Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
NEED HELP REMOVING "TROJAN.AGENT" C:\Windows\svchost.exe
Message
<blockquote data-quote="amerriw" data-source="post: 67355" data-attributes="member: 1896"><p>aswMBR LOG</p><p>OTL logfile created on: 8/7/2012 3:41:21 PM - Run 3</p><p>OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Augie\Downloads</p><p>64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation</p><p>Internet Explorer (Version = 9.0.8112.16421)</p><p>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</p><p></p><p>3.75 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 44.90% Memory free</p><p>7.49 Gb Paging File | 5.11 Gb Available in Paging File | 68.26% Paging File free</p><p>Paging file location(s): ?:\pagefile.sys [binary data]</p><p></p><p>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)</p><p>Drive C: | 450.76 Gb Total Space | 400.80 Gb Free Space | 88.92% Space Free | Partition Type: NTFS</p><p>Drive D: | 14.71 Gb Total Space | 1.63 Gb Free Space | 11.10% Space Free | Partition Type: NTFS</p><p></p><p>Computer Name: AUGIE-HP | User Name: Augie | Logged in as Administrator.</p><p>Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans</p><p>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</p><p></p><p>========== Processes (SafeList) ==========</p><p></p><p>PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe (Adobe Systems, Inc.)</p><p>PRC - C:\Users\Augie\Downloads\OTL.exe (OldTimer Tools)</p><p>PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)</p><p>PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)</p><p>PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)</p><p>PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)</p><p>PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)</p><p>PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)</p><p>PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)</p><p>PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)</p><p>PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)</p><p>PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)</p><p>PRC - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)</p><p>PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)</p><p>PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)</p><p>PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)</p><p>PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)</p><p>PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)</p><p>PRC - \\.\globalroot\systemroot\svchost.exe ()</p><p>PRC - \\.\globalroot\systemroot\svchost.exe ()</p><p>PRC - \\.\globalroot\systemroot\svchost.exe ()</p><p>PRC - \\.\globalroot\systemroot\svchost.exe ()</p><p>PRC - \\.\globalroot\systemroot\svchost.exe ()</p><p></p><p></p><p>========== Modules (No Company Name) ==========</p><p></p><p>MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()</p><p>MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()</p><p>MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()</p><p></p><p></p><p>========== Win32 Services (SafeList) ==========</p><p></p><p>SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)</p><p>SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)</p><p>SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)</p><p>SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)</p><p>SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)</p><p>SRV:64bit: - (AMD Reservation Manager) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)</p><p>SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)</p><p>SRV:64bit: - (lxcj_device) -- C:\Windows\SysNative\lxcjcoms.exe ( )</p><p>SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)</p><p>SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)</p><p>SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)</p><p>SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)</p><p>SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)</p><p>SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)</p><p>SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)</p><p>SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)</p><p>SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)</p><p>SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)</p><p>SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)</p><p>SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)</p><p>SRV - (hpCMSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)</p><p>SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)</p><p>SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)</p><p>SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)</p><p>SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)</p><p></p><p></p><p>========== Driver Services (SafeList) ==========</p><p></p><p>DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)</p><p>DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)</p><p>DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)</p><p>DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)</p><p>DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)</p><p>DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)</p><p>DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)</p><p>DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)</p><p>DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)</p><p>DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )</p><p>DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)</p><p>DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)</p><p>DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)</p><p>DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)</p><p>DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)</p><p>DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)</p><p>DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)</p><p>DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)</p><p>DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)</p><p>DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)</p><p>DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)</p><p>DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)</p><p>DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)</p><p>DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)</p><p>DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)</p><p>DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)</p><p>DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)</p><p>DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)</p><p>DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)</p><p>DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)</p><p>DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)</p><p>DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)</p><p>DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)</p><p>DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)</p><p>DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)</p><p>DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)</p><p>DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)</p><p>DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)</p><p>DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)</p><p>DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)</p><p></p><p></p><p>========== Standard Registry (SafeList) ==========</p><p></p><p></p><p>========== Internet Explorer ==========</p><p></p><p>IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1</p><p>IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}</p><p>IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerm...-SearchBox</p><p>IE:64bit: - HKLM\..\SearchScopes\{2726EAAE-E2F9-413D-9BB8-BD280A0E30FC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?...archTerms}</p><p>IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms...s&o=HPNTDF</p><p>IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={search...ype=HPNTDF</p><p>IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Sea...archTerms}</p><p>IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-...archTerms}</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank</p><p>IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}</p><p>IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerm...-SearchBox</p><p>IE - HKLM\..\SearchScopes\{2726EAAE-E2F9-413D-9BB8-BD280A0E30FC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?...archTerms}</p><p>IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms...s&o=HPNTDF</p><p>IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={search...ype=HPNTDF</p><p>IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Sea...archTerms}</p><p>IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-...archTerms}</p><p></p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank</p><p>IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found</p><p>IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}</p><p>IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerm...-SearchBox</p><p>IE - HKCU\..\SearchScopes\{2726EAAE-E2F9-413D-9BB8-BD280A0E30FC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?...archTerms}</p><p>IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms...s&o=HPNTDF</p><p>IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={search...ype=HPNTDF</p><p>IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Sea...archTerms}</p><p>IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-...archTerms}</p><p>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local</p><p></p><p>========== FireFox ==========</p><p></p><p>FF - prefs.js..browser.startup.homepage: "http://bl158w.blu158.mail.live.com/mail/InboxLight.aspx?fid=1&fav=1&n=1386452326"</p><p>FF - prefs.js..network.proxy.type: 0</p><p>FF - user.js - File not found</p><p></p><p>FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found</p><p>FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)</p><p>FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found</p><p>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found</p><p>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found</p><p>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Augie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)</p><p></p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/18 22:38:39 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins</p><p>FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/18 22:38:39 | 000,000,000 | ---D | M]</p><p>FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins</p><p></p><p>[2011/09/19 16:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Augie\AppData\Roaming\Mozilla\Extensions</p><p>[2012/08/05 22:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Augie\AppData\Roaming\Mozilla\Firefox\Profiles\2t300p0s.default\extensions</p><p>[2012/06/11 14:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions</p><p>[2012/07/18 13:30:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}</p><p>[2011/12/26 18:48:11 | 000,413,408 | ---- | M] () (No name found) -- C:\USERS\AUGIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2T300P0S.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI</p><p>[2012/08/05 22:40:22 | 001,621,801 | ---- | M] () (No name found) -- C:\USERS\AUGIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2T300P0S.