BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Syswow64
   
BullGuard Antivirus Forum > Virus information > Alerts & New Threats > Syswow64  
Forum Quick Jump
 
You cannot post new topics in this forum. Post reply to : Syswow64 Printable version of : Syswow64
[ << Previous Thread ]

xaat
New Member


Date Joined Nov 2012
Total Posts : 1
 
   Posted 11/16/2012 4:31 PM (GMT +3)    Quote: Syswow64Alert an admin about: Syswow64
i did my usual computer scan a few days ago and my avast picked up something called ctfmon.exe in the c:/windows/SysWOW64 im really scared that it might be a virus or something. it is currently running in the avast sandbox but i dont really know what to do, please help
Back to Top
 

Dickens
Trusted Member


Date Joined Mar 2005
Total Posts : 303
 
   Posted 11/16/2012 6:47 PM (GMT +3)    Quote: Syswow64Alert an admin about: Syswow64
Nothing to worry about - it is a Microsoft file.

Google ctfmon and have a look at the support.microsoft.co./kb/282599 webpage. THee are also plenty of other sites too.
Back to Top
 

Andreea-Luciana Ostache
Forum Moderator




Date Joined Aug 2010
Total Posts : 550
 
   Posted 11/18/2012 6:38 PM (GMT +3)    Quote: Syswow64Alert an admin about: Syswow64
Hello Xaat,

The ctfmon.exe file is safe if it's in c:/windows/SysWOW64 (a common folder for Windows 64-bit) or in c:/windows/System32 (a common folder for Windows 32-bit).

If you have ctfmon.lnk or any other type of extension for it, or if you have it in any other location than the above, it's an infection and you should delete it.

Cheers!


Andreea-Luciana Ostache
Senior Support Technician EN
support@bullguard.com
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 12

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!

Back to Top
 

Cyndy
New Member


Date Joined Sep 2010
Total Posts : 16
 
   Posted 2/20/2014 4:55 AM (GMT +3)    Quote: Syswow64Alert an admin about: Syswow64
Please forgive me for posting on this thread, but I cannot start my own thread due to the "valentine's day" advertisement that is blocking the option for starting a new post. The ad will NOT close, even when I click on the red "x." It is fully covering the choices to start a new thread. (Please move this to a new thread if you need to, and then post here where I need to look for the new thread location. Thanks.)

My laptop seems to be seriously compromised. I can't open emails now. My malware detection programs, my antivirus, my firewall program are all telling me that I do not have proper administrative rights to delete them, etc. A while back, I started experiencing problems with being unable to boot my laptop. So I had to do a System Restore. This happened several times. Just prior to this problem surfacing, I had been forced to remove my Comodo firewall program in order to allow the Five9 system to work on my laptop. The Five9 system is used by the company I now work for.

I turned on the Windows firewall, but have felt very vulnerable without a firewall like Comodo or Zone Alarm.

Long story short, now I have a system that will not let any malware programs or antispyware programs run on my system.

I just downloaded HiJackThis and ran it. During the process, a box popped up with this message...

An unexpected error has occurred at procedure: modMain_CheckOther1Item()
Error #75 - Path/File access error

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 6.01.3505
MSIE version: 8.0.7601.17514
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.



Here is the HiJackThis log that appeared afterwards.....


Logfile of HijackThis v1.99.1
Scan saved at 7:16:51 PM, on 2/19/2014
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Running processes:
C:\Users\Cyndy\PROGRAMS\avgui.exe
C:\Users\Cyndy\PROGRAMS\firefox.exe
C:\Users\Cyndy\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Users\Cyndy\PROGRAMS\avgui.exe" /TRAYONLY
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.arise.com
O15 - Trusted Zone: *.liveops.com
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Users\Cyndy\PROGRAMS\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Users\Cyndy\PROGRAMS\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Users\Cyndy\PROGRAMS\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: lxcj_device - - C:\windows\system32\lxcjcoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
O23 - Service: pcCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Unknown owner - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll" /prefetch:1 (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Skype C2C Service - Unknown owner - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe


Thank you a thousand times for any help you can give me.
I feel "sunk."

Cyndy
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 2/20/2014 1:53 PM (GMT +3)    Quote: Syswow64Alert an admin about: Syswow64
Hi Cyndy smile



We´ll continue in this topic.




Please download
Farbar Recovery Scan Tool

and save it to your Desktop.


Note: You need to run the version compatible with your system.
If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.




    Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File).
    When the tool opens click Yes to disclaimer.
    Press Scan button.
    It will produce a log called FRST.txt in the same directory the tool is run from.
    Please copy and paste log back here.
    The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe).
    Please also paste that along with the FRST.txt into your reply.


