Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DDS scan results


  • This topic is locked This topic is locked
15 replies to this topic

#1 detekk

detekk

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Location:NJ
  • Local time:07:31 AM

Posted 15 July 2014 - 12:42 PM

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16561
Run by Ian at 13:10:16 on 2014-07-15
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1012.116 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\system32\PSIService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\schtasks.exe
C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast5\avastui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Kitco\Kcast\Kcast.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Ian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
C:\Users\Ian\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Ian\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: SnapFlash Class: {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - c:\program files\common files\justdo\Jd2002.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [KITCO] c:\program files\kitco\kcast\Kcast
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\ian\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Spotify Web Helper] "c:\users\ian\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [HLBackupScheduler] c:\program files\backup assistant plus\V CAST Backup Scheduler.exe
uRun: [Amazon Cloud Player] "c:\users\ian\appdata\local\amazon cloud player\Amazon Music Helper.exe"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [QuickFinder Scheduler] "c:\program files\wordperfect office x3\programs\QFSCHD130.EXE"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe" -delete
mRun: [AvastUI.exe] "c:\program files\alwil software\avast5\AvastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\ian\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\ian\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta
IE: Save Flash with Flash Catcher - c:\program files\common files\justdo\IECatcher.DLL/FlashCatcher.htm
IE: {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - c:\program files\common files\justdo\IECatcher.DLL/FlashCatcher.htm
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\added programs\partypokernet\RunPF.exe
TCP: NameServer = 192.168.119.1
TCP: Interfaces\{2AF9DBE1-0491-4B57-880E-BD40A938D4EF} : DHCPNameServer = 192.168.119.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-5 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-5 180632]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2011-3-8 777488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2010-3-17 411680]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-1 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-3-17 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-17 50344]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2011-9-28 28256]
R3 HSXHWBS3;HSXHWBS3;c:\windows\system32\drivers\HSXHWBS3.sys [2008-4-4 206336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 TDDI;Tddi;c:\windows\system32\drivers\tddi.sys [2012-10-24 31848]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2011-9-28 28256]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-12-3 20352]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-4-1 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-1-25 9472]
.
=============== Created Last 30 ================
.
2014-07-15 14:22:02 8217224 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a0bdb9b0-704e-4a3a-a285-20ad957013c3}\mpengine.dll
2014-07-14 18:02:08 -------- d-----w- c:\program files\ESET
2014-07-14 17:46:00 -------- d-----w- c:\windows\ERUNT
2014-07-14 16:23:12 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-14 16:16:04 -------- d-----w- C:\AdwCleaner
2014-07-09 13:25:48 937472 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2014-07-09 13:25:47 983552 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2014-07-09 13:25:47 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
2014-07-09 13:25:46 965120 ----a-w- c:\program files\windows journal\JNWDRV.dll
2014-07-09 13:25:41 1305088 ----a-w- c:\program files\common files\microsoft shared\ink\tipskins.dll
2014-07-09 13:25:40 2051072 ----a-w- c:\windows\system32\win32k.sys
2014-07-09 13:25:40 149504 ----a-w- c:\program files\common files\microsoft shared\ink\tabskb.dll
2014-07-09 13:25:39 114688 ----a-w- c:\program files\common files\microsoft shared\ink\TipBand.dll
2014-07-09 13:25:37 506880 ----a-w- c:\windows\system32\qedit.dll
.
==================== Find3M  ====================
.
2014-07-07 13:45:18 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2014-06-06 23:12:01 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-06-06 23:03:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-06 23:02:16 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-06-06 22:57:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-06 22:56:20 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-06-06 22:52:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-06 22:51:59 11776 ----a-w- c:\windows\system32\mshta.exe
2014-05-30 06:53:22 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-15 13:22:10 777488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-01 17:51:21 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-05-01 17:51:20 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1400160122524
2014-05-01 17:51:19 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-01 17:51:19 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys.1400160122524
2014-05-01 17:51:19 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-01 17:51:19 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-05-01 17:51:18 43152 ----a-w- c:\windows\avastSS.scr
2014-04-26 16:01:22 502784 ----a-w- c:\windows\system32\usp10.dll
.
============= FINISH: 13:14:23.68 ===============

Edited by Queen-Evie, 15 July 2014 - 12:59 PM.
moved from AII to Malware Removal Logs. DDS logs are allowed only in MRL Posted log at the request of boopme here http://www.bleepingcomputer.com/forums/t/540892/very-slow-lagging-and-spigot-search-protection-detected-but-cant-remove/


BC AdBot (Login to Remove)

 


#2 detekk

detekk
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Location:NJ
  • Local time:07:31 AM

Posted 17 July 2014 - 10:27 AM

I guess I forgot to put the issues I'm having in the topic or description : \

After running several tests and reports I'm still having slow, lagging and crashing issues. Oftentimes it's a Flash problem or the webpage will crash.

I initially saw a result from avast! that said "Spigot Search Protection" was installed and should be removed. I've attempted to remove it but after restarting it would appear again. There's been no sign of it since, but as I said, still slow.. still lagging.. still crashing.

Thank you for the help!



#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:31 AM

Posted 17 July 2014 - 12:41 PM

Hello and welcome to bleeping computer

 

please run the following:

 




Please download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.

  • Press Scan button.

