Conduit Toolbar or its remnants cannot be removed

December 19, 2013 at 22:23:58
Specs: Windows Vista
Have tried every conceivable remedy on the Internet to remove this error message. According the posting below, you mentioned other approaches. What are they exactly?

It is due to Conduit Toolbar or its remnants.
Probably the quickest approach is to download ADWCleaner from here:
http://www.bleepingcomputer.com/dow...
See the blue button "Download now @BleepingComputer".
Save the file rather than running it online. Double click the saved file then use the Scan. It is safe to then use Clean which will remove all dubious toolbars.
I'm pretty sure this will do the trick but there are other approaches if it fails.
Always pop back and let us know the outcome - thanks


See More: Conduit Toolbar or its remnants cannot be removed

Report •

#1
December 19, 2013 at 23:04:08
When do you get the error message and what does it say?

"I've always been mad, I know I've been mad, like the most of us..." Pink Floyd


Report •

#2
December 20, 2013 at 04:04:58
1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
How to download from Softpedia
http://i.imgur.com/BWELEfV.gif
http://i.imgur.com/4luY3rU.gif
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Please download AdwCleaner by Xplode onto your Desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool to your Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.

message edited by Johnw


Report •

#3
December 20, 2013 at 11:04:42
# AdwCleaner v3.015 - Report created 20/12/2013 at 10:51:41
# Updated 10/12/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Jsphrsa - JSPHRSA-PC
# Running from : C:\Users\Jsphrsa\AppData\Local\Temp\Temp1_b4f106e548b249ef883e37b9447f3928_adwcleaner.zip\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : BackupStack
Service Deleted : CltMngSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\24x7Help
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Searchprotect
Folder Deleted : C:\Program Files\sweetpacks bundle uninstaller
Folder Deleted : C:\Users\Jsphrsa\AppData\Local\Conduit
Folder Deleted : C:\Users\Jsphrsa\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Jsphrsa\AppData\Local\Searchprotect
Folder Deleted : C:\Users\Jsphrsa\AppData\Local\Temp\NativeMessaging
Folder Deleted : C:\Users\Jsphrsa\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jsphrsa\AppData\Roaming\ValueApps
Folder Deleted : C:\Users\Jsphrsa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna
Folder Deleted : C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb
File Deleted : C:\END
File Deleted : C:\Users\Jsphrsa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\Jsphrsa\Desktop\MyPC Backup.lnk
File Deleted : C:\Windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_lipgolpfajiadodbcbljdpmbmbdmfcil]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F63AAEDC-3602-49EF-AA45-262380A98980}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\FLEXnet
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v

[ File : C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : search_url
Deleted : suggest_url
Deleted : keyword
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R2].txt - [3743 octets] - [20/12/2013 10:49:17]
AdwCleaner[S2].txt - [3467 octets] - [20/12/2013 10:51:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3527 octets] ##########


Report •

Related Solutions

#4
December 20, 2013 at 11:12:17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Jsphrsa on Fri 12/20/2013 at 11:07:29.11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_lipgolpfajiadodbcbljdpmbmbdmfcil
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

Value Name Type Value Data
========================================================================================
ConduitFloatingPlugin_lipgolpfajiadodbcbljdpmbmbdmfcil REG_SZ "C:\Windows\system32\Rundll32.exe" "C:\Users\Jsphrsa\AppData\Local\Temp\CT3306061\plugins\TBVerifier.dll",RunConduitFloatingPlugin lipgolpfajiadodbcbljdpmbmbdmfcil


~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dynconie.dynconieobject
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dynconie.dynconieobject.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\dynconie
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193}

~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\Users\Jsphrsa\AppData\Roaming\fighters"
Successfully deleted: [Folder] "C:\Users\Jsphrsa\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Jsphrsa\appdata\local\stronghold_llc"
Successfully deleted: [Folder] "C:\Users\Jsphrsa\appdata\locallow\myashampoo"
Successfully deleted: [Folder] "C:\Program Files\bucksbee loyalty plugin - 100815"
Successfully deleted: [Folder] "C:\Program Files\fighters"

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Jsphrsa\appdata\local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/20/2013 at 11:10:59.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#5
December 20, 2013 at 11:16:27
Nice work Jsphrsa, we are getting there.

3: Run Malwarebytes' Anti-Malware ( MBAM ) Free Version. Use Quick scan. Copy and Paste the contents of the log please.
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://i.imgur.com/3DtG68Y.gif
http://www.malwarebytes.org/mbam.php
Make sure you uncheck > Enable free trial < during install.
http://i.imgur.com/tUFCbYz.gif
If your MBAM log indicates "No action taken." That's usually a result of NOT clicking the Remove Selected button after the scan.
Quick Scan versus Full Scan
http://forums.malwarebytes.org/inde...


Report •

#6
December 20, 2013 at 11:17:34
Thanks for your help. Still getting the error message on startup. Never had such a stubborn computer infection in my life.

Report •

#7
December 20, 2013 at 11:20:30
I have done that ... or, run every known malware program in existance. Nothing seems to get rid of the problem. I am thinking that only a clean reinstall of windows will work. unless you have any other suggestions. I am open to almost anything at this point.

Thanks for your advice.
Joe


Report •

#8
December 20, 2013 at 11:31:59
"I have done that ... or, run every known malware program in existance"

Update MBAM, run again & post the log please, one step at a time, all clues are going to help, we will get rid of the problem.

message edited by Johnw


Report •

#9
December 20, 2013 at 13:01:47
4: Download OTL from any of the following links and save to your Desktop.
http://itxassociates.com/OT-Tools/O...
http://oldtimer.geekstogo.com/OTL.exe
http://www.itxassociates.com/OT-Too...

Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)
When the window appears, underneath Output at the top, make sure Standard output is selected.
Select Scan all users
Change Drivers to All
Under the Extra Registry section, check Use SafeList
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Click Run Scan and let the program run uninterrupted.
When the scan is complete, two text files will be created on your Desktop. Copy & Paste the contents of both logs in your next post please.
OTL.Txt <- this one will be opened
Extras.txt <- this one will be minimized

If any of the logs are too large, upload them using this. I upload to Imgur.com for images & load.to for files ( neither need an account ) Give us the link please.
Image Uploader
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://zenden.ws/imageuploader_ru
How to use for files.
http://i.imgur.com/FhtnM6c.gif
http://i.imgur.com/AT6bjjD.gif
http://i.imgur.com/txFkgpT.gif


message edited by Johnw


Report •

#10
December 20, 2013 at 13:28:40
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.18.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Jsphrsa :: JSPHRSA-PC [administrator]

12/20/2013 11:21:57 AM
MBAM-log-2013-12-20 (13-07-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 291078
Time elapsed: 1 hour(s), 14 minute(s), 48 second(s)

Memory Processes Detected: 4
C:\ProgramData\InternetUpdater\InternetUpdaterService.exe (PUP.Optional.InternetUpdater.A) -> 3848 -> No action taken.
C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (PUP.Optional.SearchDonkey.A) -> 5720 -> No action taken.
C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (PUP.Optional.SearchDonkey.A) -> 6188 -> No action taken.
C:\ProgramData\RHelpers\IeHelper\IeHelper.exe (PUP.Optional.SearchDonkey.A) -> 7068 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKLM\SYSTEM\CurrentControlSet\Services\InternetUpdater (PUP.Optional.InternetUpdater.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetUpdater (PUP.Optional.InternetUpdater.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids (PUP.Optional.Websteroids.A) -> No action taken.

Registry Values Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\InternetUpdater|ImagePath (PUP.Optional.InternetUpdater.A) -> Data: "C:\ProgramData\InternetUpdater\InternetUpdaterService.exe" -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 16
C:\ProgramData\InternetUpdater (PUP.Optional.InternetUpdater.A) -> No action taken.
C:\ProgramData\Websteroids (PUP.Optional.Websteroids.A) -> No action taken.
C:\ProgramData\Websteroids\Chrome (PUP.Optional.Websteroids.A) -> No action taken.
C:\ProgramData\Websteroids\Chrome\unzip (PUP.Optional.Websteroids.A) -> No action taken.
C:\ProgramData\Websteroids\Firefox (PUP.Optional.Websteroids.A) -> No action taken.
C:\ProgramData\Websteroids\Firefox\chrome (PUP.Optional.Websteroids.A) -> No action taken.
C:\ProgramData\Websteroids\Firefox\chrome\content (PUP.Optional.Websteroids.A) -> No action taken.
C:\ProgramData\Websteroids\IE (PUP.Optional.Websteroids.A) -> No action taken.
C:\Users\Jsphrsa\AppData\Local\Temp\ct3311333 (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Jsphrsa\AppData\Local\Temp\CT3317209 (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Jsphrsa\AppData\Local\Temp\CT3317212 (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Jsphrsa\AppData\Local\Temp\CT408137 (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Jsphrsa\AppData\Local\Temp\CT408137\plugins (PUP.Optional.Conduit.A) -> No action taken.
C:\ProgramData\RHelpers\ChromeHelper (PUP.Optional.Searchagent) -> No action taken.
C:\ProgramData\RHelpers\FirefoxHelper (PUP.Optional.Searchagent) -> No action taken.
C:\ProgramData\RHelpers\IeHelper (PUP.Optional.Searchagent) -> No action taken.