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI</p><p>[2012/06/18 22:38:39 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll</p><p>[2012/05/08 16:51:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml</p><p>[2012/05/08 16:51:24 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml</p><p></p><p>O1 HOSTS File: ([2012/07/27 21:32:08 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts</p><p>O1 - Hosts: 127.0.0.1 localhost</p><p>O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)</p><p>O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</p><p>O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)</p><p>O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)</p><p>O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.</p><p>O4:64bit: - HKLM..\Run: [LXCJCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCJtime.DLL ()</p><p>O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)</p><p>O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)</p><p>O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)</p><p>O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)</p><p>O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)</p><p>O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)</p><p>O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)</p><p>O4 - HKCU..\Run: [Facebook Update] C:\Users\Augie\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)</p><p>O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3</p><p>O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present</p><p>O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present</p><p>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</p><p>O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</p><p>O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)</p><p>O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)</p><p>O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)</p><p>O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)</p><p>O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 1.6.0_24)</p><p>O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 1.6.0_24)</p><p>O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 1.6.0_24)</p><p>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 1.6.0_32)</p><p>O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 1.6.0_32)</p><p>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 1.6.0_32)</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A2C1D5D-49B7-436C-B806-7F6DF4080EEC}: DhcpNameServer = 192.168.0.1 192.168.0.1</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4E7F2BD-4A5A-45CA-9954-B547B5DAFD44}: DhcpNameServer = 75.75.75.75 75.75.76.76</p><p>O18:64bit: - Protocol\Handler\livecall - No CLSID value found</p><p>O18:64bit: - Protocol\Handler\msnim - No CLSID value found</p><p>O18:64bit: - Protocol\Handler\skype4com - No CLSID value found</p><p>O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found</p><p>O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found</p><p>O18:64bit: - Protocol\Handler\wlpg - No CLSID value found</p><p>O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)</p><p>O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</p><p>O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)</p><p>O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)</p><p>O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)</p><p>O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found</p><p>O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)</p><p>O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)</p><p>O32 - HKLM CDRom: AutoRun - 1</p><p>O34 - HKLM BootExecute: (autocheck autochk *)</p><p>O35:64bit: - HKLM\..comfile [open] -- "%1" %*</p><p>O35:64bit: - HKLM\..exefile [open] -- "%1" %*</p><p>O35 - HKLM\..comfile [open] -- "%1" %*</p><p>O35 - HKLM\..exefile [open] -- "%1" %*</p><p>O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*</p><p>O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O37 - HKLM\...com [@ = ComFile] -- "%1" %*</p><p>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</p><p>O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)</p><p></p><p>========== Files/Folders - Created Within 30 Days ==========</p><p></p><p>[2012/08/07 14:46:23 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe</p><p>[2012/07/29 22:46:33 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%</p><p>[2012/07/29 19:01:59 | 000,000,000 | ---D | C] -- C:\Windows\Sun</p><p>[2012/07/28 19:29:19 | 000,000,000 | ---D | C] -- C:\Windows\TEMP</p><p>[2012/07/27 21:39:45 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE</p><p>[2012/07/27 21:28:02 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs</p><p>[2012/07/26 23:17:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET</p><p>[2012/07/26 23:16:14 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe</p><p>[2012/07/26 23:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro</p><p>[2012/07/25 21:39:14 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN</p><p>[2012/07/25 21:28:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe</p><p>[2012/07/25 21:28:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe</p><p>[2012/07/25 21:28:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe</p><p>[2012/07/25 21:25:31 | 000,000,000 | ---D | C] -- C:\Qoobox</p><p>[2012/07/25 21:25:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt</p><p>[2012/07/25 21:22:33 | 004,719,627 | R--- | C] (Swearware) -- C:\Users\Augie\Desktop\ComboFix.exe</p><p>[2012/07/24 13:04:43 | 000,000,000 | ---D | C] -- C:\Users\Augie\AppData\Local\{03D2CAA4-BE37-4ADA-8B6B-BCCDDBEEA54D}</p><p>[2012/07/24 13:04:33 | 000,000,000 | ---D | C] -- C:\Users\Augie\AppData\Local\{28BB6018-EC20-453A-A510-0ADCCEBB3BAF}</p><p>[2012/07/23 17:01:50 | 000,000,000 | ---D | C] -- C:\Users\Augie\Desktop\Changing Worlds</p><p>[2012/07/21 12:55:17 | 000,000,000 | ---D | C] -- C:\Users\Augie\AppData\Roaming\SpeedyPC Software</p><p>[2012/07/21 12:55:17 | 000,000,000 | ---D | C] -- C:\Users\Augie\AppData\Roaming\DriverCure</p><p>[2012/07/21 