07-16] (PC Tools)
 
==================== NetSvcs (Whitelisted) ===================
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-29 16:52
 

 



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:04 AM

Posted 23 February 2014 - 08:53 AM

Please also run a scan with TDSSKiller:


Please download TDSSKiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.


#7 Mstikes

Mstikes
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 23 February 2014 - 02:12 PM

I tried to run TDSSKiller but it crashed windows with a blue screen 2 times. For now I'm using Chrome and staying away from Explorer and my computer is running smooth.



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:04 AM

Posted 23 February 2014 - 02:55 PM

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"

Edited by aharonov, 23 February 2014 - 02:55 PM.


#9 Mstikes

Mstikes
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 23 February 2014 - 06:07 PM

Ok thanks for the help aharonov but I have the threat under control for now and I'll let you know if something comes up in the future.

#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:04 AM

Posted 24 February 2014 - 03:44 AM

I'm not so sure these threats can be held "under control". You've caught some pretty nasty infections and they are either in or out, there is no grey area in between. As long as they are running they are in full control. Don't let a smoothly running Chrome give you a false sense of security.



#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:04 AM

Posted 12 March 2014 - 12:01 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users