Files Detected: 52
C:\ProgramData\InternetUpdater\InternetUpdaterService.exe (PUP.Optional.InternetUpdater.A) -> No action taken.
C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (PUP.Optional.SearchDonkey.A) -> No action taken.
C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (PUP.Optional.SearchDonkey.A) -> No action taken.
C:\ProgramData\RHelpers\IeHelper\IeHelper.exe (PUP.Optional.SearchDonkey.A) -> No action taken.
C:\Users\Jsphrsa\AppData\Local\Temp\dlLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Jsphrsa\AppData\Local\Temp\nsq4E45.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Jsphrsa\AppData\Local\Temp\nsr85D4.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Jsphrsa\AppData\Local\Temp\nsvEF04.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Jsphrsa\AppData\Local\Temp\nsa481C.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Jsphrsa\AppData\Local\Temp\nscBACC.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Jsphrsa\AppData\Local\Temp\nsd76A8.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Jsphrsa\AppData\Local\Temp\nsfE9C5.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Jsphrsa\AppData\Local\Temp\mam-ct3317212\ctbe.exe (PUP.Optional.Conduit) -> No action taken.
C:\Users\Jsphrsa\AppData\Local\Temp\mam-ct3317212\mamstub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Jsphrsa\AppData\Local\Temp\AU\AutoUpdate.zip (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Jsphrsa\AppData\Local\Temp\AU\SPUpdater.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Jsphrsa\AppData\Local\Temp\CT408137\spch.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Jsphrsa\Downloads\tb_Conduit_brch.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Jsphrsa\Downloads\AdwCleaner_TSV28A4P.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\ProgramData\InternetUpdater\InternetUpdater.ico (PUP.Optional.InternetUpdater.A) -> No action taken.
C:\ProgramData\InternetUpdater\app.dat (PUP.Optional.InternetUpdater.A) -> No action taken.
C:\ProgramData\InternetUpdater\data.dat (PUP.Optional.InternetUpdater.A) -> No action taken.
C:\ProgramData\InternetUpdater\InternetUpdaterService.exe.config (PUP.Optional.InternetUpdater.A) -> No action taken.
C:\ProgramData\InternetUpdater\Uninstall.exe (PUP.Optional.InternetUpdater.A) -> No action taken.
C:\ProgramData\Websteroids\app.dat (PUP.Optional.Websteroids.A) -> No action taken.
C:\ProgramData\Websteroids\Uninstall.exe (PUP.Optional.Websteroids.A) -> No action taken.
C:\ProgramData\Websteroids\Websteroids.ico (PUP.Optional.Websteroids.A) -> No action taken.
C:\ProgramData\Websteroids\Chrome\common.crx (PUP.Optional.Websteroids.A) -> No action taken.
C:\ProgramData\Websteroids\Chrome\unzip\announce.js (PUP.Optional.Websteroids.A) -> No action taken.
C:\ProgramData\Websteroids\Chrome\unzip\background.html (PUP.Optional.Websteroids.A) -> No action taken.
C:\ProgramData\Websteroids\Chrome\unzip\common.js (PUP.Optional.Websteroids.A) -> No action taken.
C:\ProgramData\Websteroids\Chrome\unzip\contentscript.js (PUP.Optional.Websteroids.A) -> No action taken.
C:\ProgramData\Websteroids\Chrome\unzip\icon.png (PUP.Optional.Websteroids.A) -> No action taken.
C:\ProgramData\Websteroids\Chrome\unzip\icon128.png (PUP.Optional.Websteroids.A) -> No action taken.
C:\ProgramData\Websteroids\Chrome\unzip\icon16.png (PUP.Optional.Websteroids.A) -> No action taken.
C:\ProgramData\Websteroids\Chrome\unzip\icon48.png (PUP.Optional.Websteroids.A) -> No action taken.
C:\ProgramData\Websteroids\Chrome\unzip\iframecontentscript.js (PUP.Optional.Websteroids.A) -> No action taken.
C:\ProgramData\Websteroids\Chrome\unzip\manifest.json (PUP.Optional.Websteroids.A) -> No action taken.
C:\ProgramData\Websteroids\Firefox\chrome.manifest (PUP.Optional.Websteroids.A) -> No action taken.
C:\ProgramData\Websteroids\Firefox\install.rdf (PUP.Optional.Websteroids.A) -> No action taken.
C:\ProgramData\Websteroids\Firefox\chrome\content\main.js (PUP.Optional.Websteroids.A) -> No action taken.
C:\ProgramData\Websteroids\Firefox\chrome\content\overlay.xul (PUP.Optional.Websteroids.A) -> No action taken.
C:\ProgramData\Websteroids\IE\common.dll (PUP.Optional.Websteroids.A) -> No action taken.
C:\Users\Jsphrsa\AppData\Local\Temp\ct3311333\chromeid.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Jsphrsa\AppData\Local\Temp\ct3311333\setup.ini.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Jsphrsa\AppData\Local\Temp\CT3317209\ddt.csf (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Jsphrsa\AppData\Local\Temp\CT3317212\ddt.csf (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Jsphrsa\AppData\Local\Temp\CT408137\CT408137.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Jsphrsa\AppData\Local\Temp\CT408137\ddt.csf (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Jsphrsa\AppData\Local\Temp\CT408137\initdata.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Jsphrsa\AppData\Local\Temp\CT408137\manifest.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Jsphrsa\AppData\Local\Temp\CT408137\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> No action taken.

(end)


Report •

#11
December 20, 2013 at 13:35:39
"No action taken'
You havn't taken any action.

Refer my post #5

If your MBAM log indicates "No action taken." That's usually a result of NOT clicking the Remove Selected button after the scan.



Report •

#12
December 20, 2013 at 14:47:25
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.18.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Jsphrsa :: JSPHRSA-PC [administrator]

12/20/2013 2:27:28 PM
mbam-log-2013-12-20 (14-27-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 290993
Time elapsed: 10 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Report •

#13
December 20, 2013 at 14:55:14
"12/20/2013 2:27:28 PM
mbam-log-2013-12-20 (14-27-28).txt"
That's better.

Report •

#14
December 20, 2013 at 15:10:09
Have no idea how to upload a txt file and create an image and submit OTL log.
Thanks.

message edited by Jsphrsa


Report •

#15
December 20, 2013 at 15:19:48
"Have no idea how to upload a txt file"
I did provide instructions with the screenshots.

"create an image"
Not needed, only the files using the program > Image Uploader.

If still stuck, just Copy & Paste them in your next reply. You will have to break one file into bits & post each bit separately, one after the other.


Report •

#16
December 20, 2013 at 16:38:45
I will copy and paste with screen shots. I dont know you can read the file. It is merely txt icon image.

Report •

#17
December 20, 2013 at 16:44:02
Joe Screencast1
Screencast #1 among series Thanks.

Report •

#18
December 20, 2013 at 16:45:53
Joe Screencast #2
Joe Screencast #2. Thank you.

Report •

#19
December 20, 2013 at 16:51:16
Joe Screencast #3
Job Screencast #3 and continuing. Thank you.

Report •

#20
December 20, 2013 at 16:52:52
Joe Screencast #4
Continuing the Screencast saga ... thanks.

Report •

#21
December 20, 2013 at 16:54:35
Screencast #5
Thanks for everything ... it continues.

Report •

#22
December 20, 2013 at 16:55:47
Screencast #6
Number 6 is coming to you.

Report •

#23
December 20, 2013 at 16:57:16
Joe images are no good, I cannot do a search on them.

The 2 files have been saved on your desktop, just Copy & Paste the contents of them, the same as you did for MBAM.

This is a sample of what is required,
Posts #50 to #56
http://www.computing.net/answers/wi...

message edited by Johnw


Report •

#24
December 20, 2013 at 17:27:08
Screencast #7
Thanks for your help. I continue to send.

Report •

#25
December 20, 2013 at 17:31:51
the files are too large and get error message. I thought doing a screen shot would work. I will try your suggestion. Thanks.

