Solved ISeekDeal.dll

Harpo · 2012/12/11

[Resolved] ISeekDeal.dll

Hello,

Two days ago, the ISeekDeal.dll sneaked onto my computer riding along on an IObit Uninstaller installation. WinPatrol alerted me right away, and I searched for, found, and deleted the dll file in the C:\ProgramData\Plugin\ folder. I also found and deleted about six registry keys, with two keys that refused to be deleted.

I believe it has more fingers elsewhere on the computer, because it tries to run a browser script which NoScript prevents.

I've run several scans (MalwareBytes regular & rootkit, and Spybot regular & rootkit), with no results. From what I've found online, none of the scanners ID this, and I'd really like to get it off my computer. Any assistance appreciated.

Admin. · 2012/12/11

Hi,

Read this post as indicated at the top of this forum & follow the instructions.

Harpo · 2012/12/11

Sorry, I didn't notice the post until after I'd already posted. I have a question before I move forward, however. The instructions cover everything up to Windows 7. I'm running Windows 8. Are the required softwares compatible with Windows 8?

broni · 2012/12/11

Yes..

Harpo · 2012/12/12

iSeekDeal.dll logs

MBAM log:

Malwarebytes Anti-Malware (PRO) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.11.08

Windows 7 x64 NTFS
Internet Explorer 9.10.9200.16433
Emma :: HP-ENVY [administrator]

Protection: Enabled

12/12/2012 6:13:35 AM
mbam-log-2012-12-12 (06-13-35).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 422454
Time elapsed: 51 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

aswMBR log:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-12 07:06:03
-----------------------------
07:06:03.039 OS Version: Windows x64 6.2.9200
07:06:03.039 Number of processors: 4 586 0x1001
07:06:03.039 ComputerName: HP-ENVY UserName: Emma
07:06:03.579 Initialze error 1
07:06:03.909 AVAST engine defs: 12121200
07:06:12.201 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000040
07:06:12.201 Disk 0 Vendor: ST750LM022_HN-M750MBB 2AR10002 Size: 715404MB BusType: 11
07:06:12.221 Disk 0 MBR read successfully
07:06:12.221 Disk 0 MBR scan
07:06:12.231 Disk 0 unknown MBR code
07:06:12.231 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
07:06:12.281 Disk 0 scanning C:\Windows\system32\drivers
07:06:12.291 Service scanning
07:06:13.001 Modules scanning
07:06:13.001 Disk 0 trace - called modules:
07:06:13.021
07:06:13.021 AVAST engine scan C:\Windows
07:06:13.031 AVAST engine scan C:\Windows\system32
07:06:13.041 AVAST engine scan C:\Windows\system32\drivers
07:06:13.051 AVAST engine scan C:\Users\River
07:06:13.051 AVAST engine scan C:\ProgramData
07:06:13.061 Scan finished successfully
07:06:31.302 Disk 0 MBR has been saved successfully to "C:\Users\River\Desktop\MBR.dat "
07:06:31.312 The log file has been saved successfully to "C:\Users\River\Desktop\aswMBR.txt "