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#4 detekk

detekk
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Location:NJ
  • Local time:07:31 AM

Posted 17 July 2014 - 01:32 PM

Thank you! Here are the two results from the FRST Scan:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by Ian (administrator) on IAN-PC on 17-07-2014 14:23:52
Running from C:\Users\Ian\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Apple, Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
() C:\Windows\System32\PSIService.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Kitco Metals Inc.) C:\Program Files\Kitco\Kcast\Kcast.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Users\Ian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
() C:\Users\Ian\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Dropbox, Inc.) C:\Users\Ian\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Google Inc.) C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Google Inc.) C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Ian\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6266880 2008-07-03] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [HP Health Check Scheduler] => [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM\...\Run: [QuickFinder Scheduler] => C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE [83568 2007-01-03] (Corel Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [YSearchProtection] => C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [223984 2008-01-10] (Yahoo! Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [WinampAgent] => "C:\Program Files\Winamp\winampa.exe"
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateReg] => C:\Windows\system32\jureg.exe [54936 2007-04-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4086432 2014-07-16] (AVAST Software)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1781103263-3450025615-2151774915-1000\...\Run: [YSearchProtection] => C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [223984 2008-01-10] (Yahoo! Inc.)
HKU\S-1-5-21-1781103263-3450025615-2151774915-1000\...\Run: [KITCO] => C:\Program Files\Kitco\Kcast\Kcast
HKU\S-1-5-21-1781103263-3450025615-2151774915-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1781103263-3450025615-2151774915-1000\...\Run: [Google Update] => C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-10-19] (Google Inc.)
HKU\S-1-5-21-1781103263-3450025615-2151774915-1000\...\Run: [Spotify Web Helper] => C:\Users\Ian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1193176 2012-08-09] ()
HKU\S-1-5-21-1781103263-3450025615-2151774915-1000\...\Run: [HLBackupScheduler] => C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe [7065224 2012-08-20] ()
HKU\S-1-5-21-1781103263-3450025615-2151774915-1000\...\Run: [Amazon Cloud Player] => C:\Users\Ian\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
HKU\S-1-5-21-1781103263-3450025615-2151774915-1000\...\MountPoints2: {b4c3fee3-954d-11e2-8483-001d92b1f41c} - G:\setup.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
ShortcutTarget: Snapfish Media Detector.lnk -> C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe ()
Startup: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
==================== Internet (Whitelisted) ====================
 
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {34EF94DD-C7E3-405A-AB29-CDBB0DCD98BD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {D6DC0DE2-F92C-49CA-ACD2-1EA1D7D1A39C} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKCU - {34EF94DD-C7E3-405A-AB29-CDBB0DCD98BD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {D6DC0DE2-F92C-49CA-ACD2-1EA1D7D1A39C} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ->  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: SnapFlash Class -> {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} -> C:\Program Files\Common Files\justDo\Jd2002.dll (justDo Software)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.119.1
 
FireFox:
========
FF ProfilePath: C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\kt4hjv04.default
FF DefaultSearchEngine: Yahoo! Search
FF SelectedSearchEngine: Yahoo! Search
FF Homepage: hxxp://us.mg2.mail.yahoo.com/neo/launch?.rand=0maq8habid6o6
FF Keyword.URL: hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Users\Ian\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Ian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Ian\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Ian\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Ian\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Ian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Users\Ian\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ian\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
FF Extension: United States English Spellchecker - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\kt4hjv04.default\Extensions\en-US@dictionaries.addons.mozilla.org [2013-03-26]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\kt4hjv04.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-03-04]
FF Extension: Adobe DLM (powered by getPlus®) - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\kt4hjv04.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009-10-14]
FF Extension: Reddit Enhancement Suite - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\kt4hjv04.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2012-12-11]
FF Extension: Personas Plus - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\kt4hjv04.default\Extensions\personas@christopher.beard.xpi [2013-03-01]
FF Extension: FireFTP - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\kt4hjv04.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2011-05-11]
FF Extension: LeechBlock - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\kt4hjv04.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2013-03-19]
FF Extension: StumbleUpon - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\kt4hjv04.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2011-05-25]
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-05-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-05-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-08]
FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\Ian\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\Ian\AppData\Roaming\Move Networks [2009-06-24]
 
Chrome: 
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Ian\AppData\Local\Google\Chrome\Application\36.0.1985.103\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Ian\AppData\Local\Google\Chrome\Application\36.0.1985.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ian\AppData\Local\Google\Chrome\Application\36.0.1985.103\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Unity Player) - C:\Users\Ian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Ian\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Move Streaming Media Player) - C:\Users\Ian\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
CHR Plugin: (Google Talk Plugin) - C:\Users\Ian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Ian\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Plain) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpcdipecmmhmhfchegpaflpjkmceiip [2013-06-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-06]
CHR Extension: (YouTube) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-11-28]
CHR Extension: (Google Search) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-11-28]
CHR Extension: (avast! Online Security) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-09-11]
CHR Extension: (Website Blocker (Beta)) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib [2011-11-28]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2013-06-12]
CHR Extension: (StumbleUpon) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2013-07-23]
CHR Extension: (Google Wallet) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-07-16]
CHR Extension: (Gmail) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-11-28]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-07-16]
 
========================== Services (Whitelisted) =================
 
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [110592 2008-02-18] (Apple, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-07-16] (AVAST Software)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2009-10-21] (Macrovision Europe Ltd.) [File not signed]
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
 