Report •

#26
December 20, 2013 at 17:35:37
OTL logfile created on: 12/20/2013 2:49:29 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jsphrsa\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 38.54% Memory free
6.22 Gb Paging File | 4.28 Gb Available in Paging File | 68.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 61.10 Gb Free Space | 26.24% Space Free | Partition Type: NTFS
Drive G: | 351.28 Gb Total Space | 232.08 Gb Free Space | 66.07% Space Free | Partition Type: NTFS
Drive H: | 114.48 Gb Total Space | 78.86 Gb Free Space | 68.88% Space Free | Partition Type: NTFS
Drive I: | 3.74 Gb Total Space | 3.72 Gb Free Space | 99.49% Space Free | Partition Type: FAT32

Computer Name: JSPHRSA-PC | User Name: Jsphrsa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013/12/20 14:48:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jsphrsa\Downloads\OTL (1).com
PRC - [2013/12/18 13:47:02 | 000,486,264 | ---- | M] (Updater) -- C:\ProgramData\Updater\updater.exe
PRC - [2013/12/17 15:07:10 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2013/12/17 15:06:56 | 000,197,128 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
PRC - [2013/11/20 11:54:56 | 003,116,032 | ---- | M] () -- C:\Users\Jsphrsa\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
PRC - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/09/30 23:46:04 | 000,025,088 | ---- | M] () -- C:\Program Files\wrapper_inst\file_to_run.exe
PRC - [2013/05/11 02:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 13:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2013/01/31 01:01:06 | 000,865,056 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/05/11 15:19:42 | 001,599,832 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2009/08/10 15:59:50 | 000,178,720 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2009/08/10 15:59:48 | 000,387,616 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 14:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013/12/03 18:48:04 | 000,399,312 | ---- | M] () -- C:\Users\Jsphrsa\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 18:48:02 | 004,055,504 | ---- | M] () -- C:\Users\Jsphrsa\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 18:47:11 | 000,702,416 | ---- | M] () -- C:\Users\Jsphrsa\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/03 18:47:11 | 000,099,792 | ---- | M] () -- C:\Users\Jsphrsa\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/03 18:47:08 | 001,619,408 | ---- | M] () -- C:\Users\Jsphrsa\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/11/20 11:54:56 | 003,116,032 | ---- | M] () -- C:\Users\Jsphrsa\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
MOD - [2011/08/19 15:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll


Report •

#27
December 20, 2013 at 17:36:17

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/12/17 15:07:10 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2013/12/17 15:06:56 | 000,197,128 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe -- (NitroDriverReadSpool9)
SRV - [2013/12/11 09:58:20 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/09/30 23:46:04 | 000,025,088 | ---- | M] () [Auto | Running] -- C:\Program Files\wrapper_inst\file_to_run.exe -- (pcregservice)
SRV - [2013/08/28 09:08:57 | 001,064,312 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FlexNet Licensing Service)
SRV - [2013/05/11 02:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/10 15:59:50 | 000,178,720 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009/08/10 15:59:48 | 000,387,616 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


[color=#E56717]========== Driver Services (All) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\snp2sxp.sys -- (SNP2STD)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\avgtdix.sys -- (Avgtdix)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\avgmfx86.sys -- (Avgmfx86)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\avglogx.sys -- (Avglogx)
DRV - File not found [File_System | System | Stopped] -- system32\DRIVERS\avgldx86.sys -- (Avgldx86)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\avgidsshimx.sys -- (AVGIDSShim)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\avgidshx.sys -- (AVGIDSHX)
DRV - File not found [File_System | System | Stopped] -- system32\DRIVERS\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - File not found [File_System | System | Stopped] -- system32\DRIVERS\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/12/20 14:46:29 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/09/27 09:53:06 | 000,214,696 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)

Report •

#28
December 20, 2013 at 17:36:52
| Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2013/09/27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/07/31 19:16:32 | 000,638,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV - [2013/07/12 01:04:32 | 000,134,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbvideo.sys -- (usbvideo)
DRV - [2013/07/12 01:04:18 | 000,073,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio)
DRV - [2013/07/04 19:20:37 | 000,914,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip6)
DRV - [2013/07/04 19:20:37 | 000,914,880 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip)
DRV - [2013/07/04 17:43:04 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg)
DRV - [2013/07/02 18:33:45 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbscan.sys -- (usbscan)
DRV - [2013/06/28 18:07:15 | 000,197,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbhub.sys -- (usbhub)
DRV - [2013/06/28 18:07:04 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2013/06/26 15:01:59 | 000,527,064 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000)
DRV - [2013/06/15 03:23:33 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv)
DRV - [2013/03/04 11:55:00 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2013/03/03 11:07:52 | 001,082,232 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2013/02/19 20:32:54 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/08/21 03:47:42 | 000,224,640 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2012/08/07 11:26:44 | 000,034,648 | ---- | M] (Flexera Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\InstallShield\2013\System\ISRegFlt.sys -- (ISRegFlt)
DRV - [2012/07/25 18:33:43 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WUDFPf.sys -- (WudfPf)
DRV - [2012/07/25 18:32:51 | 000,155,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WUDFRd.sys -- (WUDFRd)
DRV - [2012/06/04 07:26:04 | 000,440,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2012/05/01 06:03:49 | 000,180,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2012/03/20 15:28:50 | 000,053,120 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\partmgr.sys -- (partmgr)
DRV - [2012/02/29 05:32:37 | 000,012,800 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2011/11/03 02:01:00 | 000,045,968 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2011/07/06 07:31:47 | 000,214,016 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV - [2011/05/05 05:54:07 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci)
DRV - [2011/05/05 05:54:07 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2011/04/29 05:25:10 | 000,146,432 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srv2.sys -- (srv2)
DRV - [2011/04/29 05:25:09 | 000,102,400 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet)
DRV - [2011/04/29 05:24:42 | 000,079,872 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV - [2011/04/29 05:24:40 | 000,106,496 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb.sys -- (mrxsmb)
DRV - [2011/04/21 05:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\afd.sys -- (AFD)
DRV - [2011/04/14 06:59:03 | 000,075,264 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2011/02/22 05:23:55 | 000,069,632 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bowser.sys -- (bowser)
DRV - [2011/02/18 06:03:32 | 000,305,152 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srv.sys -- (srv)
DRV - [2010/11/26 17:02:28 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/04/30 00:59:12 | 003,086,752 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - [2010/02/20 12:53:34 | 000,411,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand

Report •

#29
December 20, 2013 at 17:37:22
| Running] -- C:\Windows\System32\drivers\http.sys -- (HTTP)
DRV - [2010/02/18 03:28:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel)
DRV - [2009/09/30 17:01:54 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV - [2009/08/04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/04/10 22:33:03 | 000,292,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx)
DRV - [2009/04/10 22:32:55 | 000,149,480 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pci.sys -- (pci)
DRV - [2009/04/10 22:32:52 | 000,053,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\termdd.sys -- (TermDD)
DRV - [2009/04/10 22:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ndis.sys -- (NDIS)
DRV - [2009/04/10 22:32:49 | 000,014,312 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pciide.sys -- (pciide)
DRV - [2009/04/10 22:32:46 | 000,265,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\acpi.sys -- (ACPI)
DRV - [2009/04/10 22:32:46 | 000,245,736 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\clfs.sys -- (CLFS)
DRV - [2009/04/10 22:32:46 | 000,190,424 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\fltMgr.sys -- (FltMgr)
DRV - [2009/04/10 22:32:46 | 000,180,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt)
DRV - [2009/04/10 22:32:46 | 000,161,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC)
DRV - [2009/04/10 22:32:43 | 000,141,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ecache.sys -- (Ecache)
DRV - [2009/04/10 22:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\disk.sys -- (disk)
DRV - [2009/04/10 22:32:31 | 000,048,104 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\mup.sys -- (Mup)
DRV - [2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\atapi.sys -- (atapi)
DRV - [2009/04/10 20:46:40 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp)
DRV - [2009/04/10 20:46:32 | 000,121,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2009/04/10 20:46:30 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2009/04/10 20:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2009/04/10 20:45:51 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\pacer.sys -- (PSched)
DRV - [2009/04/10 20:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\netbt.sys -- (netbt)
DRV - [2009/04/10 20:45:22 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\smb.sys -- (Smb)
DRV - [2009/04/10 20:43:28 | 000,148,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP)
DRV - [2009/04/10 20:43:02 | 000,236,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService)
DRV - [2009/04/10 20:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2009/04/10 20:42:48 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidusb.sys -- (HidUsb)
DRV - [2009/04/10 20:42:42 | 000,561,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2009/04/10 20:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrom.sys -- (cdrom)
DRV - [2009/04/10 20:38:40 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2009/04/10 20:14:40 | 000,114,688 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2009/04/10 20:14:29 | 000,225,280 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\rdbss.sys -- (rdbss)
DRV - [2009/04/10 20:14:01 | 000,035,328 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\npfs.sys -- (Npfs)
DRV - [2009/04/10 20:13:59 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2009/04/10 20:13:53 | 000,136,704 | ---- | M] (Microsoft Corporation) [File_System | On_De

Report •

#30
December 20, 2013 at 17:37:56
mand | Stopped] -- C:\Windows\System32\drivers\exfat.sys -- (exfat)
DRV - [2009/04/10 20:13:52 | 000,142,848 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\fastfat.sys -- (fastfat)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/01/20 18:24:57 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modem.sys -- (Modem)
DRV - [2008/01/20 18:24:55 | 000,076,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rasl2tp.sys -- (Rasl2tp)
DRV - [2008/01/20 18:24:55 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\raspptp.sys -- (PptpMiniport)
DRV - [2008/01/20 18:24:55 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/01/20 18:24:51 | 000,006,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mstee.sys -- (MSTEE)
DRV - [2008/01/20 18:24:51 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/01/20 18:24:51 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/01/20 18:24:50 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/01/20 18:24:50 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/01/20 18:24:50 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD)
DRV - [2008/01/20 18:24:47 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv)
DRV - [2008/01/20 18:24:47 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy)
DRV - [2008/01/20 18:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2008/01/20 18:24:45 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2008/01/20 18:24:37 | 000,084,480 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\System32\drivers\luafv.sys -- (luafv)
DRV - [2008/01/20 18:24:37 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr)
DRV - [2008/01/20 18:24:37 | 000,047,104 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio)
DRV - [2008/01/20 18:24:25 | 000,100,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipnat.sys -- (IPNAT)
DRV - [2008/01/20 18:24:25 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarpv6)
DRV - [2008/01/20 18:24:25 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/01/20 18:24:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/01/20 18:24:25 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/01/20 18:24:25 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp)
DRV - [2008/01/20 18:24:21 | 000,027,648 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace)
DRV - [2008/01/20 18:24:20 | 000,035,840 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/01/20 18:24:19 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\rasacd.sys -- (RasAcd)
DRV - [2008/01/20 18:24:11 | 000,021,048 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\spldr.sys -- (spldr)
DRV - [2008/01/20 18:24:08 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/01/20 18:24:08 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/01/20 18:24:06 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPCDD.sys -- (RDPCDD)
DRV - [2008/01/20 18:24:04 | 000,058,936 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo)
DRV - [2008/01/20 18:24:04 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/01/20 18:23:54 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/01/20 18:23:51 | 000,070,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV - [2008/01/20 18:23:51 | 000,022,528 | ---- | M] (Microsoft Corporation) [File_System | Syst