dds.txt log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16442
Run by Emma at 7:07:05 on 2012-12-12
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.5602.2920 [GMT -8:00]
.
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\dwm.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Program Files\Classic Shell\ClassicShellService.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\valWBFPolicyService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhostex.exe
C:\Users\River\Downloads\PCMeter\PCMeterV0.3.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\SpiderOak\SpiderOak.exe
C:\Users\River\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\SpiderOak\SpiderOak.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\River\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\PopTray\PopTray.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\SpiderOak\windows_dir_watcher.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Java\jre7\bin\javaw.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.avg.com/?cid={F567391A-ED35-4197-9EF5-4BA2D5DF3267}&mid=0305f7a7658147d09dcfd967199e8103-54c4ff90180dac107bfcbaeb682d633eb4441c46&lang=en&ds=is016&pr=sa&d=2012-11-20 18:28:31&v=13.2.0.4&sap=hp
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [SpiderOak] C:\Program Files (x86)\SpiderOak\SpiderOak.exe --windows_startup
uRun: [MusicManager] "C:\Users\River\AppData\Local\Programs\Google\MusicManager\MusicManager.exe "
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [cdloader] "C:\Users\River\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe "
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe "
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe "
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\Users\River\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\River\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\River\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\River\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PopTray.lnk - C:\Program Files (x86)\PopTray\PopTray.exe
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{5D9744AC-250C-4BA6-995D-4D6645FBAEED} : DHCPNameServer = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll ",CreateReaderUserSettings
IFEO: sidebar.exe - C:\Program Files (x86)\Windows Sidebar\8GadgetPack.exe -run
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: sidebar.exe - C:\Program Files (x86)\Windows Sidebar\8GadgetPack.exe -run
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\River\AppData\Roaming\Mozilla\Firefox\Profiles\i8ek7rsf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.oregoncoasttoday.com/oregon-coast-calendar.html
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={F567391A-ED35-4197-9EF5-4BA2D5DF3267}&mid=0305f7a7658147d09dcfd967199e8103-54c4ff90180dac107bfcbaeb682d633eb4441c46&lang=en&ds=is016&pr=sa&d=2012-11-20 18:28:31&v=13.2.0.4&sap=ku&q=
FF - prefs.js: network.proxy.type - 2
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\River\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: C:\Users\River\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - ExtSQL: 2012-11-18 09:16; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\River\AppData\Roaming\Mozilla\Firefox\Profiles\i8ek7rsf.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2012-11-18 11:37; betterfacebook@mattkruse.com; C:\Users\River\AppData\Roaming\Mozilla\Firefox\Profiles\i8ek7rsf.default\extensions\betterfacebook@mattkruse.com.xpi
FF - ExtSQL: 2012-11-18 11:37; firefox@ghostery.com; C:\Users\River\AppData\Roaming\Mozilla\Firefox\Profiles\i8ek7rsf.default\extensions\firefox@ghostery.com
FF - ExtSQL: 2012-11-18 11:37; google@disconnect.me; C:\Users\River\AppData\Roaming\Mozilla\Firefox\Profiles\i8ek7rsf.default\extensions\google@disconnect.me.xpi
FF - ExtSQL: 2012-11-18 11:37; googlesharing@extension.thoughtcrime.org; C:\Users\River\AppData\Roaming\Mozilla\Firefox\Profiles\i8ek7rsf.default\extensions\googlesharing@extension.thoughtcrime.org
FF - ExtSQL: 2012-11-18 11:37; netvideohunter@netvideohunter.com; C:\Users\River\AppData\Roaming\Mozilla\Firefox\Profiles\i8ek7rsf.default\extensions\netvideohunter@netvideohunter.com
FF - ExtSQL: 2012-11-18 11:37; {6614d11d-d21d-b211-ae23-815234e1ebb5}; C:\Users\River\AppData\Roaming\Mozilla\Firefox\Profiles\i8ek7rsf.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}.xpi
FF - ExtSQL: 2012-11-18 11:37; {6bdc61ae-7b80-44a3-9476-e1d121ec2238}; C:\Users\River\AppData\Roaming\Mozilla\Firefox\Profiles\i8ek7rsf.default\extensions\{6bdc61ae-7b80-44a3-9476-e1d121ec2238}.xpi
FF - ExtSQL: 2012-11-18 11:37; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; C:\Users\River\AppData\Roaming\Mozilla\Firefox\Profiles\i8ek7rsf.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2012-11-18 11:37; {ac2cfa60-bc96-11e0-962b-0800200c9a66}; C:\Users\River\AppData\Roaming\Mozilla\Firefox\Profiles\i8ek7rsf.default\extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi
FF - ExtSQL: 2012-11-18 11:37; {E0B8C461-F8FB-49b4-8373-FE32E9252800}; C:\Users\River\AppData\Roaming\Mozilla\Firefox\Profiles\i8ek7rsf.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
FF - ExtSQL: 2012-11-20 17:59; https-everywhere@eff.org; C:\Users\River\AppData\Roaming\Mozilla\Firefox\Profiles\i8ek7rsf.default\extensions\https-everywhere@eff.org
FF - ExtSQL: 2012-11-20 18:06; jid0-gG1gAeXAPAyqbiSvBGlwTBQMcRA@jetpack; C:\Users\River\AppData\Roaming\Mozilla\Firefox\Profiles\i8ek7rsf.default\extensions\jid0-gG1gAeXAPAyqbiSvBGlwTBQMcRA@jetpack.xpi
FF - ExtSQL: 2012-11-21 17:27; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\River\AppData\Roaming\Mozilla\Firefox\Profiles\i8ek7rsf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-11-21 21:54; avg@toolbar; C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5
FF - ExtSQL: 2012-11-22 08:35; optout@dubfire.net; C:\Users\River\AppData\Roaming\Mozilla\Firefox\Profiles\i8ek7rsf.default\extensions\optout@dubfire.net
FF - ExtSQL: 2012-12-09 20:09; iseekdeal@iseekdeal.com; C:\Users\River\AppData\Roaming\Mozilla\Firefox\Profiles\i8ek7rsf.default\extensions\iseekdeal@iseekdeal.com.xpi
FF - ExtSQL: 2012-12-11 18:52; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-7-24 79528]
R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-7-24 26280]
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\System32\Drivers\aswNdis.sys [2012-12-11 12368]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\System32\Drivers\aswNdis2.sys [2012-12-11 262656]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\System32\Drivers\aswFW.sys [2012-12-11 132864]
R1 aswKbd;aswKbd;C:\Windows\System32\Drivers\aswKbd.sys [2012-12-11 21136]
R1 aswnet;avast! AG Firewall Core Driver;C:\Windows\System32\Drivers\aswnet.sys [2012-12-11 470192]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2012-12-11 984144]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2012-12-11 370288]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2012-10-13 92536]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-8 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-8 361984]
R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2012-10-13 199008]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2012-12-11 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2012-12-11 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-12-11 44808]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-12-11 133912]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-10 85504]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-8-10 29600]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-31 35232]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-18 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-18 676936]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-12-10 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-12-10 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-12-10 168384]
R2 valWBFPolicyService;Validity WBF Policy Service;C:\Windows\System32\valWBFPolicyService.exe [2012-9-6 28160]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-20 711112]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-7-17 98472]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2012-11-18 25928]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2012-10-13 266896]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-10-13 683664]
R3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-12-1 41272]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2012-10-13 57000]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-31 20800]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-10-13 43832]
S3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2012-11-18 23552]
.
=============== Created Last 30 ================
.
2012-12-12 02:53:40 132864 ----a-w- C:\Windows\System32\drivers\aswFW.sys
2012-12-12 02:52:34 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-12-12 02:52:34 262656 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
2012-12-12 02:52:30 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-12-12 02:52:30 468144 ----a-w- C:\Windows\System32\drivers\aswnet.sys
2012-12-12 02:52:30 21136 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2012-12-12 02:52:29 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-12-12 02:52:09 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys
2012-12-12 02:51:52 41224 ----a-w- C:\Windows\avastSS.scr
2012-12-12 02:51:34 -------- d-----w- C:\ProgramData\AVAST Software
2012-12-12 02:51:34 -------- d-----w- C:\Program Files\AVAST Software
2012-12-11 15:00:28 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B9F11D6A-847F-44FC-A0A4-60F5D41D47A2}\mpengine.dll
2012-12-11 04:49:20 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-12-11 04:49:12 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2012-12-11 04:49:05 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-12-11 01:31:20 -------- d-----w- C:\Program Files (x86)\SecurityXploded
2012-12-11 01:30:26 -------- d-----w- C:\Program Files (x86)\SIW
2012-12-10 22:18:20 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-12-10 21:16:53 -------- d-----w- C:\Windows\System32\wbem\Framework\root\AddGadgets
2012-12-10 21:16:53 -------- d-----w- C:\Windows\System32\wbem\Framework\root
2012-12-10 21:16:53 -------- d-----w- C:\Windows\System32\wbem\Framework
2012-12-10 04:40:01 -------- d-----w- C:\Users\River\.snippingtool++
2012-12-09 23:59:57 -------- d-----w- C:\Users\River\AppData\Local\HP Quick Start
2012-12-08 20:14:41 -------- d-----w- C:\Users\River\AppData\Local\Clipboarder
2012-12-08 20:14:27 -------- d-----w- C:\Users\River\AppData\Local\Sidebar7
2012-12-08 20:14:16 99840 ----a-w- C:\Program Files\Windows Sidebar\wlsrvc.dll
2012-12-08 20:14:16 83456 ----a-w- C:\Program Files\Windows Sidebar\sbdrop.dll
2012-12-08 20:14:16 482816 ----a-w- C:\Program Files\Windows Sidebar\8GadgetPack.exe
2012-12-08 20:14:16 1371648 ----a-w- C:\Program Files\Windows Sidebar\sidebar.exe
2012-12-08 20:14:09 77824 ----a-w- C:\Program Files (x86)\Windows Sidebar\sbdrop.dll
2012-12-08 20:14:09 63488 ----a-w- C:\Program Files (x86)\Windows Sidebar\wlsrvc.dll
2012-12-08 20:14:09 1144832 ----a-w- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
2012-12-08 04:52:08 -------- d-----r- C:\Program Files (x86)\Skype
2012-12-07 17:28:58 -------- d-----w- C:\Users\River\AppData\Local\Adobe
2012-12-04 21:52:06 -------- d-----w- C:\Users\River\AppData\Local\tjnet
2012-12-04 21:38:15 -------- d-----w- C:\ProgramData\magicJack
2012-12-04 21:37:26 -------- d-----w- C:\Users\River\AppData\Roaming\mjusbsp
2012-12-04 21:36:42 -------- d-----w- C:\Users\River\AppData\Local\magicJack
2012-12-01 15:03:40 457528 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2012-12-01 15:03:40 224056 ----a-w- C:\Windows\System32\SynTPAPI.dll
2012-12-01 15:03:40 173368 ----a-w- C:\Windows\System32\SynTPCo14.dll
2012-12-01 15:03:40 113976 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2012-12-01 15:03:39 535864 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2012-12-01 15:03:39 41272 ----a-w- C:\Windows\System32\drivers\Smb_driver_AMDASF.sys
2012-12-01 03:34:31 -------- d-----w- C:\Program Files (x86)\Belarc
2012-11-30 23:06:32 -------- d-----w- C:\Users\River\AppData\Local\MediaMonkey
2012-11-30 23:05:31 -------- d-----w- C:\Users\River\AppData\Roaming\MediaMonkey
2012-11-30 23:05:18 -------- d-----w- C:\ProgramData\MediaMonkey
2012-11-30 23:05:12 -------- d-----w- C:\Program Files (x86)\MediaMonkey
2012-11-30 22:24:55 -------- d-----w- C:\Program Files (x86)\WinDirStat
2012-11-30 16:58:41 -------- d-----w- C:\Users\River\AppData\Roaming\Origin
2012-11-30 16:58:22 -------- d-----w- C:\Users\River\AppData\Local\Origin
2012-11-30 16:58:17 -------- d-----w- C:\ProgramData\Origin
2012-11-30 16:58:17 -------- d-----w- C:\Program Files (x86)\Origin Games
2012-11-30 16:57:24 -------- d-----w- C:\Program Files (x86)\Origin
2012-11-30 16:27:06 -------- d-----w- C:\Program Files\Classic Shell
2012-11-30 03:24:17 -------- d-----w- C:\ProgramData\Electronic Arts
2012-11-28 14:24:44 405504 ----a-w- C:\Windows\System32\pcasvc.dll
2012-11-28 14:24:44 31232 ----a-w- C:\Windows\System32\pcadm.dll
2012-11-28 14:24:44 13312 ----a-w- C:\Windows\System32\pcalua.exe
2012-11-28 14:24:43 11776 ----a-w- C:\Windows\System32\pcaevts.dll
2012-11-28 02:52:58 447752 ----a-r- C:\Windows\SysWow64\vp6vfw.dll
2012-11-28 02:52:54 -------- d-----w- C:\Program Files (x86)\Microsoft WSE
2012-11-28 02:12:40 -------- d-----w- C:\Users\River\AppData\Roaming\Launchy
2012-11-25 04:33:23 719872 ----a-w- C:\Windows\SysWow64\devil.dll
2012-11-25 04:33:23 70656 ----a-w- C:\Windows\SysWow64\yv12vfw.dll
2012-11-25 04:33:23 70656 ----a-w- C:\Windows\SysWow64\i420vfw.dll
2012-11-25 04:33:23 369152 ----a-w- C:\Windows\SysWow64\avisynth.dll
2012-11-25 04:33:23 32256 ----a-w- C:\Windows\SysWow64\AVSredirect.dll
2012-11-25 04:33:19 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5
2012-11-25 02:53:40 -------- d-----w- C:\Program Files (x86)\eRightSoft
2012-11-23 22:28:04 -------- d-----w- C:\Users\River\AppData\Local\Cyberlink
2012-11-23 22:20:48 -------- d-----w- C:\Users\River\AppData\Roaming\WebApp
2012-11-23 22:18:32 -------- d-----w- C:\Users\River\AppData\Roaming\HandBrake
2012-11-23 22:12:51 -------- d-----w- C:\Program Files\Handbrake
2012-11-23 05:43:26 -------- d-----w- C:\Users\River\AppData\Roaming\SpiderOak
2012-11-23 05:42:28 -------- d-----w- C:\Program Files (x86)\SpiderOak
2012-11-23 01:59:09 -------- d-----w- C:\Users\River\AppData\Local\Programs
2012-11-23 01:50:51 -------- d-----w- C:\Users\River\AppData\Local\Geckofx
2012-11-23 01:50:50 -------- d-----w- C:\Users\River\AppData\Local\ExtenDev
2012-11-23 01:50:29 -------- d-----w- C:\Program Files (x86)\Google Music Player
2012-11-22 15:46:31 -------- d-----w- C:\Users\River\AppData\Local\HPConnectedMusic
2012-11-21 21:34:03 80728 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-21 21:34:03 695648 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-21 15:47:28 -------- d-----w- C:\Users\River\AppData\Local\HP
2012-11-21 02:29:31 -------- d-----w- C:\ProgramData\Innovative Solutions
2012-11-21 02:29:27 -------- d-----w- C:\Program Files (x86)\Common Files\Innovative Solutions
2012-11-21 02:29:24 42496 ----a-w- C:\Windows\SysWow64\AdvUninstCPL.cpl
2012-11-21 02:29:21 -------- d-----w- C:\Users\River\AppData\Local\AVG Secure Search
2012-11-21 02:29:15 -------- d-----w- C:\Program Files (x86)\Advanced Uninstaller PRO
2012-11-21 02:28:27 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-11-21 02:28:26 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-11-21 02:26:18 -------- d--h--w- C:\ProgramData\Common Files
2012-11-18 20:53:04 11272192 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2012-11-18 20:53:03 10768384 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2012-11-18 20:02:32 37888 ----a-w- C:\Windows\system\wizmo.exe
2012-11-18 19:56:23 -------- d-----w- C:\Users\River\AppData\Local\Diagnostics
2012-11-18 19:43:02 -------- d-----w- C:\Users\River\AppData\Local\Innovative Solutions
2012-11-18 19:37:57 -------- d-----w- C:\Users\River\AppData\Roaming\Abine
2012-11-18 19:37:14 17888 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
2012-11-18 19:37:10 17888 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
2012-11-18 19:33:59 2764288 ----a-w- C:\Windows\SysWow64\tquery.dll
2012-11-18 19:25:22 -------- d-----w- C:\Program Files (x86)\PopTray
2012-11-18 19:23:39 -------- d-----r- C:\Users\River\Dropbox
2012-11-18 19:21:57 995328 ----a-w- C:\Windows\SysWow64\Windows.Media.Streaming.dll
2012-11-18 19:20:59 413184 ----a-w- C:\Windows\SysWow64\mfh264enc.dll
2012-11-18 19:19:42 68608 ----a-w- C:\Windows\System32\wwanprotdim.dll
2012-11-18 19:19:42 446976 ----a-w- C:\Windows\System32\wwansvc.dll
2012-11-18 19:19:41 94208 ----a-w- C:\Windows\System32\synceng.dll
2012-11-18 19:19:41 72192 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-11-18 19:19:39 301568 ----a-w- C:\Windows\System32\newdev.dll
2012-11-18 19:19:38 76288 ----a-w- C:\Windows\System32\newdev.exe
2012-11-18 19:19:38 75264 ----a-w- C:\Windows\System32\ndadmin.exe
2012-11-18 19:19:38 74240 ----a-w- C:\Windows\SysWow64\newdev.exe
2012-11-18 19:19:38 73728 ----a-w- C:\Windows\SysWow64\ndadmin.exe
2012-11-18 19:19:38 275968 ----a-w- C:\Windows\SysWow64\newdev.dll
2012-11-18 19:18:50 -------- d-----w- C:\Users\River\AppData\Roaming\Dropbox
2012-11-18 19:14:41 4056576 ----a-w- C:\Windows\System32\win32k.sys
2012-11-18 19:14:33 439296 ----a-w- C:\Windows\System32\ReAgent.dll
2012-11-18 19:14:33 371712 ----a-w- C:\Windows\SysWow64\ReAgent.dll
2012-11-18 19:14:33 2893824 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2012-11-18 19:14:33 2400256 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2012-11-18 19:14:32 26624 ----a-w- C:\Windows\System32\ReAgentc.exe
2012-11-18 19:14:32 24064 ----a-w- C:\Windows\SysWow64\ReAgentc.exe
2012-11-18 17:53:33 -------- d-----w- C:\Program Files (x86)\Lame For Audacity
2012-11-18 17:53:23 -------- d-----w- C:\Program Files (x86)\Ffmpeg For Audacity
2012-11-18 17:52:59 -------- d-----w- C:\Program Files (x86)\Audacity
2012-11-18 17:47:02 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-11-18 17:38:58 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2012-11-18 17:38:58 115920 ----a-w- C:\Windows\SysWow64\MSINET.OCX
2012-11-18 17:38:34 -------- d-----w- C:\Program Files (x86)\EULAlyzer
2012-11-18 17:36:46 -------- d-----w- C:\Program Files\CCleaner
2012-11-18 17:36:10 -------- d-----w- C:\Users\River\AppData\Local\Opera
2012-11-18 17:22:41 -------- d-----w- C:\Users\River\AppData\Roaming\Malwarebytes
2012-11-18 17:22:33 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-18 17:22:31 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-18 17:22:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-18 17:11:11 -------- d-----w- C:\Users\River\AppData\Roaming\WildTangent
2012-11-18 17:10:41 -------- d-----w- C:\Users\River\AppData\Local\Google
2012-11-18 02:49:19 -------- d-----w- C:\Users\River\AppData\Local\Thunderbird
2012-11-18 02:45:19 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-11-18 02:02:05 -------- d-----w- C:\Users\River\AppData\Roaming\hpqlog
2012-11-18 02:01:01 18528 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm2.bin
2012-11-18 01:25:32 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-11-18 01:25:31 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-11-18 01:25:27 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-11-18 00:44:56 -------- d-----w- C:\Program Files\Paint.NET
2012-11-18 00:44:55 -------- d-----w- C:\Users\River\AppData\Local\Paint.NET
2012-11-17 23:30:56 -------- d-----w- C:\Program Files (x86)\HFSExplorer
2012-11-17 21:47:38 -------- d-----w- C:\Users\River\AppData\Roaming\KeePass
2012-11-17 21:35:57 -------- d-----w- C:\Users\River\AppData\Local\KeePass
2012-11-17 21:35:33 -------- d-----w- C:\Program Files (x86)\KeePass Password Safe 2
2012-11-17 21:30:02 -------- d-----w- C:\Users\River\AppData\Local\Evernote
2012-11-17 21:29:51 -------- d-----w- C:\Program Files (x86)\Evernote
2012-11-17 21:26:46 -------- d-----w- C:\Program Files (x86)\KeePass Password Safe
2012-11-17 21:20:18 -------- d-----w- C:\Users\River\AppData\Local\Macromedia
2012-11-17 21:09:41 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPLHN.DLL
2012-11-17 20:05:09 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-11-17 19:53:19 -------- d-----w- C:\Users\River\AppData\Local\Mozilla
2012-11-17 19:49:56 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-11-17 19:44:31 -------- d-----w- C:\Users\River\AppData\Roaming\WinPatrol
2012-11-17 19:44:07 -------- d-----w- C:\ProgramData\InstallMate
2012-11-17 19:44:07 -------- d-----w- C:\Program Files (x86)\BillP Studios
2012-11-17 19:35:06 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-11-17 19:34:38 -------- d-----w- C:\Users\River\AppData\Local\Microsoft Help
2012-11-17 19:11:22 -------- d-----w- C:\Users\River\AppData\Local\CrashDumps
2012-11-17 19:04:48 -------- d-----w- C:\Users\River\AppData\Local\AMD
2012-11-17 19:04:33 -------- d-----w- C:\Users\River\AppData\Local\ATI
2012-11-17 19:03:36 -------- d-----w- C:\Users\River\AppData\Local\Hewlett-Packard
2012-11-17 19:02:59 -------- d-----r- C:\Users\River\Searches
2012-11-17 19:01:39 -------- d-----r- C:\Users\River\Contacts
2012-11-17 19:00:49 -------- d-----w- C:\Users\River\AppData\Roaming\Synaptics
2012-11-17 18:59:47 -------- d-----w- C:\Users\River\AppData\Local\Power2Go8
2012-11-17 18:59:28 -------- d-----w- C:\Users\River\AppData\Local\AuthenTec
2012-11-17 18:58:31 -------- d-----w- C:\Users\River\AppData\Local\VirtualStore
2012-11-17 18:58:11 -------- d-----w- C:\Users\River\AppData\Local\Packages
2012-11-16 01:45:30 485376 ----a-w- C:\Program Files (x86)\Windows Sidebar\8GadgetPack.exe
.
==================== Find3M ====================
.
2012-12-01 15:03:28 1045816 ----a-w- C:\Windows\System32\SynCOM.dll
2012-11-02 05:22:08 34304 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-11-02 05:21:44 83968 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-11-02 05:21:44 125952 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-11-02 05:21:28 246784 ----a-w- C:\Windows\SysWow64\ubpm.dll
2012-11-02 05:20:31 39424 ----a-w- C:\Windows\System32\wuapp.exe
2012-11-02 05:20:28 77824 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-02 05:20:28 72192 ----a-w- C:\Windows\System32\taskhostex.exe
2012-11-02 05:20:10 141824 ----a-w- C:\Windows\System32\wuwebv.dll
2012-11-02 05:20:09 98304 ----a-w- C:\Windows\System32\wudriver.dll
2012-11-02 05:20:09 251904 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
2012-11-02 05:20:09 17408 ----a-w- C:\Windows\System32\wuaext.dll
2012-11-02 05:20:09 1619968 ----a-w- C:\Windows\System32\wucltux.dll
2012-11-02 05:19:50 318464 ----a-w- C:\Windows\System32\ubpm.dll
2012-11-02 05:01:27 99328 ----a-w- C:\Windows\System32\wushareduxresources.dll
2012-11-02 04:55:32 212992 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2012-11-02 04:53:13 366080 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2012-10-29 05:04:47 522640 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2012-10-29 05:04:47 490064 ----a-w- C:\Windows\System32\AudioEng.dll
2012-10-29 05:04:47 447792 ----a-w- C:\Windows\System32\AudioSes.dll
2012-10-29 05:04:47 253512 ----a-w- C:\Windows\System32\audiodg.exe
2012-10-29 03:21:53 1526784 ----a-w- C:\Windows\System32\mfcore.dll
2012-10-29 03:21:21 267264 ----a-w- C:\Windows\System32\EncDump.dll
2012-10-29 03:20:49 785920 ----a-w- C:\Windows\System32\audiosrv.dll
2012-10-29 03:20:49 169472 ----a-w- C:\Windows\System32\AudioEndpointBuilder.dll
2012-10-29 03:19:08 463768 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2012-10-29 03:19:08 427568 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2012-10-29 03:19:08 324344 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2012-10-29 02:46:23 1451520 ----a-w- C:\Windows\SysWow64\mfcore.dll
2012-10-24 04:54:06 6972136 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-10-24 03:06:12 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-24 02:27:01 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-20 03:22:05 39936 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll
2012-10-20 02:44:53 431104 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2012-10-20 02:25:35 310784 ----a-w- C:\Windows\apppatch\AcRes.dll
2012-10-18 06:17:18 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys
2012-10-18 03:20:46 10096640 ----a-w- C:\Windows\System32\twinui.dll
2012-10-18 03:18:40 2302464 ----a-w- C:\Windows\System32\authui.dll
2012-10-18 03:18:33 2146816 ----a-w- C:\Windows\System32\actxprxy.dll
2012-10-18 02:46:00 8856576 ----a-w- C:\Windows\SysWow64\twinui.dll
2012-10-18 02:44:38 2033664 ----a-w- C:\Windows\SysWow64\authui.dll
2012-10-18 02:44:33 753664 ----a-w- C:\Windows\SysWow64\actxprxy.dll
2012-10-17 04:32:52 1172992 ----a-w- C:\Windows\System32\mfnetsrc.dll
2012-10-17 04:32:51 677888 ----a-w- C:\Windows\System32\mfnetcore.dll
2012-10-17 04:32:51 673280 ----a-w- C:\Windows\System32\mfmpeg2srcsnk.dll
2012-10-17 04:32:50 1048064 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll
2012-10-17 03:57:37 929792 ----a-w- C:\Windows\SysWow64\mfnetsrc.dll
2012-10-17 03:57:37 568832 ----a-w- C:\Windows\SysWow64\mfnetcore.dll
2012-10-17 03:57:37 513024 ----a-w- C:\Windows\SysWow64\mfmpeg2srcsnk.dll
2012-10-17 03:57:36 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll
2012-10-14 02:54:20 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-10-14 02:54:20 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-10-14 02:54:20 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2012-10-12 08:08:01 27880 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2012-10-12 06:14:40 36352 ----a-w- C:\Windows\System32\rfxvmt.dll
2012-10-12 06:14:39 3244032 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-10-12 06:13:32 109568 ----a-w- C:\Windows\System32\dskquota.dll
2012-10-12 05:50:01 235520 ----a-w- C:\Windows\System32\rdpudd.dll
2012-10-12 05:46:28 618496 ----a-w- C:\Windows\System32\drivers\srv2.sys
2012-10-12 05:39:54 82944 ----a-w- C:\Windows\SysWow64\dskquota.dll
2012-10-11 07:47:18 793200 ----a-w- C:\Windows\System32\mfplat.dll
2012-10-11 07:35:16 2380944 ----a-w- C:\Windows\explorer.exe
2012-10-11 07:26:44 336104 ----a-w- C:\Windows\System32\drivers\Classpnp.sys
2012-10-11 07:25:48 56552 ----a-w- C:\Windows\System32\drivers\sdstor.sys
2012-10-11 07:23:33 1001192 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-10-11 07:23:32 441576 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-10-11 07:18:25 172264 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-10-11 07:16:20 1403784 ----a-w- C:\Windows\System32\winload.efi
2012-10-11 07:16:20 1267424 ----a-w- C:\Windows\System32\winload.exe
2012-10-11 07:16:20 1217328 ----a-w- C:\Windows\System32\winresume.efi
2012-10-11 07:16:19 1093880 ----a-w- C:\Windows\System32\winresume.exe
2012-10-11 07:13:54 194280 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2012-10-11 07:13:51 124648 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
2012-10-11 07:13:49 58088 ----a-w- C:\Windows\System32\drivers\dam.sys
2012-10-11 07:13:37 33512 ----a-w- C:\Windows\System32\drivers\battc.sys
2012-10-11 07:08:41 562392 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-10-11 07:02:27 1636672 ----a-w- C:\Windows\System32\WMALFXGFXDSP.dll
2012-10-11 07:01:47 503080 ----a-w- C:\Windows\System32\ci.dll
2012-10-11 05:56:41 2115952 ----a-w- C:\Windows\SysWow64\explorer.exe
2012-10-11 05:45:58 907776 ----a-w- C:\Windows\System32\uxtheme.dll
2012-10-11 05:45:58 53760 ----a-w- C:\Windows\System32\UXInit.dll
2012-10-11 05:45:58 1045504 ----a-w- C:\Windows\System32\usercpl.dll
2012-10-11 05:45:53 3554304 ----a-w- C:\Windows\System32\tquery.dll
2012-10-11 05:45:49 370176 ----a-w- C:\Windows\System32\SysFxUI.dll
2012-10-11 05:45:48 579584 ----a-w- C:\Windows\System32\StructuredQuery.dll
2012-10-11 05:45:42 505344 ----a-w- C:\Windows\System32\SpaceControl.dll
2012-10-11 05:45:37 590848 ----a-w- C:\Windows\System32\SHCore.dll
2012-10-11 05:45:26 945152 ----a-w- C:\Windows\System32\resetengmig.dll
2012-10-11 05:45:26 1009664 ----a-w- C:\Windows\System32\reseteng.dll
2012-10-11 05:45:16 55808 ----a-w- C:\Windows\System32\PCPKsp.dll
2012-10-11 05:43:57 1294336 ----a-w- C:\Windows\System32\gdi32.dll
2012-10-11 05:43:53 1280000 ----a-w- C:\Windows\System32\FntCache.dll
2012-10-11 05:43:52 757760 ----a-w- C:\Windows\System32\FirewallAPI.dll
2012-10-11 05:43:46 1836032 ----a-w- C:\Windows\System32\DWrite.dll
2012-10-11 05:43:45 2206208 ----a-w- C:\Windows\System32\dwmcore.dll
2012-10-11 05:43:40 62976 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-11 05:43:40 331776 ----a-w- C:\Windows\System32\dhcpcore.dll
2012-10-11 05:43:40 244224 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-11 05:43:28 190976 ----a-w- C:\Windows\System32\bdesvc.dll
2012-10-11 05:43:26 118784 ----a-w- C:\Windows\System32\AppxSip.dll
2006-05-03 19:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 20:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 22:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
2010-01-07 07:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH: 7:08:14.32 ===============