==================== Drivers (Whitelisted) ====================
 
S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [28256 2011-06-25] (Applian Technologies Inc.)
R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [28256 2011-06-25] (Applian Technologies Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-07-16] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-16] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-07-16] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-16] ()
R3 HSXHWBS3; C:\Windows\System32\DRIVERS\HSXHWBS3.sys [206336 2007-04-26] (Conexant Systems, Inc.)
S2 TDDI; C:\Windows\system32\drivers\tddi.sys [31848 2013-06-11] (Microsoft Corporation) [File not signed]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIM; system32\DRIVERS\SymIM.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-17 14:23 - 2014-07-17 14:29 - 00023128 _____ () C:\Users\Ian\Desktop\FRST.txt
2014-07-17 14:14 - 2014-07-17 14:26 - 00000000 ____D () C:\FRST
2014-07-17 14:09 - 2014-07-17 14:11 - 01077248 _____ (Farbar) C:\Users\Ian\Desktop\FRST.exe
2014-07-16 11:01 - 2014-07-16 11:01 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-15 13:18 - 2014-07-15 13:18 - 00005715 _____ () C:\Users\Ian\Desktop\attach.txt
2014-07-15 13:18 - 2014-07-15 13:14 - 00012533 _____ () C:\Users\Ian\Desktop\dds.txt
2014-07-15 13:06 - 2014-07-15 13:07 - 00688992 ____R (Swearware) C:\Users\Ian\Desktop\dds.com
2014-07-15 11:11 - 2014-07-15 11:14 - 00918952 _____ (Oracle Corporation) C:\Users\Ian\Downloads\chromeinstall-7u60.exe
2014-07-15 09:12 - 2014-07-15 09:12 - 00000484 _____ () C:\Users\Ian\Desktop\ESETscan.txt
2014-07-14 14:02 - 2014-07-14 14:02 - 00000000 ____D () C:\Program Files\ESET
2014-07-14 14:00 - 2014-07-14 14:00 - 02347384 _____ (ESET) C:\Users\Ian\Desktop\esetsmartinstaller_enu.exe
2014-07-14 13:57 - 2014-07-14 13:57 - 00001389 _____ () C:\Users\Ian\Desktop\JRT.txt
2014-07-14 13:46 - 2014-07-14 13:46 - 00000000 ____D () C:\Windows\ERUNT
2014-07-14 13:32 - 2014-07-14 13:43 - 01016261 _____ (Thisisu) C:\Users\Ian\Desktop\JRT.exe
2014-07-14 12:23 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-14 12:16 - 2014-07-14 13:24 - 00000000 ____D () C:\AdwCleaner
2014-07-14 12:09 - 2014-07-14 12:11 - 01348263 _____ () C:\Users\Ian\Desktop\AdwCleaner.exe
2014-07-14 11:49 - 2014-07-14 11:49 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Ian\Desktop\tdsskiller.exe
2014-07-14 11:45 - 2014-07-14 11:46 - 00038364 _____ () C:\Users\Ian\Desktop\Result.txt
2014-07-14 11:40 - 2014-07-14 11:41 - 00401920 _____ (Farbar) C:\Users\Ian\Desktop\MiniToolBox.exe
2014-07-09 09:25 - 2014-06-06 20:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 09:25 - 2014-06-06 04:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 09:24 - 2014-06-06 20:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 09:24 - 2014-06-06 19:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 09:24 - 2014-06-06 19:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 09:24 - 2014-06-06 19:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 09:24 - 2014-06-06 19:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 09:24 - 2014-06-06 19:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 09:24 - 2014-06-06 19:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-09 09:24 - 2014-06-06 18:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 09:24 - 2014-06-06 18:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 09:24 - 2014-06-06 18:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 09:24 - 2014-06-06 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 09:24 - 2014-06-06 18:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 09:24 - 2014-06-06 18:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 09:24 - 2014-06-06 18:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 09:24 - 2014-06-06 18:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-09 09:24 - 2014-06-06 18:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 09:24 - 2014-06-06 18:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 09:24 - 2014-06-06 18:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-09 09:24 - 2014-06-06 18:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 09:24 - 2014-06-06 18:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-09 09:24 - 2014-06-06 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 09:24 - 2014-05-30 02:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-02 16:42 - 2014-07-02 16:43 - 00143512 _____ () C:\Windows\Minidump\Mini070214-01.dmp
 
==================== One Month Modified Files and Folders =======
 
2014-07-17 14:29 - 2014-07-17 14:23 - 00023128 _____ () C:\Users\Ian\Desktop\FRST.txt
2014-07-17 14:26 - 2014-07-17 14:14 - 00000000 ____D () C:\FRST
2014-07-17 14:11 - 2014-07-17 14:09 - 01077248 _____ (Farbar) C:\Users\Ian\Desktop\FRST.exe
2014-07-17 14:11 - 2006-11-02 08:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-17 14:11 - 2006-11-02 08:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-17 10:46 - 2008-01-20 21:35 - 01372744 _____ () C:\Windows\WindowsUpdate.log