Report •

#31
December 20, 2013 at 17:38:29
em | Running] -- C:\Windows\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/01/20 18:23:50 | 000,004,608 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\null.sys -- (Null)
DRV - [2008/01/20 18:23:44 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\beep.sys -- (Beep)
DRV - [2008/01/20 18:23:43 | 000,057,400 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/01/20 18:23:31 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV - [2008/01/20 18:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\MegaSR.sys -- (MegaSR)
DRV - [2008/01/20 18:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 18:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 18:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 18:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 18:23:26 | 000,041,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2008/01/20 18:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs)
DRV - [2008/01/20 18:23:26 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass)
DRV - [2008/01/20 18:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 18:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 18:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 18:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60)
DRV - [2008/01/20 18:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 18:23:24 | 000,022,072 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2008/01/20 18:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2008/01/20 18:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 18:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 18:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 18:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 18:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 18:23:23 | 000,035,384 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass)
DRV - [2008/01/20 18:23:23 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2008/01/20 18:23:23 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - [2008/01/20 18:23:23 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - [2008/01/20 18:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 18:23:22 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2008/01/20 18:23:22 | 000,061,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx)
DRV - [2008/01/20 18:23:22 | 000,059,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35)
DRV - [2008/01/20 18:23:22 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\monitor.sys -- (monitor)
DRV - [2008/01/20 18:23:22 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\umbus.sys -- (umbus)
DRV - [2008/01/20 18:23:22 | 000,024,632 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2008/01/20 18:23:22 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/01/20 18:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopp

Report •

#32
December 20, 2013 at 17:39:08
, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 18:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 18:23:21 | 000,094,776 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2008/01/20 18:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 18:23:21 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/01/20 18:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 18:23:20 | 000,105,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)
DRV - [2008/01/20 18:23:20 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/01/20 18:23:20 | 000,034,360 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\mouclass.sys -- (mouclass)
DRV - [2008/01/20 18:23:20 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2008/01/20 18:23:20 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2008/01/20 18:23:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2008/01/20 18:23:20 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mouhid.sys -- (mouhid)
DRV - [2008/01/20 18:23:03 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/01/20 18:23:03 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Dot4Prt.sys -- (Dot4Print)
DRV - [2008/01/20 18:23:02 | 000,030,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp)
DRV - [2008/01/20 18:23:02 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vgapnp.sys -- (vga)
DRV - [2008/01/20 18:23:01 | 000,248,832 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/01/20 18:23:01 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Dot4.sys -- (Dot4)
DRV - [2008/01/20 18:23:01 | 000,109,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp)
DRV - [2008/01/20 18:23:01 | 000,083,456 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2008/01/20 18:23:01 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\parport.sys -- (Parport)
DRV - [2008/01/20 18:23:01 | 000,060,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx)
DRV - [2008/01/20 18:23:01 | 000,057,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp)
DRV - [2008/01/20 18:23:01 | 000,056,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VIAAGP.SYS -- (viaagp)
DRV - [2008/01/20 18:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGP440.sys -- (agp440)
DRV - [2008/01/20 18:23:01 | 000,055,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp)
DRV - [2008/01/20 18:23:01 | 000,052,792 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr)
DRV - [2008/01/20 18:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/01/20 18:23:01 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2008/01/20 18:23:01 | 000,036,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Dot4usb.sys -- (dot4usb)
DRV - [2008/01/20 18:23:01 | 000,031,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/01/20 18:23:01 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\serenum.sys -- (Serenum)
DRV - [2008/01/20 18:23:01 | 000,016,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv)
DRV - [2008/01/20 18:23:01 | 000,015,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swenum.sys -- (swenum)
DRV - [2008/01/20 18:23:01 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\parvdm.sys -- (Parvdm)
DRV - [2008/01/20 18:23:00 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2008/01/20 18:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2008/01/20 18:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm)

Report •

#33
December 20, 2013 at 17:39:40
DRV - [2008/01/20 18:23:20 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mouhid.sys -- (mouhid)
DRV - [2008/01/20 18:23:03 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/01/20 18:23:03 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Dot4Prt.sys -- (Dot4Print)
DRV - [2008/01/20 18:23:02 | 000,030,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp)
DRV - [2008/01/20 18:23:02 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vgapnp.sys -- (vga)
DRV - [2008/01/20 18:23:01 | 000,248,832 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/01/20 18:23:01 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Dot4.sys -- (Dot4)
DRV - [2008/01/20 18:23:01 | 000,109,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp)
DRV - [2008/01/20 18:23:01 | 000,083,456 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2008/01/20 18:23:01 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\parport.sys -- (Parport)
DRV - [2008/01/20 18:23:01 | 000,060,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx)
DRV - [2008/01/20 18:23:01 | 000,057,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp)
DRV - [2008/01/20 18:23:01 | 000,056,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VIAAGP.SYS -- (viaagp)
DRV - [2008/01/20 18:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGP440.sys -- (agp440)
DRV - [2008/01/20 18:23:01 | 000,055,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp)
DRV - [2008/01/20 18:23:01 | 000,052,792 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr)
DRV - [2008/01/20 18:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/01/20 18:23:01 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2008/01/20 18:23:01 | 000,036,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Dot4usb.sys -- (dot4usb)
DRV - [2008/01/20 18:23:01 | 000,031,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/01/20 18:23:01 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\serenum.sys -- (Serenum)
DRV - [2008/01/20 18:23:01 | 000,016,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv)
DRV - [2008/01/20 18:23:01 | 000,015,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swenum.sys -- (swenum)
DRV - [2008/01/20 18:23:01 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\parvdm.sys -- (Parvdm)
DRV - [2008/01/20 18:23:00 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2008/01/20 18:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2008/01/20 18:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/01/20 18:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7)
DRV - [2008/01/20 18:23:00 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)
DRV - [2008/01/20 18:23:00 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe)
DRV - [2008/01/20 18:23:00 | 000,028,728 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci)
DRV - [2008/01/20 18:23:00 | 000,020,792 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\compbatt.sys -- (Compbatt)
DRV - [2008/01/20 18:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 18:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 18:23:00 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\intelide.sys -- (intelide)
DRV - [2008/01/20 18:23:00 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2008/01/20 18:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/20 18:23:00 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2008/01/20 18:23:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\errdev.sys -- (ErrDev)
DRV - [2006/11/29 14:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)
DRV - [2006/11/02 01:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 01:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:04:35 | 000,878,080 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH)
DRV - [2006/11/02 00:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006/11/02 00:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2006/11/02 00:55:16 | 000,062,080 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2006/11/02 00:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir)
DRV - [2006/11/02 00:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr)
DRV - [2006/11/02 00:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006/11/02 00:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid)
DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp)
DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo)
DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/01 23:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/11/01 23:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\Windows\System32\WINSOCK.DLL -- (Winsock)
DRV - [2006/11/01 22:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)

Report •

#34
December 20, 2013 at 17:40:12
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searc...