dds attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 11/17/2012 10:57:49 AM
System Uptime: 12/11/2012 9:04:06 PM (10 hours ago)
.
Motherboard: Hewlett-Packard | | 1833
Processor: AMD A8-4500M APU with Radeon(tm) HD Graphics | Socket FT1 | 1900/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 671 GiB total, 445.093 GiB free.
D: is FIXED (NTFS) - 27 GiB total, 3.143 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP7: 11/25/2012 1:07:45 PM - HPSF Applying updates
RP8: 11/25/2012 1:07:48 PM - HPSF Applying updates
RP9: 11/27/2012 6:33:08 PM - Installed The Sims 3
RP12: 11/30/2012 8:22:54 AM - Installed Classic Shell
RP13: 12/4/2012 2:06:11 PM - Installed TheSims3EP7
RP14: 12/8/2012 9:52:50 AM - Installed Evernote v. 4.6
RP15: 12/9/2012 2:30:48 PM - HPSF Applying updates
RP16: 12/9/2012 2:30:49 PM - HPSF Applying updates
RP17: 12/11/2012 6:19:06 AM - Restore Operation
.
==== Installed Programs ======================
.
4 Elements II
8GadgetPack
Adobe Flash Player 11 Plugin
Adobe Reader XI
Adobe Shockwave Player 11.6
Advanced Uninstaller PRO - Version 11
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD Quick Stream
AMD VISION Engine Control Center
Audacity 2.0.2
avast! Internet Security
AVG Security Toolbar
Bejeweled 3
Belarc Advisor 8.3
Bonjour
Build-a-lot 4 - Power Source
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Chuzzle Deluxe
Classic Shell
Cradle Of Egypt Collector's Edition
Cradle of Rome 2
CyberLink LabelPrint
CyberLink Media Suite 10
CyberLink PhotoDirector
CyberLink Power2Go 8
CyberLink PowerDirector 10
CyberLink PowerDVD
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
Energy Star
EULAlyzer 2.0
Evernote v. 4.6
Farm Frenzy
FATE: The Cursed King
FFmpeg v0.6.2 for Audacity
Final Drive Fury
FlatOut 2
Google Chrome
Google Earth
Google Music Player
Governor of Poker 2 Premium Edition
HandBrake 0.9.8
Hewlett-Packard ACLM.NET v1.2.0.0
HFSExplorer 0.21
Hoyle Card Games
HP 3D DriveGuard
HP CoolSense
HP Customer Experience Enhancements
HP Documentation
HP Games
HP Postscript Converter
HP Quick Launch
HP Quick Start
HP Recovery Manager
HP Registration Service
HP Software Framework
HP Support Assistant
HP Utility Center
HP Wireless Button Driver
IDT Audio
ImgBurn
Java 7 Update 9 (64-bit)
Jewel Match 3
John Deere Drive Green
KeePass Password Safe 1.24
LADSPA_plugins-win-0.4.15
LAME v3.99.3 (for Windows)
Luxor Evolved
magicJack
Mahjongg Dimensions Deluxe: Tiles in Time
Malwarebytes Anti-Malware version 1.65.1.1000
MediaMonkey 4.0
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Mortimer Beckett and the Crimson Thief Premium Edition
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 16.0.2 (x86 en-US)
MSVCRT
Music Manager
Mystery P.I. - Curious Case of Counterfeit Cove
Notepad++
Opera 11.62
Origin
Paint.NET v3.5.6
Peggle Nights
Penguins!
Polar Bowler
Polar Golfer
PopTray 3.20
Qualcomm Atheros Driver Installation Program
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Revo Uninstaller 1.94
Roads of Rome 3
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
SIW version 2011.10.29
Skypeâ„¢ 6.0
SpiderOak
Spybot - Search & Destroy
SUPER © v2012.build.54 (Nov 18, 2012) version v2012.build.54
swMSM
Synaptics Pointing Device Driver
Tales of Lagoona
The Simsâ„¢ 3
The Simsâ„¢ 3 Pets
The Simsâ„¢ 3 Supernatural
The Simsâ„¢ 3 World Adventures
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update Installer for WildTangent Games App
Vacation Questâ„¢ - Australia
Validity WBF DDK
VLC media player 2.0.2
WildTangent Games
WildTangent Games App
WinDirStat 1.1.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPatrol
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
12/12/2012 1:01:54 AM, Error: Service Control Manager [7000] - The WinRing0_1_2_0 service failed to start due to the following error: The system cannot find the file specified.
12/11/2012 7:06:07 AM, Error: Service Control Manager [7022] - The Software Protection service hung on starting.
12/11/2012 6:39:58 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
.
==== End Of File ===========================