2014-07-17 09:28 - 2014-05-14 16:41 - 00000000 ___RD () C:\Users\Ian\Dropbox
2014-07-17 09:28 - 2014-05-02 09:46 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Dropbox
2014-07-17 09:27 - 2014-05-02 09:49 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\DropboxMaster
2014-07-17 09:14 - 2010-01-06 12:17 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-17 09:13 - 2009-03-24 10:27 - 00000868 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-07-17 09:09 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-16 16:43 - 2006-11-02 09:01 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-16 14:44 - 2008-04-10 17:02 - 00000000 ____D () C:\Users\Ian\Desktop\Check books
2014-07-16 11:12 - 2008-01-20 22:47 - 00290054 _____ () C:\Windows\PFRO.log
2014-07-16 11:03 - 2010-03-17 16:20 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-16 11:03 - 2010-03-17 16:20 - 00001886 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-16 11:01 - 2014-07-16 11:01 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-16 11:01 - 2014-05-01 13:51 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-16 11:01 - 2013-03-05 14:12 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-16 11:01 - 2013-03-05 14:12 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-16 11:01 - 2011-03-08 15:21 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-07-16 11:01 - 2010-03-17 16:20 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-16 11:01 - 2010-03-17 16:20 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-07-16 11:01 - 2010-03-17 16:20 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys
2014-07-16 11:01 - 2010-03-17 16:18 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-15 13:18 - 2014-07-15 13:18 - 00005715 _____ () C:\Users\Ian\Desktop\attach.txt
2014-07-15 13:14 - 2014-07-15 13:18 - 00012533 _____ () C:\Users\Ian\Desktop\dds.txt
2014-07-15 13:07 - 2014-07-15 13:06 - 00688992 ____R (Swearware) C:\Users\Ian\Desktop\dds.com
2014-07-15 12:53 - 2014-05-06 16:07 - 00148933 _____ () C:\Windows\hpoins19.dat
2014-07-15 12:53 - 2008-04-04 02:17 - 00018366 _____ () C:\ProgramData\hpzinstall.log
2014-07-15 12:43 - 2006-11-02 06:33 - 00782300 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-15 12:42 - 2006-11-02 06:23 - 00000179 _____ () C:\Windows\win.ini
2014-07-15 12:41 - 2006-11-02 08:52 - 00087418 _____ () C:\Windows\setupact.log
2014-07-15 11:41 - 2008-04-04 02:30 - 00000000 ____D () C:\Program Files\Java
2014-07-15 11:32 - 2013-10-31 12:20 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-15 11:14 - 2014-07-15 11:11 - 00918952 _____ (Oracle Corporation) C:\Users\Ian\Downloads\chromeinstall-7u60.exe
2014-07-15 09:12 - 2014-07-15 09:12 - 00000484 _____ () C:\Users\Ian\Desktop\ESETscan.txt
2014-07-14 14:02 - 2014-07-14 14:02 - 00000000 ____D () C:\Program Files\ESET
2014-07-14 14:00 - 2014-07-14 14:00 - 02347384 _____ (ESET) C:\Users\Ian\Desktop\esetsmartinstaller_enu.exe
2014-07-14 13:57 - 2014-07-14 13:57 - 00001389 _____ () C:\Users\Ian\Desktop\JRT.txt
2014-07-14 13:46 - 2014-07-14 13:46 - 00000000 ____D () C:\Windows\ERUNT
2014-07-14 13:43 - 2014-07-14 13:32 - 01016261 _____ (Thisisu) C:\Users\Ian\Desktop\JRT.exe
2014-07-14 13:24 - 2014-07-14 12:16 - 00000000 ____D () C:\AdwCleaner
2014-07-14 13:07 - 2010-01-06 12:17 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-14 12:49 - 2010-12-20 16:26 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1781103263-3450025615-2151774915-1000UA.job
2014-07-14 12:11 - 2014-07-14 12:09 - 01348263 _____ () C:\Users\Ian\Desktop\AdwCleaner.exe
2014-07-14 11:49 - 2014-07-14 11:49 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Ian\Desktop\tdsskiller.exe
2014-07-14 11:46 - 2014-07-14 11:45 - 00038364 _____ () C:\Users\Ian\Desktop\Result.txt
2014-07-14 11:41 - 2014-07-14 11:40 - 00401920 _____ (Farbar) C:\Users\Ian\Desktop\MiniToolBox.exe
2014-07-11 16:25 - 2008-04-23 10:06 - 00000000 ____D () C:\Ian
2014-07-11 14:48 - 2010-12-20 16:26 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1781103263-3450025615-2151774915-1000Core.job
2014-07-10 09:12 - 2006-11-02 08:47 - 01634256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 09:09 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 16:51 - 2013-08-14 17:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 16:47 - 2006-11-02 06:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-09 15:50 - 2009-06-10 15:50 - 00000472 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2014-07-07 09:45 - 2008-04-14 11:22 - 00001682 ___SH () C:\Windows\system32\KGyGaAvL.sys
2014-07-02 16:43 - 2014-07-02 16:42 - 00143512 _____ () C:\Windows\Minidump\Mini070214-01.dmp
2014-07-02 16:42 - 2011-06-20 09:10 - 140876887 _____ () C:\Windows\MEMORY.DMP
2014-07-02 16:42 - 2011-06-20 09:10 - 00000000 ____D () C:\Windows\Minidump
2014-06-30 15:36 - 2010-12-20 16:28 - 00002034 _____ () C:\Users\Ian\Desktop\Google Chrome.lnk
2014-06-17 16:29 - 2014-06-12 13:15 - 00000990 _____ () C:\Users\Ian\Desktop\American opinion on the World Cup.txt
 