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5B EA 3F 4F 74 FC CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

Report •

#35
December 20, 2013 at 17:40:38
: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jsphrsa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Jsphrsa\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Jsphrsa\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jsphrsa\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jsphrsa\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/10/12 10:30:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/12/16 21:15:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files\AVG\AVG2012\Thunderbird\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\EXTENSIONS\\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}: C:\Users\Jsphrsa\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\

[2013/10/12 10:02:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jsphrsa\AppData\Roaming\Mozilla\Extensions
[2013/12/20 10:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jsphrsa\AppData\Roaming\Mozilla\Firefox\extensions
[2013/12/20 10:46:18 | 000,000,000 | ---D | M] (Websteroids) -- C:\Users\Jsphrsa\AppData\Roaming\Mozilla\Firefox\extensions\support@websteroidsapp.com
[2012/04/18 07:31:47 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/08 00:32:54 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2007/07/18 12:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files\mozilla firefox\plugins\nptgeqplugin.dll

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.aol.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\PepperFlash\11.9.900.117\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: IE Tab Multi (Enabled) = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea\1.0.2.1_0\plugin/npietab.dll
CHR - plugin: IE Tab Multi (SPA) (Enabled) = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea\1.0.2.1_0\plugin/npietabspa.dll
CHR - plugin: Mixesoft Click&Clean Plug-In (Enabled) = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.3_0\plugin/npccch32.dll
CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.3_0\plugin/npqscan.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Jsphrsa\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Jsphrsa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Jsphrsa\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Jsphrsa\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Multi Search = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\afmdpmddiokpdknaeofdnlclbpgehhce\4.5.2_0\
CHR - Extension: Ancient History Encyclopedia = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahggffalhoajbhlaogbplamaaghnncle\3_0\
CHR - Extension: Learn Languages = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjfagelaiilekljoejkbdigidabehkpa\1.0_0\
CHR - Extension: YouTube = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Facebook = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
CHR - Extension: Quick Login for Google Accounts = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbgngpehipfmfmpjmhonhacgbkjpdidp\0.7.9.1_0\
CHR - Extension: Adblock Plus = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0\
CHR - Extension: Yet another flags = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmchcmgddbhmbkakammmklpoonoiiomk\0.9.10.0_0\
CHR - Extension: Mega Button = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjoabpkbidaaiikahbmfebfabbchoca\1.0.6_1\
CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.1.1037_0\
CHR - Extension: Stylish = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.2_0\
CHR - Extension: IE Tab Multi (Enhance) = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea\1.0.2.1_0\
CHR - Extension: Click&Clean = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.3_0\
CHR - Extension: One Last Pass ( Password Manager ) = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlcjfeemfanamjbekpmdhcefejlgpnke\1.6.1_0\
CHR - Extension: PDFescape = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioombffmiompnnfbajkmmghjaleclnjo\1.2.0.0_0\
CHR - Extension: History Eraser App = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjolhjmdgbhebcdnfjhngobjggghoipa\3.9.7_0\
CHR - Extension: Ever Password = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jokljcbnfmjmopjaionlkfgglkdeiikn\1.8.1_0\
CHR - Extension: Fonts = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldjliiifhhihimnjoeiopjlkambnhaei\1.0.0_0\
CHR - Extension: Classic Popup Blocker = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp\2.6_0\
CHR - Extension: FlashControl = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\3.3.16_0\
CHR - Extension: Search Box = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mknehpjhljpfaghmicofickbkdagooni\1.0_0\
CHR - Extension: Google Wallet = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Context Menu Search = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocpcmghnefmdhljkoiapafejjohldoga\2.91_0\
CHR - Extension: Black Black Chrome Theme Hot Pink Highlight = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdhfcagdlpjbpfldpabhkdibdcbaiih\3.4_0\
CHR - Extension: Click&Clean App = C:\Users\Jsphrsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0\

Report •

#36
December 20, 2013 at 17:41:09
O1 HOSTS File: ([2013/12/17 16:16:20 | 000,443,818 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15246 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A823A630-78C6-4637-AF80-AEDCA5BB74C1} - No CLSID value found.
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Amazon Cloud Player] C:\Users\Jsphrsa\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()
O4 - HKCU..\Run: [ConduitFloatingPlugin_lipgolpfajiadodbcbljdpmbmbdmfcil] "C:\Windows\system32\Rundll32.exe" "C:\Users\Jsphrsa\AppData\Local\Temp\CT3306061\plugins\TBVerifier.dll",RunConduitFloatingPlugin lipgolpfajiadodbcbljdpmbmbdmfcil File not found
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield1\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/g... (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D90932B-A197-4087-97FC-DD685EA6AEA4}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Jsphrsa\Am I Pretty Video\11 (2).jpg
O24 - Desktop BackupWallPaper: C:\Users\Jsphrsa\Am I Pretty Video\11 (2).jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/14 18:56:44 | 000,000,073 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/12/20 14:51:03 | 000,000,000 | ---D | C] -- C:\Users\Jsphrsa\AppData\Roaming\Image Uploader
[2013/12/20 14:51:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Uploader
[2013/12/20 14:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Image Uploader
[2013/12/20 14:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\Image Uploader
[2013/12/20 14:46:29 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/12/20 13:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Websteroids
[2013/12/20 11:07:24 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/12/20 10:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\RHelpers
[2013/12/20 10:46:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Updater
[2013/12/19 19:08:13 | 000,000,000 | ---D | C] -- C:\Users\Jsphrsa\AppData\Roaming\Nitro
[2013/12/19 17:01:43 | 000,000,000 | ---D | C] -- C:\Users\Jsphrsa\AppData\Roaming\Nitro PDF
[2013/12/19 17:01:29 | 000,027,144 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalmon9.dll
[2013/12/19 17:01:29 | 000,018,440 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalui9.dll
[2013/12/19 17:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro
[2013/12/19 17:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro
[2013/12/19 17:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro
[2013/12/19 17:00:45 | 000,000,000 | ---D | C] -- C:\Users\Jsphrsa\AppData\Roaming\Downloaded Installations
[2013/12/19 17:00:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/12/18 20:11:11 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/18 16:53:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/12/18 16:40:40 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2013/12/18 13:30:39 | 000,287,008 | ---- | C] (Conduit Ltd.) -- C:\Windows\System32\TBVerifier.dll
[2013/12/17 20:45:02 | 000,000,000 | ---D | C] -- C:\Users\Jsphrsa\AppData\Roaming\FreeFixer
[2013/12/17 20:45:02 | 000,000,000 | ---D | C] -- C:\Users\Jsphrsa\AppData\Local\FreeFixer
[2013/12/17 20:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFixer
[2013/12/17 19:28:25 | 000,000,000 | ---D | C] -- C:\Users\Jsphrsa\AppData\Roaming\AVG2014
[2013/12/17 19:17:45 | 000,000,000 | ---D | C] -- C:\Users\Jsphrsa\AppData\Roaming\TuneUp Software
[2013/12/17 19:12:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013/12/17 19:02:50 | 000,000,000 | ---D | C] -- C:\Users\Jsphrsa\AppData\Local\MFAData
[2013/12/17 19:02:50 | 000,000,000 | ---D | C] -- C:\Users\Jsphrsa\AppData\Local\Avg2014
[2013/12/17 18:56:30 | 000,000,000 | ---D | C] -- C:\Users\Jsphrsa\.android
[2013/12/17 18:56:28 | 000,000,000 | ---D | C] -- C:\Users\Jsphrsa\AppData\Local\cache
[2013/12/17 18:56:22 | 000,000,000 | ---D | C] -- C:\Users\Jsphrsa\AppData\Local\genienext
[2013/12/17 18:56:21 | 000,000,000 | ---D | C] -- C:\Users\Jsphrsa\Documents\Mobogenie
[2013/12/17 18:56:21 | 000,000,000 | ---D | C] -- C:\Users\Jsphrsa\AppData\Local\Mobogenie
[2013/12/17 18:54:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mobogenie
[2013/12/17 18:40:56 | 000,000,000 | ---D | C] -- C:\Users\Jsphrsa\AppData\Roaming\EMCO
[2013/12/17 17:08:13 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013/12/17 15:07:10 | 000,069,640 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
[2013/12/11 16:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/12/11 14:20:18 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/12/11 14:20:16 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/12/11 14:20:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/12/11 14:20:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/12/11 14:20:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/12/11 14:20:14 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/12/11 14:20:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/12/11 14:20:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/12/11 14:10:08 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/12/11 14:10:07 | 001,304,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMALFXGFXDSP.dll
[2013/12/11 14:10:07 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
[2013/12/11 14:10:07 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2013/12/11 14:10:07 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2013/12/11 14:09:54 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013/12/11 14:09:54 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll
[2013/12/10 15:21:42 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2013/12/10 15:21:41 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2013/12/10 15:21:41 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcm80.dll
[2013/12/09 23:33:22 | 000,000,000 | ---D | C] -- C:\Users\Jsphrsa\Desktop\Pretty Video
[2013/11/28 18:00:33 | 000,000,000 | ---D | C] -- C:\Users\Jsphrsa\Desktop\CamCorder
[2013/11/27 23:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Editor
[2013/11/26 23:50:20 | 000,000,000 | ---D | C] -- C:\Users\Jsphrsa\Desktop\New Folder
[2013/11/24 11:45:58 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/11/23 22:03:55 | 000,000,000 | ---D | C] -- C:\Users\Jsphrsa\New Folder
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