broni · 2012/12/12

You're running two AV programs, Avast and Windows Defender (in Windows 8 it's renamed MSE, preinstalled).
If you want to keep Avast you must disable Windows Defender: http://www.guidingtech.com/10154/disable-windows-8-defender-before-installing-antivirus/

Next...

Download RogueKiller on the desktop

Close all the running programs

Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Harpo · 2012/12/12

When I checked Windows Defender, it was off. There were two RogueKiller reports. Here's the first:

RogueKiller V8.4.0 [Dec 12 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Emma [Admin rights]
Mode : Scan -- Date : 12/12/2012 10:39:03

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] MusicManager.exe -- C:\Users\River\AppData\Local\Programs\Google\MusicManager\MusicManager.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : MusicManager ( "C:\Users\River\AppData\Local\Programs\Google\MusicManager\MusicManager.exe ") -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1185449542-2177161251-728486615-1002[...]\Run : MusicManager ( "C:\Users\River\AppData\Local\Programs\Google\MusicManager\MusicManager.exe ") -> FOUND
[IFEO] HKLM\[...]\sidebar.exe : debugger (C:\Program Files (x86)\Windows Sidebar\8GadgetPack.exe -run) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST750LM0 22 HN-M750MBB SATA Disk Device +++++
--- User ---
[MBR] 5563ee86216a1c21e78cfa8297c1cea8
[BSP] 6a3125a7f090a24988d63ba5cae1a61d : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12122012_02d1039.txt >>
RKreport[1]_S_12122012_02d1039.txt

and here's the second:

RogueKiller V8.4.0 [Dec 12 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Emma [Admin rights]
Mode : Remove -- Date : 12/12/2012 10:39:19

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] MusicManager.exe -- C:\Users\River\AppData\Local\Programs\Google\MusicManager\MusicManager.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : MusicManager ( "C:\Users\River\AppData\Local\Programs\Google\MusicManager\MusicManager.exe ") -> DELETED
[IFEO] HKLM\[...]\sidebar.exe : debugger (C:\Program Files (x86)\Windows Sidebar\8GadgetPack.exe -run) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST750LM0 22 HN-M750MBB SATA Disk Device +++++
--- User ---
[MBR] 5563ee86216a1c21e78cfa8297c1cea8
[BSP] 6a3125a7f090a24988d63ba5cae1a61d : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_12122012_02d1039.txt >>
RKreport[1]_S_12122012_02d1039.txt ; RKreport[2]_D_12122012_02d1039.txt

broni · 2012/12/12

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Delete.

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

Double click on adwcleaner.exe to run the tool.

Click on Uninstall.

Confirm with yes.

===========================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Harpo · 2012/12/12

AdwCleaner

AdwCleaner.[S1].txt:

# AdwCleaner v2.100 - Logfile created 12/12/2012 at 13:21:53
# Updated 09/12/2012 by Xplode
# Operating system : Windows 8 (64 bits)
# User : Emma - HP-ENVY
# Boot Mode : Normal
# Running from : C:\Users\River\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Users\River\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\River\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\River\AppData\Roaming\Mozilla\Firefox\Profiles\i8ek7rsf.default\extensions\staged

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16442

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={F567391A-ED35-4197-9EF5-4BA2D5DF3267}&mid=0305f7a7658147d09dcfd967199e8103-54c4ff90180dac107bfcbaeb682d633eb4441c46&lang=en&ds=is016&pr=sa&d=2012-11-20 18:28:31&v=13.2.0.4&sap=hp --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\River\AppData\Roaming\Mozilla\Firefox\Profiles\i8ek7rsf.default\prefs.js

C:\Users\River\AppData\Roaming\Mozilla\Firefox\Profiles\i8ek7rsf.default\user.js ... Deleted !

Deleted : user_pref( "avg.install.installDirPath ", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\13.2.0.5 ");
Deleted : user_pref( "browser.search.defaultenginename ", "AVG Secure Search ");
Deleted : user_pref( "keyword.URL ", "hxxp://isearch.avg.com/search?cid={F567391A-ED35-4197-9EF5-4BA2D5DF3267}&m[...]

-\\ Google Chrome v23.0.1271.95

File : C:\Users\River\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.8] : homepage = "hxxp://isearch.avg.com/?cid={F567391A-ED35-4197-9EF5-4BA2D5DF3267}&mid=0305f7a765[...]
Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://isearch.avg.com/?cid={F567391A-ED35-4197-9EF5-4BA2D[...]
Deleted [l.41] : icon_url = "hxxp://isearch.avg.com/favicon.ico ",
Deleted [l.44] : keyword = "isearch.avg.com ",
Deleted [l.47] : search_url = "hxxp://isearch.avg.com/search?cid={F567391A-ED35-4197-9EF5-4BA2D5DF3267}&mid=03[...]
Deleted [l.1723] : homepage = "hxxp://isearch.avg.com/?cid={F567391A-ED35-4197-9EF5-4BA2D5DF3267}&mid=0305f7a765814[...]
Deleted [l.2082] : urls_to_restore_on_startup = [ "hxxp://isearch.avg.com/?cid={F567391A-ED35-4197-9EF5-4BA2D5DF[...]

-\\ Opera v11.62.1347.0

File : C:\Users\River\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8500 octets] - [12/12/2012 13:21:01]
AdwCleaner[S1].txt - [7585 octets] - [12/12/2012 13:21:53]

########## EOF - C:\AdwCleaner[S1].txt - [7645 octets] ##########

Harpo · 2012/12/12

OTL pt 1

OTL logfile created on: 12/12/2012 1:30:37 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\River\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16433)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.47 Gb Total Physical Memory | 3.99 Gb Available Physical Memory | 72.94% Memory free
10.97 Gb Paging File | 9.35 Gb Available in Paging File | 85.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 671.27 Gb Total Space | 441.82 Gb Free Space | 65.82% Space Free | Partition Type: NTFS
Drive D: | 26.59 Gb Total Space | 3.14 Gb Free Space | 11.82% Space Free | Partition Type: NTFS

Computer Name: HP-ENVY | User Name: Emma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/12 13:10:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\River\Desktop\OTL.exe
PRC - [2012/12/03 19:35:00 | 001,044,320 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012/11/20 18:26:36 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/10/30 15:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/30 15:50:56 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2012/10/28 09:29:22 | 000,063,488 | ---- | M] (IvoSoft) -- C:\Program Files\Classic Shell\ClassicShellService.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/31 14:17:52 | 000,580,512 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/07/31 14:17:52 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/07/27 17:21:26 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2012/06/07 19:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012/03/28 17:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011/08/26 13:37:18 | 001,342,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