12:55:04 | 000,000,000 | ---D | C] -- C:\Users\Augie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software</p><p>[2012/07/21 12:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software</p><p>[2012/07/21 12:39:47 | 000,000,000 | ---D | C] -- C:\Users\Augie\Desktop\Downloads</p><p>[2012/07/21 12:39:44 | 000,000,000 | ---D | C] -- C:\Users\Augie\AppData\Roaming\GetRightToGo</p><p>[2012/07/19 20:11:48 | 000,000,000 | ---D | C] -- C:\Users\Augie\AppData\Local\{5C64189F-B5BD-4BCB-AD72-C261984C6E7A}</p><p>[2012/07/12 11:08:31 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll</p><p>[2012/07/12 11:08:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll</p><p>[2012/07/12 11:08:30 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll</p><p>[2012/07/12 11:08:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll</p><p>[2012/07/12 11:08:29 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll</p><p>[2012/07/12 11:08:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll</p><p>[2012/07/12 11:08:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe</p><p>[2012/07/12 11:08:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe</p><p>[2012/07/12 11:08:28 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll</p><p>[2012/07/12 11:08:28 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl</p><p>[2012/07/12 11:08:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl</p><p>[2012/07/12 11:08:27 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll</p><p>[2012/07/12 11:08:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll</p><p>[2012/07/10 20:55:31 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%</p><p>[2012/07/10 20:02:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll</p><p>[2012/07/10 20:02:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll</p><p>[2012/07/10 20:02:18 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll</p><p>[2012/07/10 20:02:17 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll</p><p>[2012/07/10 20:02:17 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll</p><p>[1 C:\Users\Augie\Desktop\*.tmp files -> C:\Users\Augie\Desktop\*.tmp -> ]</p><p></p><p>========== Files - Modified Within 30 Days ==========</p><p></p><p>[2012/08/07 15:38:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job</p><p>[2012/08/07 15:25:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat</p><p>[2012/08/07 15:02:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job</p><p>[2012/08/07 14:56:33 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>[2012/08/07 14:56:33 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>[2012/08/07 14:52:00 | 000,727,136 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI</p><p>[2012/08/07 14:52:00 | 000,624,856 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat</p><p>[2012/08/07 14:52:00 | 000,106,942 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat</p><p>[2012/08/07 14:45:43 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job</p><p>[2012/08/07 14:45:27 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAugie.job</p><p>[2012/08/07 14:45:16 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys</p><p>[2012/08/07 12:52:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1678713175-1451055111-565092166-1001UA.job</p><p>[2012/08/06 18:24:35 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1678713175-1451055111-565092166-1001Core.job</p><p>[2012/08/02 21:02:16 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe</p><p>[2012/08/02 21:02:16 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl</p><p>[2012/08/02 19:31:31 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk</p><p>[2012/07/30 12:09:16 | 000,108,195 | ---- | M] () -- C:\Users\Augie\Desktop\photo(3).JPG</p><p>[2012/07/30 12:01:01 | 000,305,571 | ---- | M] () -- C:\Users\Augie\Desktop\photo.JPG</p><p>[2012/07/29 19:15:18 | 000,061,628 | ---- | M] () -- C:\Users\Augie\Desktop\546321_10100699422428850_1545372267_n.jpg</p><p>[2012/07/27 21:39:47 | 000,000,042 | ---- | M] () -- C:\repairs_running.dat</p><p>[2012/07/27 21:39:45 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE</p><p>[2012/07/27 21:32:08 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts</p><p>[2012/07/26 23:16:14 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe</p><p>[2012/07/25 21:22:33 | 004,719,627 | R--- | M] (Swearware) -- C:\Users\Augie\Desktop\ComboFix.exe</p><p>[2012/07/24 18:55:18 | 000,051,046 | ---- | M] () -- C:\Users\Augie\Desktop\photo(1).JPG</p><p>[2012/07/24 15:57:26 | 000,000,512 | ---- | M] () -- C:\Users\Augie\Desktop\MBR.dat</p><p>[2012/07/24 12:30:31 | 000,002,461 | ---- | M] () -- C:\Users\Augie\Desktop\Microsoft Word Starter 2010.lnk</p><p>[2012/07/21 12:41:24 | 001,654,532 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB</p><p>[2012/07/21 12:31:01 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>[2012/07/21 12:02:59 | 000,000,036 | ---- | M] () -- C:\Users\Augie\AppData\Local\housecall.guid.cache</p><p>[2012/07/12 11:30:24 | 000,276,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT</p><p>[1 C:\Users\Augie\Desktop\*.tmp files -> C:\Users\Augie\Desktop\*.tmp -> ]</p><p></p><p>========== Files Created - No Company Name ==========</p><p></p><p>[2012/07/30 12:09:16 | 000,108,195 | ---- | C] () -- C:\Users\Augie\Desktop\photo(3).JPG</p><p>[2012/07/30 09:59:02 | 000,305,571 | ---- | C] () -- C:\Users\Augie\Desktop\photo.JPG</p><p>[2012/07/29 19:15:16 | 000,061,628 | ---- | C] () -- C:\Users\Augie\Desktop\546321_10100699422428850_1545372267_n.jpg</p><p>[2012/07/27 21:32:00 | 000,000,042 | ---- | C] () -- C:\repairs_running.dat</p><p>[2012/07/25 21:28:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe</p><p>[2012/07/25 21:28:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe</p><p>[2012/07/25 