Some content of TEMP:
====================
C:\Users\Ian\AppData\Local\Temp\converter.exe
C:\Users\Ian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp08h9rn.dll
C:\Users\Ian\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Ian\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Ian\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\Ian\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\Ian\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\Ian\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Users\Ian\AppData\Local\Temp\jre-6u19-windows-i586-iftw-rv.exe
C:\Users\Ian\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\Ian\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Ian\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Ian\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Ian\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Ian\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Ian\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Ian\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Ian\AppData\Local\Temp\MotoHelper_2.0.45_Driver_5.0.0.exe
C:\Users\Ian\AppData\Local\Temp\pPokerNetSetup.exe
C:\Users\Ian\AppData\Local\Temp\Quarantine.exe
C:\Users\Ian\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ian\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Ian\AppData\Local\Temp\swt-win32-3333.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-17 09:46
 
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-07-2014 01
Ran by Ian at 2014-07-17 14:30:38
Running from C:\Users\Ian\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
7300_Help (Version: 82.0.242.000 - Hewlett-Packard) Hidden
7300Trb (Version: 82.0.242.000 - Hewlett-Packard) Hidden
7400 (Version: 82.0.242.000 - Hewlett-Packard) Hidden
Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS3 (HKLM\...\Adobe_a04a925a57548091300ada368235fc6) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Illustrator CS3 (Version: 13.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
AIO_CDB_ProductContext (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.3.0.422 - Amazon Services LLC)
Amazon MP3 Downloader 1.0.15 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC)
Anki (HKLM\...\Anki) (Version:  - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{44734179-8A79-4DEE-BB08-73037F065543}) (Version: 1.1.4.7 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
Backup Assistant Plus (HKLM\...\Backup Assistant Plus) (Version:  - Verizon Wireless)
Bing Maps 3D (HKLM\...\{2D87E961-577B-492B-AD54-1368680FB9A7}) (Version: 4.0.903.16005 - Microsoft Corporation)
BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard) Hidden
Copy (Version: 82.0.188.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberLink DVD Suite Deluxe (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1126 - CyberLink Corp.)
Destinations (Version: 82.0.173.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (Version: 8.1.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (Version: 82.0.188.000 - Hewlett-Packard) Hidden
ffdshow [rev 2527] [2008-12-19] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
FlashCatcher (HKLM\...\{867AE74B-855F-4ABD-BCA1-7B4C0ECF2DD9}) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.103 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM\...\{3544DED1-07DB-40C0-98F3-435A6DA195C7}) (Version: 3.0.14346 - Google, Inc.)
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.1536.6592 - Google Inc.)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.1.4708.19 - PC-Doctor, Inc.)
Hewlett-Packard Active Check (Version: 1.1.11.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.62.5 - HP) Hidden
HP Advisor (HKLM\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.9152.3107 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{C8D47273-7A1A-4614-A3D8-263632D8A5ED}) (Version: 5.6.0.2499 - Hewlett-Packard)
HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
HP Demo (HKLM\...\{9A379E7A-22ED-44FF-9293-E393D704505D}) (Version: 4.1.0 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}) (Version: 5.6.0.2542 - Hewlett-Packard)
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)
HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version:  - Hewlett-Packard)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Photosmart Essential 2.5 (Version: 1.02.0000 - Hewlett-Packard) Hidden
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP)
HP Product Assistant (Version: 100.000.001.000 - Hewlett-Packard) Hidden
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Hewlett Packard Development Company L.P.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Kcast Beta 2.0.0 (HKLM\...\Kcast_Beta_1.0) (Version:  - )
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2329 - CyberLink Corp.)
LightScribe System Software (HKLM\...\{7F10292C-A190-4176-A665-A1ED3478DF86}) (Version: 1.18.3.2 - LightScribe)
LightScribeTemplateLabeler (HKLM\...\{305D4B08-5807-4475-B1C8-D54685534864}) (Version: 1.10.23.1 - LightScribe)
MarketResearch (Version: 82.0.174.000 - Hewlett-Packard) Hidden
MediaMonkey 3.2 (HKLM\...\MediaMonkey_is1) (Version: 3.2 - Ventis Media Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MotoHelper 2.0.45 Driver 5.0.0 (HKLM\...\MotoHelper) (Version: 2.0.45 - Motorola)
MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.0.0 (Version: 5.0.0 - Motorola Inc.) Hidden
Move Media Player (HKCU\...\Move Media Player) (Version:  - Move Networks)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
muvee autoProducer 6.1 (HKLM\...\{5115C036-C0D5-4E1B-81C9-542CA967478A}) (Version: 6.10.050 - muvee Technologies)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: HPCMPQ1902 - WildTangent)
OpenOffice.org 3.1 (HKLM\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9420 - OpenOffice.org)
PCIe Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F82&SUBSYS_000014F1) (Version:  - )
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3610 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2420 - CyberLink Corp.)
PowerDirector (Version: 6.5.2420 - CyberLink Corp.) Hidden
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
Replay Media Catcher 4 (4.3.2) (HKLM\...\Replay Media Catcher 4) (Version: 4.3.2 - Applian Technologies)
Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
Skype Toolbars (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.3.7555 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Snapfish Picture Mover (HKLM\...\{029B5901-1F27-4347-9923-E8ACC8F54E15}) (Version: 1.9.0.16 - HP Snapfish)
SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Spotify (HKLM\...\Spotify) (Version: 0.5.2 - )
Status (Version: 82.0.173.000 - Hewlett-Packard) Hidden
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (Version: 82.0.188.000 - Hewlett-Packard) Hidden
TurboTax 2010 (HKLM\...\TurboTax 2010) (Version:  - Intuit, Inc)
TurboTax 2010 WinPerFedFormset (Version: 010.000.5821 - Intuit Inc.) Hidden
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0501 - Intuit Inc.) Hidden
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0222 - Intuit Inc.) Hidden
TurboTax 2010 wnjiper (Version: 010.000.1431 - Intuit Inc.) Hidden
TurboTax 2010 wrapper (Version: 010.000.0157 - Intuit Inc.) Hidden
TurboTax 2011 (HKLM\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2011 WinPerFedFormset (Version: 011.000.3351 - Intuit Inc.) Hidden
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0496 - Intuit Inc.) Hidden
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0222 - Intuit Inc.) Hidden
TurboTax 2011 wnjiper (Version: 011.000.1833 - Intuit Inc.) Hidden
TurboTax 2011 wrapper (Version: 011.000.0121 - Intuit Inc.) Hidden
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (Version: 012.000.2013 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0451 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (Version: 012.000.0179 - Intuit Inc.) Hidden
TurboTax 2012 wnjiper (Version: 012.000.1445 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (Version: 012.000.0127 - Intuit Inc.) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VNC Free Edition 4.1.3 (HKLM\...\RealVNC_is1) (Version: 4.1.3 - RealVNC Ltd.)
WeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WordPerfect Office X3 (HKLM\...\_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}) (Version:  - Corel Corporation)
WordPerfect Office X3 (Version: 13.3.1 - Corel Corporation) Hidden
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version:  - )
Yahoo! Search Protection (HKLM\...\Yahoo! Search Defender) (Version:  - ) <==== ATTENTION
 
==================== Restore Points  =========================
 
11-06-2014 14:22:41 Windows Update
11-06-2014 20:45:23 Windows Update
17-06-2014 13:37:13 Windows Update
18-06-2014 21:31:05 Scheduled Checkpoint
19-06-2014 13:13:57 Scheduled Checkpoint
24-06-2014 13:35:20 Windows Update
26-06-2014 15:09:03 Scheduled Checkpoint
30-06-2014 15:25:11 Scheduled Checkpoint
01-07-2014 13:26:17 Windows Update
02-07-2014 13:35:01 Scheduled Checkpoint
03-07-2014 14:55:03 Scheduled Checkpoint
07-07-2014 13:37:56 Windows Update
08-07-2014 14:30:50 Scheduled Checkpoint
09-07-2014 15:33:35 Scheduled Checkpoint
09-07-2014 20:41:20 Windows Update
10-07-2014 14:08:58 Scheduled Checkpoint
11-07-2014 16:09:57 Scheduled Checkpoint
14-07-2014 22:39:46 Scheduled Checkpoint
15-07-2014 13:40:39 Windows Update
15-07-2014 15:16:48 Installed Java 7 Update 60
15-07-2014 15:36:10 Removed Java 7 Update 60
16-07-2014 14:43:08 avast! antivirus system restore point
 