========== Modules (No Company Name) ==========

MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/09/08 12:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2012/09/08 12:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2012/06/08 10:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/07 19:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/10/30 15:50:56 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2012/10/28 19:20:49 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/10/28 09:29:22 | 000,063,488 | ---- | M] (IvoSoft) [Auto | Running] -- C:\Program Files\Classic Shell\ClassicShellService.exe -- (ClassicShellService)
SRV:64bit: - [2012/09/20 01:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/20 00:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/09/19 22:32:59 | 000,169,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012/09/19 22:32:58 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012/09/19 22:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/09/19 22:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/09/06 00:47:02 | 000,028,160 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\valWBFPolicyService.exe -- (valWBFPolicyService)
SRV:64bit: - [2012/08/10 14:24:28 | 000,029,600 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2012/08/08 22:46:00 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/08/08 09:36:06 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/07/25 19:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012/07/25 19:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012/07/25 19:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 19:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 19:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 19:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 19:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012/07/25 19:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 19:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 19:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 19:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/07/25 19:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 19:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 19:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/25 19:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 19:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 16:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 16:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 16:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 16:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 16:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 16:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/07/24 02:59:56 | 000,321,536 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2012/12/11 13:55:58 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/20 18:26:36 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/11/19 22:17:34 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/20 00:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/08/10 16:53:44 | 000,085,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/31 14:17:52 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/07/25 19:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/25 19:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012/07/25 19:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/12 07:07:41 | 000,468,144 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswnet.sys -- (aswnet)
DRV:64bit: - [2012/12/01 07:03:31 | 000,457,528 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/12/01 07:03:26 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2012/10/30 15:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 15:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 15:51:55 | 000,262,656 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2012/10/30 15:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 15:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/10/30 15:51:53 | 000,132,864 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2012/10/30 15:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/17 22:17:18 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012/10/15 08:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/10/12 00:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/10 23:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/10 23:13:54 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012/10/10 23:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/10/10 21:19:44 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/21 01:26:08 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2012/09/19 23:55:33 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012/09/19 23:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012/09/19 23:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/09/19 23:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/19 23:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/09/19 23:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/19 23:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/09/19 23:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012/09/19 22:09:11 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012/09/19 22:08:27 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/08/31 09:40:24 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2012/08/24 17:38:28 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/08/10 14:24:28 | 000,042,400 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012/08/10 14:24:28 | 000,029,600 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012/08/09 00:03:34 | 010,283,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/08/08 21:48:22 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/07/25 21:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/25 21:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/25 21:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/25 21:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/25 21:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/25 21:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/25 21:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012/07/25 21:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012/07/25 21:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/25 21:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/25 21:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/25 21:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/25 21:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/25 21:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/25 21:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/25 21:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/25 21:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/25 21:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/25 21:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 20:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 20:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/25 20:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 20:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012/07/25 20:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012/07/25 19:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 18:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2012/07/25 18:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 18:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 18:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 18:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 18:27:58 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/07/25 18:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 18:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 18:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 18:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 18:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 18:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 18:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 18:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 18:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 18:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 18:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 18:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 18:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 18:25:54 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/07/25 18:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 18:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 18:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 18:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/24 07:44:02 | 003,618,304 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012/07/24 02:59:56 | 000,540,160 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/07/24 01:35:12 | 000,079,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/07/24 01:35:12 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/07/17 20:59:12 | 000,098,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/06/25 09:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/23 05:23:38 | 000,199,008 | ---- | M] (AppEx Networks Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\appexDrv.sys -- (APXACC)
DRV:64bit: - [2012/06/19 06:07:50 | 000,057,000 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/06/13 18:24:00 | 000,266,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2012/06/12 21:41:22 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/06/02 06:32:26 | 010,627,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)

========== Standard Registry (SafeList) ==========

Harpo · 2012/12/12

OTL pt 2

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{C302A27F-2CC9-4A57-AB32-5D61C092D33A}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{C302A27F-2CC9-4A57-AB32-5D61C092D33A}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1185449542-2177161251-728486615-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE - HKU\S-1-5-21-1185449542-2177161251-728486615-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1185449542-2177161251-728486615-1002\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1185449542-2177161251-728486615-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
IE - HKU\S-1-5-21-1185449542-2177161251-728486615-1002\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-1185449542-2177161251-728486615-1002\..\SearchScopes\{C302A27F-2CC9-4A57-AB32-5D61C092D33A}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-1185449542-2177161251-728486615-1002\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKU\S-1-5-21-1185449542-2177161251-728486615-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..abine.backup.network.proxy.autoconfig_url: " "
FF - prefs.js..abine.backup.network.proxy.type: 5
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.oregoncoasttoday.com/oregon-coast-calendar.html "
FF - prefs.js..extensions.enabledAddons: betterfacebook@mattkruse.com:6.603
FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.3
FF - prefs.js..extensions.enabledAddons: google@disconnect.me:2.4.2
FF - prefs.js..extensions.enabledAddons: googlesharing@extension.thoughtcrime.org:0.22
FF - prefs.js..extensions.enabledAddons: https-everywhere@eff.org:3.0.4
FF - prefs.js..extensions.enabledAddons: netvideohunter@netvideohunter.com:1.9.5
FF - prefs.js..extensions.enabledAddons: {6bdc61ae-7b80-44a3-9476-e1d121ec2238}:0.85
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..extensions.enabledAddons: {ac2cfa60-bc96-11e0-962b-0800200c9a66}:1.4
FF - prefs.js..extensions.enabledAddons: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:5.4
FF - prefs.js..extensions.enabledAddons: {6614d11d-d21d-b211-ae23-815234e1ebb5}:2.7.5
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.3
FF - prefs.js..extensions.enabledAddons: iseekdeal@iseekdeal.com:1.0
FF - prefs.js..extensions.enabledAddons: optout@dubfire.net:4.49
FF - prefs.js..network.proxy.autoconfig_url: "abine://auto-conf.js "
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\River\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\River\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/12/11 18:52:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/20 18:13:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/11/17 18:49:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/11/20 18:42:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\River\AppData\Roaming\mozilla\Extensions
[2012/11/20 18:42:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\River\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2012/12/12 13:22:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\River\AppData\Roaming\mozilla\Firefox\Profiles\i8ek7rsf.default\extensions
[2012/11/18 11:37:46 | 000,000,000 | ---D | M] (WOT) -- C:\Users\River\AppData\Roaming\mozilla\Firefox\Profiles\i8ek7rsf.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/11/18 11:37:53 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\River\AppData\Roaming\mozilla\Firefox\Profiles\i8ek7rsf.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2012/11/18 11:37:37 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\River\AppData\Roaming\mozilla\Firefox\Profiles\i8ek7rsf.default\extensions\firefox@ghostery.com
[2012/11/18 11:37:38 | 000,000,000 | ---D | M] (GoogleSharing) -- C:\Users\River\AppData\Roaming\mozilla\Firefox\Profiles\i8ek7rsf.default\extensions\googlesharing@extension.thoughtcrime.org
[2012/11/20 17:59:52 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\River\AppData\Roaming\mozilla\Firefox\Profiles\i8ek7rsf.default\extensions\https-everywhere@eff.org
[2012/11/18 11:37:39 | 000,000,000 | ---D | M] ( "NetVideoHunter ") -- C:\Users\River\AppData\Roaming\mozilla\Firefox\Profiles\i8ek7rsf.default\extensions\netvideohunter@netvideohunter.com
[2012/11/20 17:48:09 | 000,000,000 | ---D | M] (TACO with Abine) -- C:\Users\River\AppData\Roaming\mozilla\Firefox\Profiles\i8ek7rsf.default\extensions\optout@dubfire.net
[2012/11/18 11:37:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\River\AppData\Roaming\mozilla\Firefox\Profiles\i8ek7rsf.default\extensions\googlesharing@extension.thoughtcrime.org\chrome
[2012/11/18 11:37:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\River\AppData\Roaming\mozilla\Firefox\Profiles\i8ek7rsf.default\extensions\googlesharing@extension.thoughtcrime.org\components
[2012/11/18 11:37:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\River\AppData\Roaming\mozilla\Firefox\Profiles\i8ek7rsf.default\extensions\googlesharing@extension.thoughtcrime.org\defaults
[2012/11/20 18:42:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\River\AppData\Roaming\mozilla\Sunbird\Profiles\q6sb4h03.default\extensions
[2012/11/18 11:37:34 | 000,138,110 | ---- | M] () (No name found) -- C:\Users\River\AppData\Roaming\mozilla\firefox\profiles\i8ek7rsf.default\extensions\betterfacebook@mattkruse.com.xpi
[2012/11/18 11:37:37 | 000,039,030 | ---- | M] () (No name found) -- C:\Users\River\AppData\Roaming\mozilla\firefox\profiles\i8ek7rsf.default\extensions\google@disconnect.me.xpi
[2012/12/09 20:09:51 | 000,001,879 | ---- | M] () (No name found) -- C:\Users\River\AppData\Roaming\mozilla\firefox\profiles\i8ek7rsf.default\extensions\iseekdeal@iseekdeal.com.xpi
[2012/11/20 18:06:18 | 000,157,370 | ---- | M] () (No name found) -- C:\Users\River\AppData\Roaming\mozilla\firefox\profiles\i8ek7rsf.default\extensions\jid0-gG1gAeXAPAyqbiSvBGlwTBQMcRA@jetpack.xpi
[2012/12/01 14:16:21 | 000,164,308 | ---- | M] () (No name found) -- C:\Users\River\AppData\Roaming\mozilla\firefox\profiles\i8ek7rsf.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}.xpi
[2012/11/18 11:37:45 | 000,073,384 | ---- | M] () (No name found) -- C:\Users\River\AppData\Roaming\mozilla\firefox\profiles\i8ek7rsf.default\extensions\{6bdc61ae-7b80-44a3-9476-e1d121ec2238}.xpi
[2012/12/04 14:02:14 | 000,531,070 | ---- | M] () (No name found) -- C:\Users\River\AppData\Roaming\mozilla\firefox\profiles\i8ek7rsf.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/11/18 11:37:46 | 000,044,967 | ---- | M] () (No name found) -- C:\Users\River\AppData\Roaming\mozilla\firefox\profiles\i8ek7rsf.default\extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi
[2012/11/24 07:44:00 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\River\AppData\Roaming\mozilla\firefox\profiles\i8ek7rsf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/12/01 10:29:20 | 000,005,472 | ---- | M] () -- C:\Users\River\AppData\Roaming\mozilla\firefox\profiles\i8ek7rsf.default\searchplugins\startpage-https.xml
[2012/11/20 18:13:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/05 17:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/05 17:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/30 13:02:14 | 000,002,242 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mystarttb.xml
[2012/09/05 17:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\River\AppData\Local\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\River\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\River\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Simple Pass (Enabled) = C:\Users\River\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\npgcwloplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Simple Pass (Enabled) = C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\River\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - Extension: Google Drive = C:\Users\River\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\River\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Chrome Cookies Button = C:\Users\River\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbhnmbolemgkcaglljmkkpcdelmbage\0.0.2_0\
CHR - Extension: Google Search = C:\Users\River\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: HTTPS Everywhere = C:\Users\River\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2012.10.31_0\
CHR - Extension: Keep My Opt-Outs = C:\Users\River\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.14_0\
CHR - Extension: avast! WebRep = C:\Users\River\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Gmail = C:\Users\River\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/12/10 21:02:05 | 000,444,830 | R--- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15276 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-1185449542-2177161251-728486615-1002..\Run: [cdloader] C:\Users\River\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-1185449542-2177161251-728486615-1002..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-1185449542-2177161251-728486615-1002..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-1185449542-2177161251-728486615-1002..\Run: [SpiderOak] C:\Program Files (x86)\SpiderOak\SpiderOak.exe (SpiderOak)
O4 - Startup: C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\River\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PopTray.lnk = C:\Program Files (x86)\PopTray\PopTray.exe (Renier Crause)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D9744AC-250C-4BA6-995D-4D6645FBAEED}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