21:28:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe</p><p>[2012/07/25 21:28:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe</p><p>[2012/07/25 21:28:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe</p><p>[2012/07/24 18:55:17 | 000,051,046 | ---- | C] () -- C:\Users\Augie\Desktop\photo(1).JPG</p><p>[2012/07/24 15:57:26 | 000,000,512 | ---- | C] () -- C:\Users\Augie\Desktop\MBR.dat</p><p>[2012/07/24 12:30:31 | 000,002,461 | ---- | C] () -- C:\Users\Augie\Desktop\Microsoft Word Starter 2010.lnk</p><p>[2012/07/21 12:41:21 | 001,654,532 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB</p><p>[2012/07/21 12:31:01 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>[2012/07/21 12:02:59 | 000,000,036 | ---- | C] () -- C:\Users\Augie\AppData\Local\housecall.guid.cache</p><p>[2012/03/07 23:54:46 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat</p><p>[2012/01/11 11:27:47 | 000,002,048 | -HS- | C] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{eaa6ee55-f780-5852-a878-cffa2c6baa4a}\@</p><p>[2012/01/11 11:27:47 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{eaa6ee55-f780-5852-a878-cffa2c6baa4a}\@</p><p>[2012/01/09 11:11:13 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat</p><p>[2011/11/28 20:43:50 | 000,004,608 | ---- | C] () -- C:\Users\Augie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p>[2011/09/21 13:30:31 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI</p><p>[2011/07/02 16:31:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin</p><p>[2011/07/02 16:22:39 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat</p><p>[2011/04/13 18:27:04 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat</p><p>[2011/03/03 23:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL</p><p>[2011/02/16 19:57:18 | 000,003,883 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat</p><p>[2010/12/22 23:17:48 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll</p><p></p><p>========== LOP Check ==========</p><p></p><p>[2012/07/21 12:55:17 | 000,000,000 | ---D | M] -- C:\Users\Augie\AppData\Roaming\DriverCure</p><p>[2012/07/21 12:41:02 | 000,000,000 | ---D | M] -- C:\Users\Augie\AppData\Roaming\GetRightToGo</p><p>[2011/11/21 22:54:03 | 000,000,000 | ---D | M] -- C:\Users\Augie\AppData\Roaming\PhotoScape</p><p>[2012/04/30 17:07:31 | 000,000,000 | ---D | M] -- C:\Users\Augie\AppData\Roaming\redsn0w</p><p>[2012/08/07 14:44:02 | 000,000,000 | ---D | M] -- C:\Users\Augie\AppData\Roaming\SoftGrid Client</p><p>[2012/07/21 12:55:17 | 000,000,000 | ---D | M] -- C:\Users\Augie\AppData\Roaming\SpeedyPC Software</p><p>[2011/09/16 12:31:14 | 000,000,000 | ---D | M] -- C:\Users\Augie\AppData\Roaming\Synaptics</p><p>[2011/09/21 13:31:10 | 000,000,000 | ---D | M] -- C:\Users\Augie\AppData\Roaming\TP</p><p>[2012/02/02 17:44:11 | 000,000,000 | ---D | M] -- C:\Users\Augie\AppData\Roaming\webex</p><p>[2011/11/28 18:17:04 | 000,000,000 | ---D | M] -- C:\Users\Augie\AppData\Roaming\Windows Live Writer</p><p>[2012/08/06 18:24:35 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1678713175-1451055111-565092166-1001Core.job</p><p>[2012/08/07 12:52:01 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1678713175-1451055111-565092166-1001UA.job</p><p>[2009/07/14 00:08:49 | 000,022,432 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT</p><p></p><p>========== Purity Check ==========</p><p></p><p></p><p></p><p>========== Alternate Data Streams ==========</p><p></p><p>@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite116" alt=":D" title="Big grin :D" loading="lazy" data-shortname=":D" />FC5A2B2</p><p></p><p>< End of report ></p><p></p><p></p><p>aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software</p><p>Run date: 2012-08-07 15:45:19</p><p>-----------------------------</p><p>15:45:19.716 OS Version: Windows x64 6.1.7601 Service Pack 1</p><p>15:45:19.716 Number of processors: 2 586 0x603</p><p>15:45:19.717 ComputerName: AUGIE-HP UserName: Augie</p><p>15:45:21.536 Initialize success</p><p>15:46:14.437 AVAST engine defs: 12080701</p><p>15:48:23.070 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005d</p><p>15:48:23.075 Disk 0 Vendor: ST950032 0005 Size: 476940MB BusType: 11</p><p>15:48:23.080 Device \Driver\amd_sata -> MajorFunction fffffa80049ab5e8</p><p>15:48:23.087 Disk 0 MBR read successfully</p><p>15:48:23.094 Disk 0 MBR scan</p><p>15:48:23.103 Disk 0 Windows 7 default MBR code</p><p>15:48:23.118 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048</p><p>15:48:23.130 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 461577 MB offset 409600</p><p>15:48:23.169 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15059 MB offset 945719296</p><p>15:48:23.194 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128</p><p>15:48:23.244 Disk 0 scanning C:\Windows\system32\drivers</p><p>15:48:36.415 Service scanning</p><p>15:49:04.038 Modules scanning</p><p>15:49:04.379 Disk 0 trace - called modules:</p><p>15:49:04.385 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys >>UNKNOWN [0xfffffa80049ab5e8]<<</p><p>15:49:04.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004294790]</p><p>15:49:04.395 3 CLASSPNP.SYS[fffff8800196443f] -> nt!IofCallDriver -> [0xfffffa800426eac0]</p><p>15:49:04.400 5 amd_xata.sys[fffff880010f0900] -> nt!IofCallDriver -> \Device\0000005d[0xfffffa800425a550]</p><p>15:49:04.407 \Driver\amd_sata[0xfffffa80047ea060] -> IRP_MJ_CREATE -> 0xfffffa80049ab5e8</p><p>15:49:10.456 AVAST engine scan C:\Windows</p><p>15:49:13.724 AVAST engine scan C:\Windows\system32</p><p>15:52:20.239 AVAST engine scan C:\Windows\system32\drivers</p><p>15:52:36.628 AVAST engine scan C:\Users\Augie</p><p>15:55:10.062 Disk 0 MBR has been saved successfully to "C:\Users\Augie\Desktop\MBR.dat"</p><p>15:55:10.094 The log file has been saved successfully to "C:\Users\Augie\Desktop\aswMBR.txt"</p><p>16:02:30.515 AVAST engine scan C:\ProgramData</p><p>16:03:13.638 Scan finished successfully</p><p>16:29:30.451 Disk 0 MBR has been saved successfully to "C:\Users\Augie\Desktop\MBR.dat"</p><p>16:29:30.641 The log file has been saved successfully to "C:\Users\Augie\Desktop\new aswMBR.txt"</p></blockquote><p></p>