==================== Hosts content: ==========================
 
2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {1AB9C3D9-F2F5-4A65-BE61-1A651DB54607} - System32\Tasks\{01CA0D61-2316-41B6-AB29-D8FB3FCE13BA} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {246C98A1-EF76-421C-8593-0C9690849C63} - System32\Tasks\MotoHelper MUM => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {263C5624-C35C-4CF1-889C-085757F270B4} - System32\Tasks\{2CAAABC9-6C38-4CC8-ABC1-A028A79AE366} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {2F7807F7-B2DE-4686-A0A5-B003C36D0683} - System32\Tasks\MotoHelper Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {392F4ADE-2FE9-4B12-80DD-7149C7538749} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program Files\PC-Doctor 5 for Windows\task_swap.bat [2008-04-04] ()
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {53C0AEB2-A6CD-40CE-9949-C40953A0DFF1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1781103263-3450025615-2151774915-1000Core => C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-19] (Google Inc.)
Task: {5D8A6F66-607A-4798-B20D-F28C624D22C1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-06] (Google Inc.)
Task: {65313863-593F-49C9-A220-C5650C956EEF} - System32\Tasks\{C4CD57C6-9A5A-4134-BE57-3FB0954AA692} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.1.0.179&amp;LastError=12002
Task: {67E9325F-1CCE-4D81-BD0D-177C1B010E34} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-07-16] (AVAST Software)
Task: {9D76ED78-ACCB-4D58-A0FD-67E35F7EC3DC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A7E7F4EB-FE25-4197-8967-DF9E56C59FE4} - System32\Tasks\MotoHelper Routing => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {ACC398EA-1DDF-4531-AFDB-E385A8EA43E1} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {B7368CE6-F5DE-46F6-8DFB-6373BFEC751A} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {B99B29F8-37AB-4830-9C21-95192433A19F} - System32\Tasks\MotoHelper Initial Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {C2B9F36D-1A4D-47E6-AFB1-E36DF913D1D5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-06] (Google Inc.)
Task: {CA7905F5-039D-4B78-8747-BFC0B15B5343} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe [2007-10-04] (PC-Doctor, Inc.)
Task: {E42BA9F2-3247-4390-A802-6C4D4FFE6D2B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1781103263-3450025615-2151774915-1000UA => C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-19] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1781103263-3450025615-2151774915-1000Core.job => C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1781103263-3450025615-2151774915-1000UA.job => C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-02 09:11 - 2014-07-16 11:01 - 00301152 _____ () C:\Program Files\Alwil Software\Avast5\aswProperty.dll
2014-07-17 13:32 - 2014-07-17 13:32 - 02793472 _____ () C:\Program Files\Alwil Software\Avast5\defs\14071701\algo.dll
2011-06-10 13:46 - 2009-11-05 08:39 - 00087552 _____ () C:\Windows\System32\cpwmon2k.dll
2011-01-27 17:13 - 2011-01-27 17:13 - 00226624 _____ () C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
2007-06-05 16:20 - 2007-06-05 16:20 - 00177704 _____ () C:\Windows\system32\PSIService.exe
2011-03-21 11:58 - 2011-03-21 11:58 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2011-03-21 11:58 - 2011-03-21 11:58 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2011-01-27 17:13 - 2011-01-27 17:13 - 00673088 _____ () C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
2008-11-10 15:20 - 2008-09-16 21:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2013-11-14 11:23 - 2014-07-16 11:01 - 19329904 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2012-08-09 14:09 - 2012-08-09 14:09 - 01193176 _____ () C:\Users\Ian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
2012-08-20 04:18 - 2012-08-20 04:18 - 07065224 _____ () C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
2012-08-20 04:17 - 2012-08-20 04:17 - 00684032 _____ () C:\Program Files\Backup Assistant Plus\libexpat.dll
2012-08-20 04:17 - 2012-08-20 04:17 - 00466975 _____ () C:\Program Files\Backup Assistant Plus\sqlite3.dll
2012-08-20 04:17 - 2012-08-20 04:17 - 00310272 _____ () C:\Program Files\Backup Assistant Plus\swscale-2.dll
2012-08-20 04:17 - 2012-08-20 04:17 - 00142848 _____ () C:\Program Files\Backup Assistant Plus\avutil-51.dll
2012-08-20 04:17 - 2012-08-20 04:17 - 13766656 _____ () C:\Program Files\Backup Assistant Plus\avcodec-54.dll
2012-08-20 04:17 - 2012-08-20 04:17 - 02535936 _____ () C:\Program Files\Backup Assistant Plus\avformat-54.dll
2014-03-06 15:35 - 2014-01-14 15:46 - 03140608 _____ () C:\Users\Ian\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2014-07-17 09:20 - 2014-07-17 09:20 - 00043008 _____ () c:\users\ian\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp08h9rn.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Ian\AppData\Roaming\Dropbox\bin\libcef.dll
2006-12-10 21:51 - 2006-12-10 21:51 - 00065536 ____R () C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
2006-12-10 21:51 - 2006-12-10 21:51 - 00077824 ____R () C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
2014-06-30 15:33 - 2014-06-27 14:46 - 08537928 _____ () C:\Users\Ian\AppData\Local\Google\Chrome\Application\36.0.1985.103\pdf.dll
2014-06-30 15:34 - 2014-06-27 14:47 - 00353096 _____ () C:\Users\Ian\AppData\Local\Google\Chrome\Application\36.0.1985.103\ppGoogleNaClPluginChrome.dll
2014-06-30 15:32 - 2014-06-27 14:46 - 01732936 _____ () C:\Users\Ian\AppData\Local\Google\Chrome\Application\36.0.1985.103\ffmpegsumo.dll
2014-03-06 10:28 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Ian\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-03-06 10:28 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Ian\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2014-06-30 15:34 - 2014-06-27 14:46 - 14664008 _____ () C:\Users\Ian\AppData\Local\Google\Chrome\Application\36.0.1985.103\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Users\Ian\Downloads\LVD Letterman 29.07.2008.mp4:TOC.WMV
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/16/2014 10:42:41 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {082afed3-5935-42db-a4c0-972a737d33ea}
 
 
System errors:
=============
Error: (07/17/2014 09:31:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Modules Installer%%1053
 
Error: (07/17/2014 09:31:13 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Modules Installer
 
Error: (07/17/2014 09:29:52 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
Error: (07/17/2014 09:11:02 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
 
Error: (07/17/2014 09:11:02 AM) (Source: Service Control Manager) (EventID: 7002) (User: )
Description: TDDIParallel arbitrator
 
Error: (07/17/2014 09:09:25 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: 2147942402
 
Error: (07/16/2014 04:43:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}
 
Error: (07/16/2014 11:21:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Intuit Update Service v4%%1053
 
Error: (07/16/2014 11:21:29 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Intuit Update Service v4
 
Error: (07/16/2014 11:20:57 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Intuit Update Service
 
 
Microsoft Office Sessions:
=========================
Error: (07/16/2014 10:42:41 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {082afed3-5935-42db-a4c0-972a737d33ea}
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-06-11 14:44:43.253
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-11 14:44:42.550
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-11 14:44:41.823
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-11 14:44:41.134
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-11 14:44:40.391
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-11 14:44:39.713
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-11 14:44:37.635
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-11 14:44:36.945
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-11 14:44:36.207
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-11 14:44:35.526
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 94%
Total physical RAM: 1012.45 MB
Available physical RAM: 56.81 MB
Total Pagefile: 2995.21 MB
Available Pagefile: 872.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1919.23 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:223.43 GB) (Free:89.77 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.45 GB) (Free:1.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=223 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:31 AM

Posted 17 July 2014 - 01:46 PM

Please run the following:
 

Download attached fixlist.txt file and save it to the Desktop.
 