Harpo · 2012/12/12

OTL pt 3

[2012/12/12 13:10:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\River\Desktop\OTL.exe
[2012/12/12 07:41:09 | 000,000,000 | ---D | C] -- C:\Users\River\Desktop\malware removal
[2012/12/12 07:20:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/12/11 18:53:42 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/12/11 18:53:42 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/12/11 18:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012/12/11 18:53:40 | 000,132,864 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012/12/11 18:52:34 | 000,262,656 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012/12/11 18:52:34 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/12/11 18:52:30 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/12/11 18:52:30 | 000,468,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswnet.sys
[2012/12/11 18:52:30 | 000,021,136 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012/12/11 18:52:29 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/12/11 18:52:26 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/12/11 18:52:09 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2012/12/11 18:51:52 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/12/11 18:51:52 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/12/11 18:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/12/11 18:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/12/10 20:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/12/10 20:49:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/12/10 20:49:12 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2012/12/10 20:49:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012/12/10 17:31:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SecurityXploded
[2012/12/10 17:30:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW
[2012/12/10 17:30:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIW
[2012/12/09 20:40:01 | 000,000,000 | ---D | C] -- C:\Users\River\.snippingtool++
[2012/12/09 15:59:57 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\HP Quick Start
[2012/12/08 12:14:41 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\Clipboarder
[2012/12/08 12:14:27 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\Sidebar7
[2012/12/08 12:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\8GadgetPack
[2012/12/08 09:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2012/12/07 20:52:16 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\Skype
[2012/12/07 20:52:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/12/07 20:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/12/07 20:52:08 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/12/07 20:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/12/07 09:28:58 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\Adobe
[2012/12/07 09:28:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/12/07 09:28:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/12/04 13:52:06 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\tjnet
[2012/12/04 13:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\magicJack
[2012/12/04 13:37:26 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\mjusbsp
[2012/12/04 13:36:42 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\magicJack
[2012/12/03 13:42:51 | 000,000,000 | ---D | C] -- C:\Users\River\Desktop\RJ temp
[2012/12/01 07:03:40 | 000,457,528 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
[2012/12/01 07:03:40 | 000,224,056 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll
[2012/12/01 07:03:40 | 000,173,368 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo14.dll
[2012/12/01 07:03:40 | 000,113,976 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll
[2012/12/01 07:03:39 | 000,535,864 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll
[2012/12/01 07:03:39 | 000,041,272 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys
[2012/11/30 19:34:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc
[2012/11/30 19:31:08 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/11/30 16:49:31 | 000,000,000 | ---D | C] -- C:\Users\River\Desktop\Converted Growly Notes
[2012/11/30 15:06:32 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\MediaMonkey
[2012/11/30 15:05:31 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\MediaMonkey
[2012/11/30 15:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
[2012/11/30 15:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMonkey
[2012/11/30 15:05:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMonkey
[2012/11/30 14:24:56 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
[2012/11/30 14:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
[2012/11/30 14:24:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinDirStat
[2012/11/30 08:58:41 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\Origin
[2012/11/30 08:58:22 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\Origin
[2012/11/30 08:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012/11/30 08:58:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2012/11/30 08:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012/11/30 08:57:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2012/11/30 08:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
[2012/11/30 08:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\Classic Shell
[2012/11/29 19:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012/11/27 18:52:58 | 000,447,752 | R--- | C] (On2.com) -- C:\Windows\SysWow64\vp6vfw.dll
[2012/11/27 18:52:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2012/11/27 18:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2012/11/27 18:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2012/11/27 18:12:40 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\Launchy
[2012/11/25 12:50:56 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\Hewlett-Packard
[2012/11/24 20:33:23 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll
[2012/11/24 20:33:23 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll
[2012/11/24 20:33:23 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2012/11/24 20:33:23 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll
[2012/11/24 20:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2012/11/24 20:13:19 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2012/11/24 20:13:19 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll
[2012/11/24 20:13:19 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll
[2012/11/24 20:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER ©
[2012/11/24 20:13:18 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax
[2012/11/24 20:13:18 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll
[2012/11/24 20:13:18 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax
[2012/11/24 20:13:18 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax
[2012/11/24 20:13:18 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax
[2012/11/24 20:13:18 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax
[2012/11/24 20:13:17 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax
[2012/11/24 20:13:16 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax
[2012/11/24 20:13:15 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax
[2012/11/24 18:53:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2012/11/23 14:29:13 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\dvdcss
[2012/11/23 14:28:04 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\Cyberlink
[2012/11/23 14:20:48 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\WebApp
[2012/11/23 14:20:00 | 000,000,000 | ---D | C] -- C:\Users\River\Documents\CyberLink
[2012/11/23 14:19:59 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\CyberLink
[2012/11/23 14:18:32 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\HandBrake
[2012/11/23 14:12:52 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2012/11/23 14:12:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
[2012/11/23 14:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2012/11/22 21:43:26 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\SpiderOak
[2012/11/22 21:42:35 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpiderOak
[2012/11/22 21:42:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpiderOak
[2012/11/22 17:59:18 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
[2012/11/22 17:59:09 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\Programs
[2012/11/22 17:50:51 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\Geckofx
[2012/11/22 17:50:50 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\ExtenDev
[2012/11/22 17:50:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Music Player
[2012/11/22 17:50:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google Music Player
[2012/11/22 07:46:31 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\HPConnectedMusic
[2012/11/22 07:43:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/11/21 07:47:28 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\HP
[2012/11/20 18:29:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2012/11/20 18:29:31 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\AdvUninstal
[2012/11/20 18:29:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
[2012/11/20 18:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Innovative Solutions
[2012/11/20 18:29:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced Uninstaller PRO
[2012/11/20 18:28:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/11/20 18:26:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/11/19 06:56:40 | 000,000,000 | R--D | C] -- C:\Users\River\Documents\Notes
[2012/11/18 11:56:23 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\Diagnostics
[2012/11/18 11:43:02 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\Innovative Solutions
[2012/11/18 11:37:57 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\Abine
[2012/11/18 11:25:24 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PopTray
[2012/11/18 11:25:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopTray
[2012/11/18 11:25:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PopTray
[2012/11/18 11:23:39 | 000,000,000 | R--D | C] -- C:\Users\River\Dropbox
[2012/11/18 11:20:35 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/11/18 11:18:50 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\Dropbox
[2012/11/18 10:31:28 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\vlc
[2012/11/18 09:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity
[2012/11/18 09:53:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ffmpeg For Audacity
[2012/11/18 09:52:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2012/11/18 09:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/11/18 09:47:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012/11/18 09:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012/11/18 09:46:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2012/11/18 09:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EULAlyzer
[2012/11/18 09:38:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EULAlyzer
[2012/11/18 09:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/11/18 09:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/11/18 09:36:10 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\Opera
[2012/11/18 09:36:10 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\Opera
[2012/11/18 09:36:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2012/11/18 09:35:28 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/11/18 09:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/11/18 09:35:27 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\Notepad++
[2012/11/18 09:35:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2012/11/18 09:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/11/18 09:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/11/18 09:22:41 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\Malwarebytes
[2012/11/18 09:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/18 09:22:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/18 09:22:31 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/18 09:22:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/18 09:14:10 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/11/18 09:11:11 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\WildTangent
[2012/11/18 09:10:41 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\Google
[2012/11/18 07:20:31 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/11/17 18:49:19 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\Thunderbird
[2012/11/17 18:49:19 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\Thunderbird
[2012/11/17 18:48:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012/11/17 18:45:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/11/17 18:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/11/17 18:02:05 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\hpqlog
[2012/11/17 17:51:52 | 000,000,000 | ---D | C] -- C:\Users\River\Desktop\watch listen read
[2012/11/17 17:51:52 | 000,000,000 | ---D | C] -- C:\Users\River\Desktop\tattoo files
[2012/11/17 17:51:51 | 000,000,000 | ---D | C] -- C:\Users\River\Desktop\Norse - read & unread
[2012/11/17 17:51:50 | 000,000,000 | ---D | C] -- C:\Users\River\Desktop\MINI
[2012/11/17 17:51:48 | 000,000,000 | ---D | C] -- C:\Users\River\Desktop\hair analysis
[2012/11/17 17:51:48 | 000,000,000 | ---D | C] -- C:\Users\River\Desktop\for WMP
[2012/11/17 17:47:44 | 000,000,000 | ---D | C] -- C:\Users\River\Desktop\file
[2012/11/17 17:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/11/17 16:44:56 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2012/11/17 16:44:55 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\Paint.NET
[2012/11/17 15:30:56 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HFSExplorer
[2012/11/17 15:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HFSExplorer
[2012/11/17 15:30:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HFSExplorer
[2012/11/17 15:00:09 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\Identities
[2012/11/17 13:47:38 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\KeePass
[2012/11/17 13:35:57 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\KeePass
[2012/11/17 13:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeePass Password Safe 2
[2012/11/17 13:30:02 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\Evernote
[2012/11/17 13:29:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote
[2012/11/17 13:26:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeePass Password Safe
[2012/11/17 13:20:18 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\Macromedia
[2012/11/17 13:20:18 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\Macromedia
[2012/11/17 12:24:08 | 000,000,000 | ---D | C] -- C:\Users\River\Documents\Health Related
[2012/11/17 12:24:07 | 000,000,000 | ---D | C] -- C:\Users\River\Documents\Family & Pets
[2012/11/17 12:18:24 | 000,000,000 | ---D | C] -- C:\Users\River\Documents\Electronic Arts
[2012/11/17 12:18:10 | 000,000,000 | ---D | C] -- C:\Users\River\Documents\Dreaming
[2012/11/17 12:18:09 | 000,000,000 | ---D | C] -- C:\Users\River\Documents\Correspondence & Billing
[2012/11/17 12:18:02 | 000,000,000 | ---D | C] -- C:\Users\River\Documents\Tarot
[2012/11/17 12:18:02 | 000,000,000 | ---D | C] -- C:\Users\River\Documents\Research
[2012/11/17 12:18:02 | 000,000,000 | ---D | C] -- C:\Users\River\Documents\Astrology
[2012/11/17 12:18:02 | 000,000,000 | ---D | C] -- C:\Users\River\Documents\Anthropology
[2012/11/17 12:18:01 | 000,000,000 | ---D | C] -- C:\Users\River\Documents\Politics
[2012/11/17 12:18:01 | 000,000,000 | ---D | C] -- C:\Users\River\Documents\Personal
[2012/11/17 12:18:00 | 000,000,000 | ---D | C] -- C:\Users\River\Documents\PDF ebook backups
[2012/11/17 12:17:54 | 000,000,000 | ---D | C] -- C:\Users\River\Documents\Norse
[2012/11/17 12:17:54 | 000,000,000 | ---D | C] -- C:\Users\River\Documents\Myths and Legends
[2012/11/17 12:17:54 | 000,000,000 | ---D | C] -- C:\Users\River\Documents\misc
[2012/11/17 12:17:54 | 000,000,000 | ---D | C] -- C:\Users\River\Documents\GrowlyNotebooks
[2012/11/17 12:17:51 | 000,000,000 | ---D | C] -- C:\Users\River\Documents\medical
[2012/11/17 12:17:51 | 000,000,000 | ---D | C] -- C:\Users\River\Documents\job related
[2012/11/17 12:17:50 | 000,000,000 | ---D | C] -- C:\Users\River\Documents\IT
[2012/11/17 12:17:49 | 000,000,000 | ---D | C] -- C:\Users\River\Documents\heritage
[2012/11/17 11:53:19 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\Mozilla
[2012/11/17 11:53:19 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\Mozilla
[2012/11/17 11:53:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/11/17 11:49:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/11/17 11:44:31 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\WinPatrol
[2012/11/17 11:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2012/11/17 11:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2012/11/17 11:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/11/17 11:36:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/11/17 11:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/11/17 11:35:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/11/17 11:34:38 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\Microsoft Help
[2012/11/17 11:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/11/17 11:34:14 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/11/17 11:11:22 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\CrashDumps
[2012/11/17 11:04:48 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\AMD
[2012/11/17 11:04:33 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\ATI
[2012/11/17 11:04:33 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\ATI
[2012/11/17 11:03:36 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\Hewlett-Packard
[2012/11/17 11:02:59 | 000,000,000 | R--D | C] -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/11/17 11:02:59 | 000,000,000 | R--D | C] -- C:\Users\River\Searches
[2012/11/17 11:02:59 | 000,000,000 | R--D | C] -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/11/17 11:02:50 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\Adobe
[2012/11/17 11:02:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[2012/11/17 11:01:39 | 000,000,000 | R--D | C] -- C:\Users\River\Contacts
[2012/11/17 11:00:49 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\Synaptics
[2012/11/17 10:59:47 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\Power2Go8
[2012/11/17 10:59:28 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\AuthenTec
[2012/11/17 10:58:34 | 000,000,000 | -H-D | C] -- C:\Users\River\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/11/17 10:58:31 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\VirtualStore
[2012/11/17 10:58:13 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information
[2012/11/17 10:58:11 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\Packages
[2012/11/17 10:57:39 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/11/17 10:57:29 | 000,000,000 | -HSD | C] -- C:\Users\River\AppData\Local\Temporary Internet Files
[2012/11/17 10:57:29 | 000,000,000 | -HSD | C] -- C:\Users\River\Templates
[2012/11/17 10:57:29 | 000,000,000 | -HSD | C] -- C:\Users\River\Start Menu
[2012/11/17 10:57:29 | 000,000,000 | -HSD | C] -- C:\Users\River\SendTo
[2012/11/17 10:57:29 | 000,000,000 | -HSD | C] -- C:\Users\River\Recent
[2012/11/17 10:57:29 | 000,000,000 | -HSD | C] -- C:\Users\River\PrintHood
[2012/11/17 10:57:29 | 000,000,000 | -HSD | C] -- C:\Users\River\NetHood
[2012/11/17 10:57:29 | 000,000,000 | -HSD | C] -- C:\Users\River\Documents\My Videos
[2012/11/17 10:57:29 | 000,000,000 | -HSD | C] -- C:\Users\River\Documents\My Pictures
[2012/11/17 10:57:29 | 000,000,000 | -HSD | C] -- C:\Users\River\Documents\My Music
[2012/11/17 10:57:29 | 000,000,000 | -HSD | C] -- C:\Users\River\My Documents
[2012/11/17 10:57:29 | 000,000,000 | -HSD | C] -- C:\Users\River\Local Settings
[2012/11/17 10:57:29 | 000,000,000 | -HSD | C] -- C:\Users\River\AppData\Local\History
[2012/11/17 10:57:29 | 000,000,000 | -HSD | C] -- C:\Users\River\Cookies
[2012/11/17 10:57:29 | 000,000,000 | -HSD | C] -- C:\Users\River\Application Data
[2012/11/17 10:57:29 | 000,000,000 | -HSD | C] -- C:\Users\River\AppData\Local\Application Data
[2012/11/17 10:57:11 | 000,000,000 | --SD | C] -- C:\Users\River\AppData\Roaming\Microsoft
[2012/11/17 10:57:11 | 000,000,000 | R--D | C] -- C:\Users\River\Videos
[2012/11/17 10:57:11 | 000,000,000 | R--D | C] -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2012/11/17 10:57:11 | 000,000,000 | R--D | C] -- C:\Users\River\Saved Games
[2012/11/17 10:57:11 | 000,000,000 | R--D | C] -- C:\Users\River\Pictures
[2012/11/17 10:57:11 | 000,000,000 | R--D | C] -- C:\Users\River\Music
[2012/11/17 10:57:11 | 000,000,000 | R--D | C] -- C:\Users\River\Links
[2012/11/17 10:57:11 | 000,000,000 | R--D | C] -- C:\Users\River\Favorites
[2012/11/17 10:57:11 | 000,000,000 | R--D | C] -- C:\Users\River\Downloads
[2012/11/17 10:57:11 | 000,000,000 | R--D | C] -- C:\Users\River\Documents
[2012/11/17 10:57:11 | 000,000,000 | R--D | C] -- C:\Users\River\Desktop
[2012/11/17 10:57:11 | 000,000,000 | R--D | C] -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/11/17 10:57:11 | 000,000,000 | R--D | C] -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2012/11/17 10:57:11 | 000,000,000 | -H-D | C] -- C:\Users\River\Documents\hp.system.package.metadata
[2012/11/17 10:57:11 | 000,000,000 | -H-D | C] -- C:\Users\River\Documents\hp.applications.package.appdata
[2012/11/17 10:57:11 | 000,000,000 | -H-D | C] -- C:\Users\River\AppData
[2012/11/17 10:57:11 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\Temp
[2012/11/17 10:57:11 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Local\Microsoft
[2012/11/17 10:57:11 | 000,000,000 | ---D | C] -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