Report •

#37
December 20, 2013 at 17:41:33
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/12/20 14:51:00 | 000,000,860 | ---- | M] () -- C:\Users\Jsphrsa\Application Data\Microsoft\Internet Explorer\Quick Launch\Image Uploader.lnk
[2013/12/20 14:46:29 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/12/20 13:25:49 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/20 13:19:43 | 000,642,740 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/20 13:19:43 | 000,119,932 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/12/20 13:13:24 | 000,004,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/20 13:13:24 | 000,004,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/20 13:13:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/20 10:54:49 | 003,844,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/12/19 15:27:26 | 000,329,825 | ---- | M] () -- C:\Users\Jsphrsa\Desktop\MyPDF.PDF
[2013/12/18 20:02:18 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/18 19:58:41 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/18 19:45:38 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3805196169-2590560818-539599359-1000UA.job
[2013/12/18 17:17:51 | 000,002,511 | ---- | M] () -- C:\Windows\diagerr.xml
[2013/12/18 17:17:51 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2013/12/18 13:14:53 | 000,287,008 | ---- | M] (Conduit Ltd.) -- C:\Windows\System32\TBVerifier.dll
[2013/12/17 21:45:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3805196169-2590560818-539599359-1000Core.job
[2013/12/17 16:16:20 | 000,443,818 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/12/17 15:07:10 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
[2013/12/17 15:05:46 | 000,018,440 | ---- | M] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalui9.dll
[2013/12/17 15:05:44 | 000,027,144 | ---- | M] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalmon9.dll
[2013/12/11 09:58:20 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/12/11 09:58:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/12/05 13:52:53 | 000,002,054 | ---- | M] () -- C:\Users\Jsphrsa\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/27 23:09:30 | 000,000,886 | ---- | M] () -- C:\Users\Jsphrsa\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Audio Editor.lnk
[2013/11/27 18:54:57 | 000,006,144 | -H-- | M] () -- C:\Users\Jsphrsa\Desktop\photothumb.db
[2013/11/24 10:15:23 | 000,212,480 | ---- | M] () -- C:\Users\Jsphrsa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/12/20 14:51:00 | 000,000,860 | ---- | C] () -- C:\Users\Jsphrsa\Application Data\Microsoft\Internet Explorer\Quick Launch\Image Uploader.lnk
[2013/12/19 17:01:24 | 000,001,870 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 9.lnk
[2013/12/19 15:27:24 | 000,329,825 | ---- | C] () -- C:\Users\Jsphrsa\Desktop\MyPDF.PDF
[2013/11/27 23:09:30 | 000,000,886 | ---- | C] () -- C:\Users\Jsphrsa\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Audio Editor.lnk
[2013/11/27 18:54:57 | 000,006,144 | -H-- | C] () -- C:\Users\Jsphrsa\Desktop\photothumb.db
[2013/10/31 22:16:05 | 000,493,967 | ---- | C] () -- C:\Users\Jsphrsa\hot_chick_by_3dws-d4pwuuh.jpg
[2013/05/29 23:44:00 | 000,010,410 | ---- | C] () -- C:\ProgramData\regid.2009-06.com.flexerasoftware_FC13B7F7-A749-4698-B372-128EFDAD9CE8.swidtag
[2013/05/29 23:17:08 | 000,000,048 | ---- | C] () -- C:\Windows\TaxACT12.ini
[2013/03/21 00:28:27 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013/03/07 12:15:08 | 000,026,900 | ---- | C] () -- C:\Users\Jsphrsa\AppData\Local\dt.dat
[2012/12/24 01:15:06 | 000,005,030 | ---- | C] () -- C:\ProgramData\bzoyeojg.eew
[2012/09/11 07:09:30 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/08/05 17:48:05 | 000,001,415 | ---- | C] () -- C:\Windows\wininit.ini
[2012/08/05 11:18:55 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012/07/14 19:52:52 | 000,031,272 | ---- | C] () -- C:\Windows\System32\AppleChargerSrv.exe
[2012/07/14 19:52:51 | 000,019,496 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys
[2012/07/14 19:42:52 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012/06/19 06:52:17 | 000,000,000 | ---- | C] () -- C:\Windows\Textart.INI
[2012/05/22 07:49:21 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2012/04/30 20:59:40 | 000,000,064 | ---- | C] () -- C:\Users\Jsphrsa\AppData\Roaming\Statdisk.prefs
[2012/04/27 19:35:38 | 000,000,061 | ---- | C] () -- C:\Windows\TaxACT11.ini
[2012/01/06 22:28:12 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2012/01/06 22:28:12 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2011/12/27 07:44:14 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2011/12/24 02:03:18 | 000,002,544 | ---- | C] () -- C:\Windows\System32\EasyRedirect.ini
[2011/12/24 02:03:18 | 000,001,248 | ---- | C] () -- C:\Windows\System32\EasyRedirectOff.ini
[2011/12/21 19:33:59 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/12/21 19:10:48 | 000,061,678 | ---- | C] () -- C:\Users\Jsphrsa\AppData\Roaming\PFP120JPR.{PB
[2011/12/21 19:10:48 | 000,012,358 | ---- | C] () -- C:\Users\Jsphrsa\AppData\Roaming\PFP120JCM.{PB
[2011/12/20 12:07:33 | 000,033,069 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/12/20 11:55:07 | 000,033,069 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/12/20 09:03:26 | 000,212,480 | ---- | C] () -- C:\Users\Jsphrsa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/20 08:28:50 | 000,000,680 | ---- | C] () -- C:\Users\Jsphrsa\AppData\Local\d3d9caps.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2006/11/02 04:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 22:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2013/03/12 09:54:13 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\4Free
[2011/12/21 20:08:05 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\acccore
[2013/03/07 12:10:31 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\Amazon
[2012/01/14 22:48:05 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\AnvSoft
[2011/12/30 12:03:44 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\Ashampoo
[2011/12/25 10:42:46 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\AVG
[2013/01/21 05:30:29 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\AVG January 2013 Campaign
[2013/12/17 19:28:25 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\AVG2014
[2011/12/25 11:26:32 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\Camtech
[2012/06/03 05:15:17 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\Chrome
[2013/03/23 22:52:34 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/11/21 20:48:23 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\com.xtube.airuploader
[2013/12/19 17:00:45 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\Downloaded Installations
[2013/03/07 12:11:38 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\Dropbox
[2013/06/10 10:46:08 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\DVDVideoSoft
[2013/12/17 18:40:56 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\EMCO
[2013/11/27 23:09:43 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\Free Audio Editor
[2013/12/17 20:45:02 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\FreeFixer
[2012/02/10 07:53:32 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\gtk-2.0
[2013/12/20 14:51:04 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\Image Uploader
[2011/12/20 22:18:14 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\IObit
[2012/03/05 10:30:17 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\JLC's Software
[2012/05/21 08:03:20 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\KC Softwares
[2013/03/21 00:28:29 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\Leawo
[2013/02/05 18:07:02 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\MotionDSP
[2012/12/24 01:15:56 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\MOVAVI
[2013/12/19 19:08:13 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\Nitro
[2013/12/20 13:26:05 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\Nitro PDF
[2013/07/07 09:36:52 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\PC Utility Kit
[2013/05/20 19:21:51 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\PDAppFlex
[2013/10/12 10:30:42 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\PhotoScape
[2013/11/04 22:56:39 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\QuickScan
[2012/11/18 20:25:00 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\Shareaza
[2012/05/20 16:40:21 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\Stardock
[2011/12/21 01:10:31 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\Thunderbird
[2013/03/21 00:30:04 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\tiger-k
[2013/12/17 19:17:45 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\TuneUp Software
[2012/01/14 22:36:29 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\Wondershare Video Converter Platinum
[2012/01/14 21:43:02 | 000,000,000 | ---D | M] -- C:\Users\Jsphrsa\AppData\Roaming\Xilisoft

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 16 bytes -> C:\Users\Jsphrsa\Downloads:Shareaza.GUID
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:890CC2F3

< End of report >


Report •

#38
December 20, 2013 at 17:42:46
I pasted in sections to avoid the "Too Large File" error message. Thanks.

Report •

#39
December 20, 2013 at 17:54:19
Good Jim, I shall now go through them.

After each fix or change we make, let me know how the comp is running.

message edited by Johnw


Report •

#40
December 20, 2013 at 18:30:17
Are you going to give me the 2nd log called Extras?

5: Run TFC
http://www.geekstogo.com/forum/file...
http://www.bleepingcomputer.com/dow...
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Please double-click TFC.exe to run it. (Note: If you are running on Vista/Windows 7/8, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

6: Run HijackThis ( HJT ) Log please.
http://sourceforge.net/projects/hjt/
How to Use HiJackThis
http://www.wikihow.com/Use-HiJackThis


Report •

#41
December 20, 2013 at 18:58:54
There are no second log or extras. I provided the only log available. Unless I need to rerun and offer other information. The log was saved to desktop.

Report •

#42
December 20, 2013 at 19:07:17
My post #9
"When the scan is complete, two text files will be created on your Desktop. Copy & Paste the contents of both logs in your next post please.
OTL.Txt <- this one will be opened
Extras.txt <- this one will be minimized"

" Unless I need to rerun and offer other information"
No extra info needed. As long as you ran it from the desktop.

Right click on an empty part of your desktop & hit > Refresh.

Can you see the log now.