Attached File  FixList.txt   1.96KB   8 downloads
 

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.


NEXT

Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 detekk

detekk
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Location:NJ
  • Local time:07:31 AM

Posted 17 July 2014 - 01:59 PM

Here's the fix list text. I'll run the Combofix now.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-07-2014 01
Ran by Ian at 2014-07-17 15:00:24 Run:1
Running from C:\Users\Ian\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
HKLM\...\Run: [] => [X]
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {34EF94DD-C7E3-405A-AB29-CDBB0DCD98BD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {34EF94DD-C7E3-405A-AB29-CDBB0DCD98BD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ->  No File
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
C:\Users\Ian\AppData\Local\Temp\converter.exe
C:\Users\Ian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp08h9rn.dll
C:\Users\Ian\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Ian\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Ian\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\Ian\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\Ian\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\Ian\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Users\Ian\AppData\Local\Temp\jre-6u19-windows-i586-iftw-rv.exe
C:\Users\Ian\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\Ian\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Ian\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Ian\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Ian\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Ian\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Ian\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Ian\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Ian\AppData\Local\Temp\MotoHelper_2.0.45_Driver_5.0.0.exe
C:\Users\Ian\AppData\Local\Temp\pPokerNetSetup.exe
C:\Users\Ian\AppData\Local\Temp\Quarantine.exe
C:\Users\Ian\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ian\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Ian\AppData\Local\Temp\swt-win32-3333.dll
end
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{34EF94DD-C7E3-405A-AB29-CDBB0DCD98BD}' => Key deleted successfully.
'HKCR\CLSID\{34EF94DD-C7E3-405A-AB29-CDBB0DCD98BD}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{34EF94DD-C7E3-405A-AB29-CDBB0DCD98BD}' => Key deleted successfully.
'HKCR\CLSID\{34EF94DD-C7E3-405A-AB29-CDBB0DCD98BD}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}' => Key deleted successfully.
'HKCR\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
'HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => value deleted successfully.
'HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}'=> Key not found.
C:\Users\Ian\AppData\Local\Temp\converter.exe => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp08h9rn.dll => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\FlashPlayerUpdate.exe => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\FlashPlayerUpdate01.exe => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\FlashPlayerUpdate02.exe => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\FlashPlayerUpdate03.exe => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\FlashPlayerUpdate04.exe => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\jre-6u19-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\MotoHelper_2.0.45_Driver_5.0.0.exe => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\pPokerNetSetup.exe => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\SpotifyUpgrader.exe => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\swt-win32-3333.dll => Moved successfully.
 
==== End of Fixlog ====


#7 detekk

detekk
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Location:NJ
  • Local time:07:31 AM

Posted 17 July 2014 - 02:43 PM

And finally, the ComboFix log

ComboFix 14-07-17.03 - Ian 07/17/2014  15:14:33.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1012.311 [GMT -4:00]
Running from: c:\users\Ian\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Ian\AppData\Local\assembly\tmp
c:\windows\iun6002.exe
c:\windows\system32\00.dll
c:\windows\system32\01.dll
c:\windows\system32\02.dll
c:\windows\system32\03.dll
c:\windows\system32\04.dll
c:\windows\system32\05.dll
c:\windows\system32\06.dll
c:\windows\system32\07.dll
c:\windows\system32\08.dll
c:\windows\system32\09.dll
c:\windows\system32\SET4A7.tmp
c:\windows\system32\SET7A0C.tmp
c:\windows\system32\SET8693.tmp
c:\windows\system32\SET8A8F.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-17 to 2014-07-17  )))))))))))))))))))))))))))))))
.
.
2014-07-17 19:39 . 2014-07-17 19:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-17 19:39 . 2014-07-17 19:39 -------- d-----w- c:\users\ADMINI~1\AppData\Local\temp
2014-07-17 19:39 . 2014-07-17 19:39 -------- d-----w- c:\users\ejpul\AppData\Local\temp
2014-07-17 18:14 . 2014-07-17 19:01 -------- d-----w- C:\FRST
2014-07-16 15:01 . 2014-07-16 15:01 43152 ----a-w- c:\windows\avastSS.scr
2014-07-15 14:22 . 2014-07-02 03:11 8217224 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0BDB9B0-704E-4A3A-A285-20AD957013C3}\mpengine.dll
2014-07-14 18:02 . 2014-07-14 18:02 -------- d-----w- c:\program files\ESET
2014-07-14 17:46 . 2014-07-14 17:46 -------- d-----w- c:\windows\ERUNT
2014-07-14 16:23 . 2010-08-30 12:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-14 16:16 . 2014-07-14 17:24 -------- d-----w- C:\AdwCleaner
2014-07-09 13:25 . 2014-06-02 10:30 937472 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 13:25 . 2014-06-02 10:31 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2014-07-09 13:25 . 2014-06-02 10:30 983552 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2014-07-09 13:25 . 2014-06-02 10:30 965120 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2014-07-09 13:25 . 2014-06-07 02:08 1305088 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-07-09 13:25 . 2014-06-07 02:08 149504 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-07-09 13:25 . 2014-06-07 00:19 2051072 ----a-w- c:\windows\system32\win32k.sys
2014-07-09 13:25 . 2014-06-07 02:08 114688 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2014-07-09 13:25 . 2014-06-06 08:59 506880 ----a-w- c:\windows\system32\qedit.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-16 15:03 . 2010-03-17 20:20 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-07-16 15:01 . 2013-03-05 18:12 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-16 15:01 . 2011-03-08 19:21 779536 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-07-16 15:01 . 2010-03-17 20:20 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-07-16 15:01 . 2014-05-01 17:51 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-16 15:01 . 2013-03-05 18:12 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-16 15:01 . 2010-03-17 20:20 55112 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-07-16 15:01 . 2010-03-17 20:20 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-16 15:01 . 2010-03-17 20:18 276432 ----a-w- c:\windows\system32\aswBoot.exe
2014-05-01 17:51 . 2011-03-08 19:21 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1400160122524
2014-05-01 17:51 . 2010-03-17 20:20 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys.1400160122524
2014-04-26 16:01 . 2014-06-11 14:25 502784 ----a-w- c:\windows\system32\usp10.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-16 15:00 578240 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Ian\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Ian\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Ian\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KITCO"="c:\program files\Kitco\Kcast\Kcast" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-10 223984]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Spotify Web Helper"="c:\users\Ian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-09 1193176]
"HLBackupScheduler"="c:\program files\Backup Assistant Plus\V CAST Backup Scheduler.exe" [2012-08-20 7065224]
"Amazon Cloud Player"="c:\users\Ian\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2014-01-14 3140608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 83568]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-10 223984]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-01 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-01 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-01 133656]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-07-16 4086432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
.
c:\users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ian\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-19 33322312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-20 17:16]
.
2014-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 16:17]
.
2014-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 16:17]
.
2014-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1781103263-3450025615-2151774915-1000Core.job
- c:\users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-20 13:38]
.
2014-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1781103263-3450025615-2151774915-1000UA.job
- c:\users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-20 13:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
IE: Save Flash with Flash Catcher - c:\program files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm
Trusted Zone: intuit.com\accounts
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.119.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-Kcast_Beta_1.0 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-17 15:40
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-07-17  15:45:48
ComboFix-quarantined-files.txt  2014-07-17 19:45
.
Pre-Run: 97,191,518,208 bytes free
Post-Run: 100,463,357,952 bytes free
.
- - End Of File - - CED5FAD1B2D30C875BD4522E7B04B8F1
81CD5EC01DB0CE57EDD853F82462EF27