[QUOTE="amerriw, post: 67355, member: 1896"] aswMBR LOG OTL logfile created on: 8/7/2012 3:41:21 PM - Run 3 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Augie\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 44.90% Memory free 7.49 Gb Paging File | 5.11 Gb Available in Paging File | 68.26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450.76 Gb Total Space | 400.80 Gb Free Space | 88.92% Space Free | Partition Type: NTFS Drive D: | 14.71 Gb Total Space | 1.63 Gb Free Space | 11.10% Space Free | Partition Type: NTFS Computer Name: AUGIE-HP | User Name: Augie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe (Adobe Systems, Inc.) PRC - C:\Users\Augie\Downloads\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - \\.\globalroot\systemroot\svchost.exe () PRC - \\.\globalroot\systemroot\svchost.exe () PRC - \\.\globalroot\systemroot\svchost.exe () PRC - \\.\globalroot\systemroot\svchost.exe () PRC - \\.\globalroot\systemroot\svchost.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.) SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (AMD Reservation Manager) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (lxcj_device) -- C:\Windows\SysNative\lxcjcoms.exe ( ) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company) SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (hpCMSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.) SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices) DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerm...-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2726EAAE-E2F9-413D-9BB8-BD280A0E30FC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?...archTerms} IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms...s&o=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={search...ype=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Sea...archTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-...archTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerm...-SearchBox IE - HKLM\..\SearchScopes\{2726EAAE-E2F9-413D-9BB8-BD280A0E30FC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?...archTerms} IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms...s&o=HPNTDF IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={search...ype=HPNTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Sea...archTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-...archTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerm...-SearchBox IE - HKCU\..\SearchScopes\{2726EAAE-E2F9-413D-9BB8-BD280A0E30FC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?...archTerms} IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms...s&o=HPNTDF IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={search...ype=HPNTDF IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Sea...archTerms} IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-...archTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://bl158w.blu158.mail.live.com/mail/InboxLight.aspx?fid=1&fav=1&n=1386452326" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Augie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/18 22:38:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/18 22:38:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/19 16:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Augie\AppData\Roaming\Mozilla\Extensions [2012/08/05 22:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Augie\AppData\Roaming\Mozilla\Firefox\Profiles\2t300p0s.default\extensions [2012/06/11 14:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/07/18 13:30:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011/12/26 18:48:11 | 000,413,408 | ---- | M] () (No name found) -- C:\USERS\AUGIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2T300P0S.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI [2012/08/05 22:40:22 | 001,621,801 | ---- | M] () (No name found) -- C:\USERS\AUGIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2T300P0S.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI [2012/06/18 22:38:39 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/05/08 16:51:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/05/08 16:51:24 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/07/27 21:32:08 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [LXCJCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCJtime.DLL () O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Facebook Update] C:\Users\Augie\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A2C1D5D-49B7-436C-B806-7F6DF4080EEC}: DhcpNameServer = 192.168.0.1 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4E7F2BD-4A5A-45CA-9954-B547B5DAFD44}: DhcpNameServer = 75.75.75.75 75.75.76.76 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/08/07 14:46:23 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe [2012/07/29 22:46:33 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA% [2012/07/29 19:01:59 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012/07/28 19:29:19 | 000,000,000 | ---D | C] -- C:\Windows\TEMP [2012/07/27 21:39:45 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE [2012/07/27 21:28:02 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs [2012/07/26 23:17:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/07/26 23:16:14 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe [2012/07/26 23:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2012/07/25 21:39:14 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012/07/25 21:28:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/07/25 21:28:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/07/25 21:28:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/07/25 21:25:31 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/07/25 21:25:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/07/25 21:22:33 | 004,719,627 | R--- | C] (Swearware) -- C:\Users\Augie\Desktop\ComboFix.exe [2012/07/24 13:04:43 | 000,000,000 | ---D | C] -- C:\Users\Augie\AppData\Local\{03D2CAA4-BE37-4ADA-8B6B-BCCDDBEEA54D} [2012/07/24 13:04:33 | 000,000,000 | ---D | C] -- C:\Users\Augie\AppData\Local\{28BB6018-EC20-453A-A510-0ADCCEBB3BAF} [2012/07/23 17:01:50 | 000,000,000 | ---D | C] -- C:\Users\Augie\Desktop\Changing Worlds [2012/07/21 12:55:17 | 000,000,000 | ---D | C] -- C:\Users\Augie\AppData\Roaming\SpeedyPC Software [2012/07/21 12:55:17 | 000,000,000 | ---D | C] -- C:\Users\Augie\AppData\Roaming\DriverCure [2012/07/21 12:55:04 | 000,000,000 | ---D | C] -- C:\Users\Augie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software [2012/07/21 12:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software [2012/07/21 12:39:47 | 000,000,000 | ---D | C] -- C:\Users\Augie\Desktop\Downloads [2012/07/21 12:39:44 | 000,000,000 | ---D | C] -- C:\Users\Augie\AppData\Roaming\GetRightToGo [2012/07/19 20:11:48 | 000,000,000 | ---D | C] -- C:\Users\Augie\AppData\Local\{5C64189F-B5BD-4BCB-AD72-C261984C6E7A} [2012/07/12 11:08:31 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/07/12 11:08:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/07/12 11:08:30 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/07/12 11:08:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/07/12 11:08:29 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/07/12 11:08:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/07/12 11:08:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/07/12 11:08:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/07/12 11:08:28 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/07/12 11:08:28 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/07/12 11:08:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/07/12 11:08:27 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/07/12 11:08:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/07/10 20:55:31 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012/07/10 20:02:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012/07/10 20:02:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012/07/10 20:02:18 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012/07/10 20:02:17 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012/07/10 20:02:17 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [1 C:\Users\Augie\Desktop\*.tmp files -> C:\Users\Augie\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/08/07 15:38:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/08/07 15:25:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/07 15:02:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/07 14:56:33 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/07 14:56:33 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/07 14:52:00 | 000,727,136 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/08/07 14:52:00 | 000,624,856 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/08/07 14:52:00 | 000,106,942 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/08/07 14:45:43 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/08/07 14:45:27 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAugie.job [2012/08/07 14:45:16 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys [2012/08/07 12:52:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1678713175-1451055111-565092166-1001UA.job [2012/08/06 18:24:35 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1678713175-1451055111-565092166-1001Core.job [2012/08/02 21:02:16 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/08/02 21:02:16 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/08/02 19:31:31 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/07/30 12:09:16 | 000,108,195 | ---- | M] () -- C:\Users\Augie\Desktop\photo(3).JPG [2012/07/30 12:01:01 | 000,305,571 | ---- | M] () -- C:\Users\Augie\Desktop\photo.JPG [2012/07/29 19:15:18 | 000,061,628 | ---- | M] () -- C:\Users\Augie\Desktop\546321_10100699422428850_1545372267_n.jpg [2012/07/27 21:39:47 | 000,000,042 | ---- | M] () -- C:\repairs_running.dat [2012/07/27 21:39:45 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE [2012/07/27 21:32:08 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/07/26 23:16:14 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe [2012/07/25 21:22:33 | 004,719,627 | R--- | M] (Swearware) -- C:\Users\Augie\Desktop\ComboFix.exe [2012/07/24 18:55:18 | 000,051,046 | ---- | M] () -- C:\Users\Augie\Desktop\photo(1).JPG [2012/07/24 15:57:26 | 000,000,512 | ---- | M] () -- C:\Users\Augie\Desktop\MBR.dat [2012/07/24 12:30:31 | 000,002,461 | ---- | M] () -- C:\Users\Augie\Desktop\Microsoft Word Starter 2010.lnk [2012/07/21 12:41:24 | 001,654,532 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB [2012/07/21 12:31:01 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/21 12:02:59 | 000,000,036 | ---- | M] () -- C:\Users\Augie\AppData\Local\housecall.guid.cache [2012/07/12 11:30:24 | 000,276,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Users\Augie\Desktop\*.tmp files -> C:\Users\Augie\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/30 12:09:16 | 000,108,195 | ---- | C] () -- C:\Users\Augie\Desktop\photo(3).JPG [2012/07/30 09:59:02 | 