========== Files - Modified Within 30 Days ==========

[2012/12/12 13:27:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/12 13:25:04 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2012/12/12 13:25:03 | 404,545,535 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/12 13:10:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\River\Desktop\OTL.exe
[2012/12/12 10:03:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1185449542-2177161251-728486615-1002UA.job
[2012/12/12 09:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/12 07:07:41 | 000,468,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswnet.sys
[2012/12/12 07:07:41 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswnet.sys.sum
[2012/12/11 19:07:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/12/11 18:03:00 | 000,000,870 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1185449542-2177161251-728486615-1002Core.job
[2012/12/11 17:42:08 | 000,035,612 | ---- | M] () -- C:\Users\River\Desktop\Emma 2012-12-11 5.42PM.kdb
[2012/12/11 07:26:59 | 000,007,625 | ---- | M] () -- C:\Users\River\AppData\Local\Resmon.ResmonCfg
[2012/12/10 21:02:05 | 000,444,830 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/12/10 20:44:33 | 000,000,543 | ---- | M] () -- C:\Users\River\AppData\Roaming\All CPU MeterV3_Settings.ini
[2012/12/10 17:23:08 | 000,941,114 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/10 17:23:08 | 000,783,894 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/10 17:23:08 | 000,158,368 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/03 13:51:38 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForEmma.job
[2012/12/01 07:03:31 | 000,457,528 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
[2012/12/01 07:03:31 | 000,224,056 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll
[2012/12/01 07:03:31 | 000,173,368 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo14.dll
[2012/12/01 07:03:31 | 000,113,976 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll
[2012/12/01 07:03:28 | 001,045,816 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCOM.dll
[2012/12/01 07:03:28 | 000,535,864 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll
[2012/12/01 07:03:26 | 000,041,272 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys
[2012/11/30 21:50:34 | 000,000,427 | -H-- | M] () -- C:\Windows\SysNative\Rebecca.dat
[2012/11/30 19:34:32 | 000,002,088 | ---- | M] () -- C:\Users\River\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/11/27 18:54:24 | 000,000,060 | ---- | M] () -- C:\Windows\wininit.ini
[2012/11/22 07:56:16 | 000,447,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/18 12:04:30 | 000,001,704 | ---- | M] () -- C:\Users\River\Desktop\Reboot.lnk
[2012/11/18 11:25:24 | 000,001,027 | ---- | M] () -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PopTray.lnk
[2012/11/18 11:20:50 | 000,001,048 | ---- | M] () -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/11/18 09:46:31 | 000,001,889 | ---- | M] () -- C:\Users\River\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2012/11/18 09:26:10 | 000,001,133 | ---- | M] () -- C:\Users\River\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/11/18 08:06:48 | 000,025,932 | ---- | M] () -- C:\Users\River\Documents\Emma 2012-11-18 8.06AM.kdb
[2012/11/17 18:49:32 | 000,002,110 | ---- | M] () -- C:\Users\River\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/11/17 13:30:23 | 000,001,127 | ---- | M] () -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2012/11/17 11:45:39 | 000,001,424 | ---- | M] () -- C:\Users\River\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2012/12/12 07:07:42 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswnet.sys.sum
[2012/12/11 18:52:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/12/11 07:26:59 | 000,007,625 | ---- | C] () -- C:\Users\River\AppData\Local\Resmon.ResmonCfg
[2012/12/10 20:49:18 | 000,002,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/12/10 18:53:44 | 000,001,087 | ---- | C] () -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PCMeterV0.3.lnk
[2012/12/10 17:33:25 | 000,001,427 | ---- | C] () -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StreamArmor.lnk
[2012/12/10 13:13:52 | 000,000,543 | ---- | C] () -- C:\Users\River\AppData\Roaming\All CPU MeterV3_Settings.ini
[2012/12/07 09:28:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012/12/05 17:41:08 | 000,035,612 | ---- | C] () -- C:\Users\River\Desktop\Emma 2012-12-11 5.42PM.kdb
[2012/12/04 13:38:01 | 000,001,030 | ---- | C] () -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
[2012/12/01 07:07:59 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForEmma.job
[2012/11/30 21:50:34 | 000,000,427 | -H-- | C] () -- C:\Windows\SysNative\Rebecca.dat
[2012/11/30 19:34:32 | 000,002,088 | ---- | C] () -- C:\Users\River\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/11/30 19:34:32 | 000,002,076 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2012/11/27 18:54:24 | 000,000,060 | ---- | C] () -- C:\Windows\wininit.ini
[2012/11/24 20:33:23 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012/11/24 20:13:18 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax
[2012/11/24 20:13:18 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012/11/24 20:13:18 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax
[2012/11/24 20:13:17 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax
[2012/11/24 20:13:17 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax
[2012/11/24 20:13:17 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax
[2012/11/24 20:13:16 | 000,195,584 | RHS- | C] () -- C:\Windows\SysWow64\MatroskaDX.ax
[2012/11/24 20:13:16 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax
[2012/11/24 20:13:15 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax
[2012/11/24 20:13:15 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax
[2012/11/24 20:13:15 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax
[2012/11/22 10:02:23 | 000,002,247 | ---- | C] () -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Control Panel.lnk
[2012/11/22 07:56:01 | 000,447,800 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/20 18:37:33 | 000,001,455 | ---- | C] () -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller Monitor.lnk
[2012/11/20 18:34:50 | 000,001,399 | ---- | C] () -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller.lnk
[2012/11/20 18:29:30 | 000,002,062 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk
[2012/11/20 18:29:24 | 000,042,496 | ---- | C] () -- C:\Windows\SysWow64\AdvUninstCPL.cpl
[2012/11/20 18:13:39 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/11/18 12:03:47 | 000,001,704 | ---- | C] () -- C:\Users\River\Desktop\Reboot.lnk
[2012/11/18 12:02:32 | 000,037,888 | ---- | C] () -- C:\Windows\System\wizmo.exe
[2012/11/18 11:25:24 | 000,001,027 | ---- | C] () -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PopTray.lnk
[2012/11/18 11:21:43 | 000,361,934 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2012/11/18 11:20:50 | 000,001,048 | ---- | C] () -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/11/18 11:20:30 | 000,110,592 | ---- | C] () -- C:\Windows\SysNative\OEMLicense.dll
[2012/11/18 11:20:30 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012/11/18 10:48:20 | 000,001,588 | ---- | C] () -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Snipping Tool.lnk
[2012/11/18 10:01:56 | 000,001,203 | ---- | C] () -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Journal.lnk
[2012/11/18 09:59:31 | 000,001,287 | ---- | C] () -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/11/18 09:58:44 | 000,001,379 | ---- | C] () -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameConsole.lnk
[2012/11/18 09:54:14 | 000,001,115 | ---- | C] () -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\procexp.lnk
[2012/11/18 09:54:03 | 000,001,117 | ---- | C] () -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\autoruns.lnk
[2012/11/18 09:53:07 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012/11/18 09:47:52 | 000,001,444 | ---- | C] () -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AlternateStreamView.lnk
[2012/11/18 09:47:44 | 000,001,236 | ---- | C] () -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StreamArmor-program.lnk
[2012/11/18 09:46:31 | 000,001,889 | ---- | C] () -- C:\Users\River\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2012/11/18 09:46:31 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012/11/18 09:36:09 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012/11/18 09:22:38 | 000,001,133 | ---- | C] () -- C:\Users\River\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/11/18 09:12:39 | 000,002,552 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - hp.lnk
[2012/11/18 09:10:44 | 000,000,922 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1185449542-2177161251-728486615-1002UA.job
[2012/11/18 09:10:43 | 000,000,870 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1185449542-2177161251-728486615-1002Core.job
[2012/11/18 08:50:16 | 000,025,932 | ---- | C] () -- C:\Users\River\Documents\Emma 2012-11-18 8.06AM.kdb
[2012/11/17 18:49:16 | 000,002,110 | ---- | C] () -- C:\Users\River\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/11/17 18:49:16 | 000,002,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012/11/17 16:45:03 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2012/11/17 16:41:33 | 000,001,103 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass.lnk
[2012/11/17 13:30:23 | 000,001,127 | ---- | C] () -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2012/11/17 13:16:56 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/17 12:18:02 | 000,084,711 | ---- | C] () -- C:\Users\River\Documents\bookmarks 2012-11-03.html
[2012/11/17 12:18:02 | 000,059,250 | ---- | C] () -- C:\Users\River\Documents\bookmarks-2012-11-03.json
[2012/11/17 11:45:37 | 000,001,424 | ---- | C] () -- C:\Users\River\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/11/17 11:02:50 | 000,001,430 | ---- | C] () -- C:\Users\River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/11/17 10:57:21 | 000,000,352 | ---- | C] () -- C:\Users\River\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/11/17 10:57:21 | 000,000,334 | ---- | C] () -- C:\Users\River\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/08/17 11:45:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/08/08 22:10:24 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/08/08 22:10:24 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/08/03 14:40:09 | 000,916,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/26 00:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 00:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/25 23:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 17:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 12:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 12:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/25 12:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012/07/25 12:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012/07/25 12:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012/06/02 06:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/05/10 15:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/09/13 06:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2012/08/17 11:56:15 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
" " = C:\Windows\SysNative\shell32.dll -- [2012/10/10 21:45:39 | 019,789,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
" " = %SystemRoot%\system32\shell32.dll -- [2012/10/10 21:07:29 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
" " = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 19:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
" " = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 19:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
" " = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 19:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/12/12 13:12:51 | 000,000,000 | ---D | M] -- C:\Users\River\AppData\Roaming\Abine
[2012/12/12 13:28:21 | 000,000,000 | ---D | M] -- C:\Users\River\AppData\Roaming\Dropbox
[2012/11/23 14:18:36 | 000,000,000 | ---D | M] -- C:\Users\River\AppData\Roaming\HandBrake
[2012/12/11 06:57:46 | 000,000,000 | ---D | M] -- C:\Users\River\AppData\Roaming\KeePass
[2012/12/11 06:57:08 | 000,000,000 | ---D | M] -- C:\Users\River\AppData\Roaming\Launchy
[2012/11/30 15:16:32 | 000,000,000 | ---D | M] -- C:\Users\River\AppData\Roaming\MediaMonkey
[2012/12/04 13:38:07 | 000,000,000 | ---D | M] -- C:\Users\River\AppData\Roaming\mjusbsp
[2012/12/11 06:57:48 | 000,000,000 | ---D | M] -- C:\Users\River\AppData\Roaming\Notepad++
[2012/11/18 09:36:10 | 000,000,000 | ---D | M] -- C:\Users\River\AppData\Roaming\Opera
[2012/11/30 09:13:32 | 000,000,000 | ---D | M] -- C:\Users\River\AppData\Roaming\Origin
[2012/12/12 13:29:25 | 000,000,000 | ---D | M] -- C:\Users\River\AppData\Roaming\SpiderOak
[2012/11/17 11:00:49 | 000,000,000 | ---D | M] -- C:\Users\River\AppData\Roaming\Synaptics
[2012/11/17 18:49:19 | 000,000,000 | ---D | M] -- C:\Users\River\AppData\Roaming\Thunderbird
[2012/11/23 14:20:48 | 000,000,000 | ---D | M] -- C:\Users\River\AppData\Roaming\WebApp
[2012/11/18 09:11:52 | 000,000,000 | ---D | M] -- C:\Users\River\AppData\Roaming\WildTangent
[2012/11/17 11:44:47 | 000,000,000 | ---D | M] -- C:\Users\River\AppData\Roaming\WinPatrol