Report •

#43
December 20, 2013 at 19:14:58
File was not apparent. Did computer search and found:

OTL Extras logfile created on: 12/20/2013 2:49:29 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jsphrsa\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 38.54% Memory free
6.22 Gb Paging File | 4.28 Gb Available in Paging File | 68.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 61.10 Gb Free Space | 26.24% Space Free | Partition Type: NTFS
Drive G: | 351.28 Gb Total Space | 232.08 Gb Free Space | 66.07% Space Free | Partition Type: NTFS
Drive H: | 114.48 Gb Total Space | 78.86 Gb Free Space | 68.88% Space Free | Partition Type: NTFS
Drive I: | 3.74 Gb Total Space | 3.72 Gb Free Space | 99.49% Space Free | Partition Type: FAT32

Computer Name: JSPHRSA-PC | User Name: Jsphrsa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{028E88D3-5E02-4ADA-80CC-EF4DC9DAB5F2}" = lport=137 | protocol=17 | dir=in | app=system |
"{092157E6-4612-4929-A47B-456837E08FD0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1498418A-0277-4E5E-97C2-F81ECEBCBE21}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{207DE5BD-6939-4397-B52E-CF82B0BAD9D2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{238B0013-B7DF-458C-903C-A6FCB7CF13F4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{23DD57ED-84D8-46A0-9540-F1DF80E7FB4D}" = rport=139 | protocol=6 | dir=out | app=system |
"{2B7ECF79-B635-41D4-BF82-E10CC529E2BE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{366923A6-CDF1-48A0-A44D-8890DD41AC6E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3B83CC8F-5C50-41C0-9128-FD50111EED3C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{465BD9B1-03C1-4CD5-9EE5-48E77B36D32F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5DC9E34A-94B8-4EBB-8831-31FFD1BA4590}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{64CA0550-4991-44F6-B274-F1924C817D2E}" = lport=138 | protocol=17 | dir=in | app=system |
"{67EAB615-6159-4B5C-9401-AB609CA6A5A9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6B4B0FAE-C994-4416-A01A-5EA12142446B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6C9A1F50-0889-4AF0-B3D3-0BC97E2821F3}" = lport=445 | protocol=6 | dir=in | app=system |
"{75D49471-9B19-4171-9672-B9171A810941}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{75D676A2-9C5D-4D12-B7DA-4FA81B687251}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8240D74C-BB22-4C25-ABAA-7459B84F0940}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{83D68EF6-6AFF-4711-9EC1-2EF00344FB46}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{88A67D30-7926-4117-9E44-3060E646E299}" = rport=138 | protocol=17 | dir=out | app=system |
"{89FC71BB-B8B7-4680-871E-F6527C1017A2}" = rport=445 | protocol=6 | dir=out | app=system |
"{8B6A7EC7-2CA0-4A67-BE09-A5BE640014AA}" = rport=137 | protocol=17 | dir=out | app=system |
"{8DF6A022-DBF8-485E-8A87-80EE695E8988}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A3714D7E-3ED7-4B4E-ACEA-63C8C7E35B68}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B5687DD7-9DB4-4C39-987B-2919FB1369A8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B70A3628-604C-42BE-98CD-512A23D48D89}" = lport=139 | protocol=6 | dir=in | app=system |
"{DD4308A3-923C-424B-9313-7252561782E5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{020443DC-F028-436C-9163-5D44585F9B9D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{032AA3ED-4724-454C-B8F2-E58F20938CA3}" = protocol=17 | dir=in | app=c:\users\jsphrsa\appdata\roaming\dropbox\bin\dropbox.exe |
"{1409998C-6F47-4B07-B369-D66A1DC36EB7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{186E06C3-A326-4A1B-97ED-1FBE72F14755}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{19681B6B-C4F2-442C-BAEA-73508685596D}" = protocol=17 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"{1A0E6FFA-131E-4FC1-869D-CFFB5865948D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{1FB24072-CD22-41D4-BC65-112A6CA53078}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{2245582E-27E4-4520-9E55-B22F106D8DC6}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{23602B54-2A64-4016-88ED-71A6174693DD}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{237F2EFF-D5BE-44A2-A2C2-A0E08F393E35}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{26954995-8210-4072-AE25-02A082FC5538}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{2808814C-CA83-4FF3-85F9-4FA1407A075D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1324525529\ee\aoldesktop.exe |
"{2A4321EC-35A0-4A7A-A567-0174EE1C446E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
"{2AFA8B9D-0DF0-4F34-A0CB-553D8622E679}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{2B41B2D5-57E6-4FCD-93EC-213694EB6024}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{30BA5635-6185-4471-B65E-53901AAE4BF6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{3151EF92-DC69-42BB-9327-A45C57E3EE89}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{36D14B83-C855-469F-97D7-1E3957207EA5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{370BBC3E-3E17-4491-B52B-4596CE0FFE18}" = protocol=17 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"{37C7437E-E44F-475D-89E0-CA3837178851}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{39AFA05D-650E-4107-B292-58457D40B056}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{3FBFD7CB-7165-4476-8ABB-35E756C4FAF0}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{3FF637A5-8A5B-4250-BC1A-7D568503A354}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{43FEFF5B-1800-44C9-9A7C-411A72AA9040}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{46DF618A-9847-474E-9739-64CB719E52F3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{47679523-8677-4F12-839A-421F9E55C2F5}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{49F776FA-CA3E-4887-AE4E-2D2E89FA5878}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{4B7E3E42-8B37-4299-A51D-B657A2037CED}" = protocol=6 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"{559CFBBC-C3AF-49A3-82F1-3971FFCF7625}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{586AE3C8-2D8F-4235-95A4-423B7445E154}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{642111D9-96F4-4FF0-BD86-E0CDD1D71A9C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{6BC2E5F5-A079-4801-B0FB-C59BBE4E9D35}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7753C98E-FCC6-41D6-901E-ECAD11DA282B}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{7C302D2E-AF27-458D-9618-7063B2100525}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7CC4C3B8-2CB9-4977-A8CF-2FF41C8DFBBB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8397F7D3-095F-4F5A-BA1E-E2D92F315130}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{8585D839-7FBA-4F2D-B48D-05439F38DC9B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{8946A922-482B-466A-BB6E-33434D77110F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8B295F82-6C4F-434F-BA80-FBBB6289C3AA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{8EA67EF5-FD84-492A-8182-8E14622EE677}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{8ECC9C2A-24D0-459F-97C7-76AA108A782B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{903A1C1E-658C-457B-9B74-50C546D3C4AD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{904C90F0-057A-44EB-9A0C-F6D80575CB5C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1324525529\ee\aoldesktop.exe |
"{98D2F2EF-30D1-4817-87D2-1FC14A71492E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{9F7C5EB4-6BA0-4029-A411-B9DD1D75BF18}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A04E5CC6-0C19-4436-A7C1-4B8BFAA33C80}" = protocol=6 | dir=in | app=c:\users\jsphrsa\appdata\roaming\dropbox\bin\dropbox.exe |
"{A116B236-3F2C-45D3-8728-31B7E12CAC90}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{A564CC2F-8512-4F30-8276-4B8930E15007}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{A66EF7D9-D1FC-49C2-B3CE-25D03EDC8C80}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{A91EA577-9BCD-4CE8-93F1-75AE6AE4A753}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{AA3A24D3-2DA3-4636-9F62-3612A0F8B79F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{B4DB39EA-77B9-487C-BC54-ED795BD99998}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B587BCFD-C539-4CF6-BD49-0373BD8082BC}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{BB2C1316-FF46-4A6D-8014-14B3AA492FDF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C3716876-A438-42E3-9EA8-72E86F18206C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
"{C381B225-D18A-4562-8500-4907AE350413}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{C7F68AF0-CAAD-4509-ABA1-E8DB6474E166}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{C7FA0A58-B009-42D1-91FA-5C5DE71081CA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CA68BBDD-17CF-41A0-AB6D-1B6B994037AC}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{CB9D334E-0226-4D1B-9C57-8DB82AC735B6}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{CD163FC0-2A89-4B71-87AA-90968A8E3537}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{CD43DBC4-2E60-43C0-9720-0D456DF93421}" = protocol=6 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"{D2129A30-06A9-4988-87BB-E46693CD367C}" = protocol=6 | dir=out | app=system |
"{D47529AC-F7B8-4CFD-A330-052EC24DD701}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D5364D09-AD71-42C8-B679-5BD98DF5381D}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{D7CADE7A-F68D-41C9-A846-DFB5DA7F4826}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{D9B17780-E615-431A-9FCE-EDBB0BB26A4B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1324525529\ee\aolsoftware.exe |
"{DA1FBDFB-7DAC-4299-B61E-672D71A36960}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{DB31C51B-6BA2-46C6-B553-6CAE119F71BD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E1E66B27-5697-4DAB-BA69-EFA30734FDA4}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{E68561D9-AC67-48C9-AE9E-9BB2E37A9CBB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E8CEB169-8867-4AFE-9B2D-81F787D0CF21}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E95FE391-E842-4955-A17B-F2745E201D91}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{EAC38E4B-055D-45F9-9C13-D78FD28F92B3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EB809401-A9A6-4D17-9B95-F8E05BF08515}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{EE4B55DB-4A83-4381-A48E-B9F963BB7818}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{F5D59AAC-1ACA-4A6D-9CFA-ECEF8C67F7EB}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{FD57319B-5AED-4085-8E12-FC0681B6E69D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1324525529\ee\aolsoftware.exe |
"{FDC947FF-349D-467E-BF42-AD25F1448B10}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"TCP Query User{D3A364DD-F430-4605-A310-AD05C77F498E}C:\program files\easy-hide-ip\easy-hide-ip.exe" = protocol=6 | dir=in | app=c:\program files\easy-hide-ip\easy-hide-ip.exe |
"UDP Query User{5C3B638F-D31B-49F8-8BFC-5D8F73F36C41}C:\program files\easy-hide-ip\easy-hide-ip.exe" = protocol=17 | dir=in | app=c:\program files\easy-hide-ip\easy-hide-ip.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{246B9798-40A5-4D83-A270-51572D59EB33}" = MsConfig Cleanup Utility
"{24F211C6-2732-4564-B602-CDA2DE2A13FC}_is1" = Image Uploader version 1.2.7
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{286B09BC-F9BD-4F71-B767-2AE0CE2F8CE5}" = ScorpionSaver Services
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{56D4499E-AC3E-4B8D-91C9-C700C148C44B}" = Google Drive
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.28
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{64962AE7-D652-4306-8B92-F85059A28C6B}" = Nitro Pro 9
"{7061301A-0D44-432F-859D-AF705DA2C81F}_is1" = 4Free Video Converter 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75E2C2C1-485E-9DF9-928E-FF4067498100}" = XTube Uploader
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91D3AD6F-09CD-4695-9FA3-8FB15429BE97}" = D110
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CBE0FCA1-4E95-11D4-9875-00105ACE7734}" = Logitech User's Guide
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF56E507-A96E-4973-B7FB-E49542AE5875}" = QuickShare
"{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}" = Updater
"{D8790C21-FD1A-4593-B886-51E5FD49069A}" = InstallShield 2013
"{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
"{DE4F56C1-B6D3-441A-95A0-7A6A289F5A44}" = Microsoft Visual Basic 6 SP6 - KB2708437 Update
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{EE4F090B-501A-40AB-82F2-4A4F6F79DC49}" = InstallShield 2013
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}" = AOL Mail and AIM Gadget
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{fcd0b1fd-11ab-460b-9668-e89a3fbf8a85}" = Nitro Pro 9
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"CCleaner" = CCleaner
"com.xtube.airuploader" = XTube Uploader
"FileParade Bundle" = FileParade Bundle
"Free Audio Editor" = Free Audio Editor
"Free Audio Editor_is1" = Free Audio Editor v8.6.1
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Karen's Replicator" = Karen's Replicator
"KC Softwares SUMo_is1" = KC Softwares SUMo
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.7.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Thunderbird 24.1.0 (x86 en-US)" = Mozilla Thunderbird 24.1.0 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoScape" = PhotoScape
"RealPlayer 15.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.95
"Shareaza_is1" = Shareaza 2.5.5.0
"Shop for HP Supplies" = Shop for HP Supplies
"Smart Defrag 2_is1" = Smart Defrag 2
"TaxACT 2011 - 1040 Edition" = TaxACT 2011 - 1040 Edition
"TaxACT 2011 California" = TaxACT 2011 California
"TaxACT 2012 - 1040 Edition" = TaxACT 2012 - 1040 Edition
"TaxACT 2012 California" = TaxACT 2012 California
"vReveal 3" = vReveal 3
"Yahoo! Messenger" = Yahoo! Messenger