000,305,571 | ---- | C] () -- C:\Users\Augie\Desktop\photo.JPG [2012/07/29 19:15:16 | 000,061,628 | ---- | C] () -- C:\Users\Augie\Desktop\546321_10100699422428850_1545372267_n.jpg [2012/07/27 21:32:00 | 000,000,042 | ---- | C] () -- C:\repairs_running.dat [2012/07/25 21:28:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/07/25 21:28:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/07/25 21:28:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/07/25 21:28:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/07/25 21:28:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/07/24 18:55:17 | 000,051,046 | ---- | C] () -- C:\Users\Augie\Desktop\photo(1).JPG [2012/07/24 15:57:26 | 000,000,512 | ---- | C] () -- C:\Users\Augie\Desktop\MBR.dat [2012/07/24 12:30:31 | 000,002,461 | ---- | C] () -- C:\Users\Augie\Desktop\Microsoft Word Starter 2010.lnk [2012/07/21 12:41:21 | 001,654,532 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB [2012/07/21 12:31:01 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/21 12:02:59 | 000,000,036 | ---- | C] () -- C:\Users\Augie\AppData\Local\housecall.guid.cache [2012/03/07 23:54:46 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2012/01/11 11:27:47 | 000,002,048 | -HS- | C] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{eaa6ee55-f780-5852-a878-cffa2c6baa4a}\@ [2012/01/11 11:27:47 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{eaa6ee55-f780-5852-a878-cffa2c6baa4a}\@ [2012/01/09 11:11:13 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2011/11/28 20:43:50 | 000,004,608 | ---- | C] () -- C:\Users\Augie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/09/21 13:30:31 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/07/02 16:31:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/07/02 16:22:39 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011/04/13 18:27:04 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2011/03/03 23:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2011/02/16 19:57:18 | 000,003,883 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010/12/22 23:17:48 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll ========== LOP Check ========== [2012/07/21 12:55:17 | 000,000,000 | ---D | M] -- C:\Users\Augie\AppData\Roaming\DriverCure [2012/07/21 12:41:02 | 000,000,000 | ---D | M] -- C:\Users\Augie\AppData\Roaming\GetRightToGo [2011/11/21 22:54:03 | 000,000,000 | ---D | M] -- C:\Users\Augie\AppData\Roaming\PhotoScape [2012/04/30 17:07:31 | 000,000,000 | ---D | M] -- C:\Users\Augie\AppData\Roaming\redsn0w [2012/08/07 14:44:02 | 000,000,000 | ---D | M] -- C:\Users\Augie\AppData\Roaming\SoftGrid Client [2012/07/21 12:55:17 | 000,000,000 | ---D | M] -- C:\Users\Augie\AppData\Roaming\SpeedyPC Software [2011/09/16 12:31:14 | 000,000,000 | ---D | M] -- C:\Users\Augie\AppData\Roaming\Synaptics [2011/09/21 13:31:10 | 000,000,000 | ---D | M] -- C:\Users\Augie\AppData\Roaming\TP [2012/02/02 17:44:11 | 000,000,000 | ---D | M] -- C:\Users\Augie\AppData\Roaming\webex [2011/11/28 18:17:04 | 000,000,000 | ---D | M] -- C:\Users\Augie\AppData\Roaming\Windows Live Writer [2012/08/06 18:24:35 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1678713175-1451055111-565092166-1001Core.job [2012/08/07 12:52:01 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1678713175-1451055111-565092166-1001UA.job [2009/07/14 00:08:49 | 000,022,432 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2 < End of report > aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-08-07 15:45:19 ----------------------------- 15:45:19.716 OS Version: Windows x64 6.1.7601 Service Pack 1 15:45:19.716 Number of processors: 2 586 0x603 15:45:19.717 ComputerName: AUGIE-HP UserName: Augie 15:45:21.536 Initialize success 15:46:14.437 AVAST engine defs: 12080701 15:48:23.070 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005d 15:48:23.075 Disk 0 Vendor: ST950032 0005 Size: 476940MB BusType: 11 15:48:23.080 Device \Driver\amd_sata -> MajorFunction fffffa80049ab5e8 15:48:23.087 Disk 0 MBR read successfully 15:48:23.094 Disk 0 MBR scan 15:48:23.103 Disk 0 Windows 7 default MBR code 15:48:23.118 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048 15:48:23.130 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 461577 MB offset 409600 15:48:23.169 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15059 MB offset 945719296 15:48:23.194 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128 15:48:23.244 Disk 0 scanning C:\Windows\system32\drivers 15:48:36.415 Service scanning 15:49:04.038 Modules scanning 15:49:04.379 Disk 0 trace - called modules: 15:49:04.385 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys >>UNKNOWN [0xfffffa80049ab5e8]<< 15:49:04.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004294790] 15:49:04.395 3 CLASSPNP.SYS[fffff8800196443f] -> nt!IofCallDriver -> [0xfffffa800426eac0] 15:49:04.400 5 amd_xata.sys[fffff880010f0900] -> nt!IofCallDriver -> \Device\0000005d[0xfffffa800425a550] 15:49:04.407 \Driver\amd_sata[0xfffffa80047ea060] -> IRP_MJ_CREATE -> 0xfffffa80049ab5e8 15:49:10.456 AVAST engine scan C:\Windows 15:49:13.724 AVAST engine scan C:\Windows\system32 15:52:20.239 AVAST engine scan C:\Windows\system32\drivers 15:52:36.628 AVAST engine scan C:\Users\Augie 15:55:10.062 Disk 0 MBR has been saved successfully to "C:\Users\Augie\Desktop\MBR.dat" 15:55:10.094 The log file has been saved successfully to "C:\Users\Augie\Desktop\aswMBR.txt" 16:02:30.515 AVAST engine scan C:\ProgramData 16:03:13.638 Scan finished successfully 16:29:30.451 Disk 0 MBR has been saved successfully to "C:\Users\Augie\Desktop\MBR.dat" 16:29:30.641 The log file has been saved successfully to "C:\Users\Augie\Desktop\new aswMBR.txt" [/QUOTE]
Insert quotes…
Verification
Post reply
Top