#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:31 AM

Posted 18 July 2014 - 10:59 AM

looks better, please run the following:


Please download Malwarebytes Anti-Malware from here:
https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ and save it to your desktop.
• Double-click mbam-setup .exe file and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to the following:
○ Launch Malwarebytes Anti-Malware
○ A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
• Click Finish.
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

• When completed click the down arrow on Export Log and select Text file (*.txt)
• Save the file to your desktop as MBAM
• Click Apply Actions then restart your computer if requested
• Attach the MBAM.txt to your next reply


Please let me know how the computer is running now and if there are any outstanding issues.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 detekk

detekk
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Location:NJ
  • Local time:07:31 AM

Posted 18 July 2014 - 03:20 PM

Finished running the MalwareBytes scan and it found no threats! I'll post the log here anyway. 

I think it's running smoother and not lagging as often. I might have to see after I update Flash and Java and turn on the anti-virus software how it's going, so I'll check in again on Monday!

Thank you so much. What a valuable resource this is. Enjoy your weekend!

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/18/2014
Scan Time: 3:26:04 PM
Logfile: malware bytes log.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.18.08
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Ian
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 343150
Time Elapsed: 48 min, 58 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:31 AM

Posted 18 July 2014 - 03:57 PM

ok good,

use the machine as you would normally over the weekend then and let me know if there are any outstanding issues.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 detekk

detekk
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Location:NJ
  • Local time:07:31 AM

Posted 21 July 2014 - 09:36 AM

Funnily enough, right after I posted this and closed out the windows I got the BSoD haha. It quickly restarted and alerted me to the unexpected crash. Oh well.

As of now, as far as I can tell I have everything up to date with all my software, antivirus, etc. Nevertheless, it still seems to be lagging a bit. Most noticeable when I open a new tab, enter an address, and then hit enter. I would say there's a 15-20 pause between each of those steps.

Click on new tab - wait 20 seconds for it to open.

Start typing the address - wait 20 seconds for the text to appear.

Hit enter to bring up the site  - wait 20 secs. for it to complete.

I can say that as long as there is nothing malicious on the computer I'll just deal with the slowness haha. 

Thank you again for taking the time to help me!



#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:31 AM

Posted 21 July 2014 - 11:31 AM

Let's do one more scan for leftovers:


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, if it shows a screen that says "Threats found!", then click "List of found threats" button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 detekk

detekk
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Location:NJ
  • Local time:07:31 AM

Posted 22 July 2014 - 08:21 AM

ESET Scan finished with no threats found! I'm thinking I have to tweak some settings in Avast or other 'monitoring' programs in Windows that might be holding things up.

Things are very fluid and smooth right now. 

You have gone above and beyond helping me here CatByte! Thank you so much. 



#14 detekk

detekk
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Location:NJ
  • Local time:07:31 AM

Posted 22 July 2014 - 09:21 AM

Very interesting update:

I tried to get the latest Google Chrome update. No luck through the browser's setting. So I tried through Avast! auto settings. No luck. I was completely unable to update Google Chrome.

I just installed Firefox which I haven't used in a long time and it's running and searching like a new computer! Definitely an issue with Google Chrome.



#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:31 AM

Posted 22 July 2014 - 10:54 AM

I'm not surprised, I have read lots of similar threads where people have been having issues with chrome.

I've never used it myself as I've always preferred FireFox and wont likely switch.

I would uninstall Chrome and remove all traces of it.

Now we can clean up our tools, please do the following:



You can delete the DDS, FRST, GMER and JRT logs and programs from your desktop.


NEXT

Follow these steps to uninstall Combofix
  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.
Combofix_uninstall_image.jpg


NEXT
  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.
If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome, Firefox and IE
  • AdblockPlus
    • AdblockPlus, Surf the web without annoying ads!
    • Blocks banners, pop-ups and video ads - even on Facebook and YouTube
    • Protects your online privacy
    • Two-click installation, It's free!
    • click the icon that corresponds to your browser and download.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    PC Safety and Security--What Do I Need?.
  • Simple and easy ways to keep your computer safe and secure on the Internet
Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users