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Amazon Cloud Player" = Amazon Cloud Player
"Google Chrome" = Google Chrome

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 12/20/2013 3:15:23 PM | Computer Name = Jsphrsa-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/20/2013 3:15:49 PM | Computer Name = Jsphrsa-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 12/20/2013 5:13:40 PM | Computer Name = Jsphrsa-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/20/2013 5:26:06 PM | Computer Name = Jsphrsa-PC | Source = MsiInstaller | ID = 11706
Description =

[ System Events ]
Error - 12/20/2013 3:15:24 PM | Computer Name = Jsphrsa-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 12/20/2013 3:17:26 PM | Computer Name = Jsphrsa-PC | Source = Service Control Manager | ID = 7038
Description =

Error - 12/20/2013 3:17:26 PM | Computer Name = Jsphrsa-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/20/2013 4:25:23 PM | Computer Name = Jsphrsa-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 12/20/2013 5:13:21 PM | Computer Name = Jsphrsa-PC | Source = Microsoft-Windows-TaskScheduler | ID = 412
Description =

Error - 12/20/2013 5:13:40 PM | Computer Name = Jsphrsa-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12/20/2013 5:13:40 PM | Computer Name = Jsphrsa-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/20/2013 5:13:41 PM | Computer Name = Jsphrsa-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 12/20/2013 5:15:45 PM | Computer Name = Jsphrsa-PC | Source = Service Control Manager | ID = 7038
Description =

Error - 12/20/2013 5:15:45 PM | Computer Name = Jsphrsa-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >


Report •

#44
December 20, 2013 at 19:16:40
What are you looking for exactly? Your help is so instructive and useful. Thanks so much for the help. Learning a lot today.

Report •

#45
December 20, 2013 at 19:24:32
"What are you looking for exactly"
Same as you > Conduit.
Also any other stuff that will give you problems.

How is it running?

I can see problems, need you run my post #40 ASAP, have to go out soon.


Report •

#46
December 20, 2013 at 19:31:11
No problem. It's Friday. You're awesome and learning so much.

Report •

#47
December 20, 2013 at 19:47:30
"It's Friday"
Saturday here.
http://www.timeanddate.com/worldclo...


Report •

#48
December 20, 2013 at 20:01:50
Freakin' awesome. Mediterranean climate like San Diego, Ca. USA -- only better. SDJillGurl aka Joe ;)

Report •

#49
December 20, 2013 at 20:07:21
I'm waiting for you to run those programs.

Report •

#50
December 20, 2013 at 20:21:14
This is the message from program as admin. privileges as suggested:

Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jsphrsa
->Temp folder emptied: 714 bytes
->Temporary Internet Files folder emptied: 47657 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 11545019 bytes
->Flash cache emptied: 0 bytes

User: Public

User: SDJillGurl
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9733 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 0 bytes
Process complete!

Total Files Cleaned = 11.00 mb


Report •

#51
December 20, 2013 at 20:29:28
"This is the message from program as admin. privileges as suggested:"
Nice work. That gets that side of things clean, not that there was much, you had it very clean.


message edited by Johnw


Report •

#52
December 21, 2013 at 14:58:27
Whilst waiting for the HjackThis log.

Marketscore.RelevantKnowledge a Survey program, has been installed behind your back, use this to uninstall. It will be listed under M or R.
IObit Uninstaller
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.freewarefiles.com/IObit-...
http://www.majorgeeks.com/files/det...
http://www.iobit.com/advanceduninst...
Do a Standard Uninstall & then the Powerfull Scan to remove all the lurking bits.
http://i.imgur.com/olyCkcJ.gif
http://i.imgur.com/cKc5Chi.gif


Report •

#53
December 21, 2013 at 23:29:37
Learned a tremendous amount from our interaction. Will keep it in mind. Truth be told, my computer is so deeply infected, ie, f---ed up, I decided to perform a clean reinstall to ensure a fresh start. There was no other route. I was once incredibly geeky like you but now ... don't give a s--- about computer stuff, unless it suits my needs .... www.xtube.com/community/profile.php?user=sdjillgurl‎see pic:)

Report •

#54
December 21, 2013 at 23:54:59
"I decided to perform a clean reinstall to ensure a fresh start"
Happens all the time, no prob.

"I was once incredibly geeky like you"
It's my hobby, won't accept money, it gets in the way, spoils my hobby. Once you accept money, people then become very demanding.

Here is the best way to do a new install, just in case you get any repercussions.

Make sure when you reinstall, you delete ALL partitions & format to NTFS.
XP - D to Delete the selected partition
http://www.blackviper.com/os-instal...
Vista - Drive options (advanced)
http://www.vistax64.com/tutorials/1...
W7 - Click on > Drive options (advanced) Then highlight each partition & hit > Delete.
http://www.blackviper.com/os-instal...
http://www.blackviper.com/os-instal...
W8 - The complete guide to a Windows 8 clean installation
http://i.imgur.com/2FOd60C.gif
http://i.imgur.com/pm8d5Xm.gif
http://pcsupport.about.com/od/windo...
http://www.techrepublic.com/blog/wi...

Here are some examples of why you delete all partitions.
http://forums.spybot.info/showthrea...
http://forums.whatthetech.com/index...
http://blog.eset.com/2011/10/18/tdl...



Report •

#55
December 22, 2013 at 00:29:59
Thanks for the info. Have several partitions on HD I forgot about. One is virtual and do not trust or useless. Wanted to make for this situation. Both are useless ... given outdated nature. So, doing reinstall and know the drill. You should see my stuff as SDJillGurl. There is life outside of computers ... and so much more fun. Thanks so much, your help made me relive all the crap I forgot :O

Report •

#56
December 22, 2013 at 00:35:06
I know the feeling when it comes to hobby. Mine is just different but no less.

Report •

#57
December 22, 2013 at 00:43:17
"There is life outside of computers ... and so much more fun"
Yep, I'm in 3 singing groups, secretary of 2.
Chair the local Festival committee, we put on 6 or so events a year.

Have a large block in the hills that I look after, including the swimming pool.

Never get bored.

message edited by Johnw


Report •

#58
December 22, 2013 at 01:06:24
Well, can''t hold a candle to that ... it would take too much space to illustrate. Mine is more introverted ... and exhibitionistic in nature. But I stay busy with activities or volunteering for many groups ... I can't sing or wish and very busy person.

It's really hard for me to conceal my thoughts sometimes. For most people that I meet have a high opinion of themselves w/o any real comparison in the looks department ... for I live an alternative lifestyle ... but once they learn about it..."It's OMG.". But I am a humble individual and positive minded.

Happy for you and wish the best. I wish those who do good the best and will provide the highest ratings if needed. Thanks so much.


Report •

Ask Question