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:84098FD3

< End of report >

broni · 2012/12/12

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
FF - prefs.js..extensions.enabledAddons: iseekdeal@iseekdeal.com:1.0
[2012/12/09 20:09:51 | 000,001,879 | ---- | M] () (No name found) -- C:\Users\River\AppData\Roaming\mozilla\firefox\profiles\i8ek7rsf.default\ex tensions\iseekdeal@iseekdeal.com.xpi
O4 - HKLM..\Run: [ROC_roc_ssl_v12]  "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [vProt]  "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-21-1185449542-2177161251-728486615-1002..\Run: [EA Core]  "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-1185449542-2177161251-728486615-1002..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:84098FD3

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

=========================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan ".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Harpo · 2012/12/12

I've done all these steps except the last. I cannot turn Avast off, according to the Avast forum (I can only pause the shields), and after pausing the shields, ESET says it's still running, which it is (in Task Manager). So...what do I do? I'm only using a trial version, so do I need to uninstall Avast to run ESET?

broni · 2012/12/12

Right click on Avast icon and...

Harpo · 2012/12/12

That was what I did - ESET says AV is still running and that results might be inaccurate. Shall I continue anyway?

broni · 2012/12/12

Go ahead.

Harpo · 2012/12/13

SecurityCheck log:

Results of screen317's Security Check version 0.99.56
x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Internet Security
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
Adobe Flash Player 11.5.502.135
Adobe Reader XI
Mozilla Firefox 15.0.1 Firefox out of Date!
Mozilla Thunderbird 16.0.2 Thunderbird out of Date!
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Spybot Teatimer.exe is disabled!
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast AvastUI.exe
BillP Studios WinPatrol WinPatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

FSS log:

Farbar Service Scanner Version: 10-12-2012
Ran by Emma (administrator) on 12-12-2012 at 18:30:49
Running from "C:\Users\River\Desktop "
Windows 8 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware "=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll
[2012-11-18 11:20] - [2012-09-19 22:31] - 0210432 ____A (Microsoft Corporation) 066B9710B36AB550E01EEFCA52155968

C:\Windows\System32\mpssvc.dll
[2012-11-18 11:33] - [2012-10-10 21:44] - 0904192 ____A (Microsoft Corporation) 3031573A739DBEE8923851929D0AF423

C:\Windows\System32\bfe.dll
[2012-07-25 16:00] - [2012-07-25 19:05] - 0718848 ____A (Microsoft Corporation) 407F85D5387EDBB665A7969DF4D4712B

C:\Windows\System32\drivers\mpsdrv.sys
[2012-11-18 11:33] - [2012-10-10 21:15] - 0074752 ____A (Microsoft Corporation) 0D1609DD82C7440F5D5BF21A9D4D5C0C

C:\Windows\System32\SDRSVC.dll
[2012-07-25 17:08] - [2012-07-25 19:07] - 0148480 ____A (Microsoft Corporation) 92968277ED491E4B3DDA361E3952361E

C:\Windows\System32\vssvc.exe
[2012-07-25 15:36] - [2012-07-25 19:08] - 1482752 ____A (Microsoft Corporation) EA658570314042C914964FC72AB50E6B

C:\Windows\System32\wscsvc.dll
[2012-07-25 15:31] - [2012-07-25 19:08] - 0099840 ____A (Microsoft Corporation) FB0C1B7F94FA08E72F19F6F2CE7210E1

C:\Windows\System32\wbem\WMIsvc.dll
[2012-07-25 15:55] - [2012-07-25 19:08] - 0219648 ____A (Microsoft Corporation) 3D6B518B71C75C8FA4115A33615C107A

C:\Windows\System32\wuaueng.dll
[2012-11-18 11:35] - [2012-11-01 21:20] - 3340288 ____A (Microsoft Corporation) 270282F9357AB356300AD9DB9F0FD665

C:\Windows\System32\qmgr.dll
[2012-07-25 16:18] - [2012-07-25 19:07] - 0826368 ____A (Microsoft Corporation) D598C44A7072D3108D8D8102EC5E07F7

C:\Windows\System32\es.dll
[2012-07-25 15:50] - [2012-07-25 19:05] - 0507904 ____A (Microsoft Corporation) F9E01C2D9F8BC049E04CF5DC24A5F638

C:\Windows\System32\cryptsvc.dll
[2012-07-25 16:05] - [2012-07-25 19:05] - 0067584 ____A (Microsoft Corporation) F0E78B119D12BA81F163D48C0FF30B9A

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

ESET found no threats, but I've taken a screenclip of my NoScript window which shows ISeekDeal is still present. :-(

broni · 2012/12/13

ISeekDeal is present where exactly?

Harpo · 2012/12/13

I use the NoScript add-on for Firefox, so I can control what javascript runs on the pages I visit. It is showing up in the NoScript window. You can see how it looks in the NoScript window here:

I've done quite a bit of searching re: ISeekDeal since WinPatrol alerted meof its presence on Sunday right after I installed IObit Uninstaller (on recommendation), and I've found that ISeekDeal was first seen only on Dec 2. This page has some info about it, and this page rates it as a safe file, but has no actual reviews of it. This page identifies the registry key, and I searched for it and deleted about a half dozen instances, which stopped the constant requests from WinPatrol, but didn't get rid of it.

If I didn't use WinPatrol, I wouldn't have noticed it until it occurred to me that I was suddenly seeing it on every webpage I manually allow javascript on. When WinPatrol notified me it was asking permission to do something (I forget what, probably run on boot), I said no, as I always do if something I'm unfamiliar with shows up. I've found it's a very good policy to "just say no" when I don't recognize something. Anyway, it was absolutely obnoxious until I found the registry keys.

If I didn't use NoScript I wouldn't know it was still there. But it's on EVERY page I visit, and that's not normal.

Log in or Sign up

Solved ISeekDeal.dll

Harpo Well-Known Member Thread Starter

Admin. Administrator Administrator Staff

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Harpo Well-Known Member Thread Starter

Harpo Well-Known Member Thread Starter

Harpo Well-Known Member Thread Starter

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Harpo Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Solved ISeekDeal.dll

Harpo Well-Known Member Thread Starter

Admin. Administrator Administrator Staff

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Harpo Well-Known Member Thread Starter

Harpo Well-Known Member Thread Starter

Harpo Well-Known Member Thread Starter

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Harpo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Harpo Well-Known Member Thread Starter

Share This Page

Useful Searches