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Cyndy
New Member


Date Joined Sep 2010
Total Posts : 16
 
   Posted 2/21/2014 12:03 AM (GMT +3)    Quote: Syswow64Alert an admin about: Syswow64
Below are the files you requested. Thanks so much.


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-02-2014
Ran by Cyndy (administrator) on CYNDY-LAPTOP on 20-02-2014 14:52:00
Running from C:\Users\Cyndy\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Users\Cyndy\PROGRAMS\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Users\Cyndy\PROGRAMS\avgcsrva.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Users\Cyndy\PROGRAMS\SASCORE64.EXE
(AVG Technologies CZ, s.r.o.) C:\Users\Cyndy\PROGRAMS\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Users\Cyndy\PROGRAMS\avgwdsvc.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
( ) C:\windows\system32\lxcjcoms.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(AVG Technologies CZ, s.r.o.) C:\Users\Cyndy\PROGRAMS\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Users\Cyndy\PROGRAMS\avgemca.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AVG Technologies CZ, s.r.o.) C:\Users\Cyndy\PROGRAMS\avgui.exe
(Mozilla Corporation) C:\Users\Cyndy\PROGRAMS\firefox.exe
(Mozilla Corporation) C:\Users\Cyndy\PROGRAMS\plugin-container.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [X]
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Users\Cyndy\PROGRAMS\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {3C93C3E4-57EB-47E1-AE56-34C852B3F52D} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {3C93C3E4-57EB-47E1-AE56-34C852B3F52D} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 - DefaultScope {4DD0C096-64B1-401F-BF57-872314AA8872} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {4DD0C096-64B1-401F-BF57-872314AA8872} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKCU - DefaultScope {4DD0C096-64B1-401F-BF57-872314AA8872} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKCU - {3C93C3E4-57EB-47E1-AE56-34C852B3F52D} URL =
SearchScopes: HKCU - {4DD0C096-64B1-401F-BF57-872314AA8872} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKCU - {9044A249-7C2B-4B84-846A-F573BE0E78FC} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11

FireFox:
========
FF ProfilePath: C:\Users\Cyndy\AppData\Roaming\Mozilla\Firefox\Profiles\jkzijpeo.default
FF user.js: detected! => C:\Users\Cyndy\AppData\Roaming\Mozilla\Firefox\Profiles\jkzijpeo.default\user.js
FF DefaultSearchEngine: Search By ZoneAlarm
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Search By ZoneAlarm
FF Homepage: https://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Users\Cyndy\PROGRAMS\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Users\Cyndy\PROGRAMS\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Cyndy\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Users\Cyndy\AppData\Roaming\Mozilla\Firefox\Profiles\jkzijpeo.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Cyndy\AppData\Roaming\Mozilla\Firefox\Profiles\jkzijpeo.default\searchplugins\zonealarm.xml
FF Extension: PrivDog - C:\Users\Cyndy\AppData\Roaming\Mozilla\Firefox\Profiles\jkzijpeo.default\Extensions\PrivDog@AdTrustMedia.com [2014-01-18]
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\Cyndy\AppData\Roaming\Mozilla\Firefox\Profiles\jkzijpeo.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2014-01-08]
FF StartMenuInternet: FIREFOX.EXE - C:\Users\Cyndy\PROGRAMS\firefox.exe

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Users\Cyndy\PROGRAMS\SASCORE64.EXE [143088 2013-05-07] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Users\Cyndy\PROGRAMS\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Users\Cyndy\PROGRAMS\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 lxcj_device; C:\windows\system32\lxcjcoms.exe [566192 2007-02-08] ( )
R2 lxcj_device; C:\windows\SysWOW64\lxcjcoms.exe [537520 2007-02-08] ( )
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [441344 2012-07-06] (Alcatel-Lucent)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-12-16] (Check Point Software Technologies LTD)
S2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [454168 2013-10-23] (Check Point Software Technologies LTD)
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-20 14:52 - 2014-02-20 14:52 - 00014147 _____ () C:\Users\Cyndy\Desktop\FRST.txt
2014-02-20 14:51 - 2014-02-20 14:52 - 00000000 ____D () C:\FRST
2014-02-20 14:45 - 2014-02-20 14:45 - 02153984 _____ (Farbar) C:\Users\Cyndy\Desktop\FRST64.exe
2014-02-19 19:09 - 2014-02-19 19:16 - 00000000 ____D () C:\Users\Cyndy\Desktop\hijackthis
2014-02-19 19:09 - 2014-02-19 19:09 - 00212849 _____ () C:\Users\Cyndy\Desktop\hijackthis.zip
2014-02-19 11:29 - 2013-12-31 17:05 - 00420008 _____ () C:\windows\SysWOW64\locale.nls
2014-02-19 11:29 - 2013-12-31 17:04 - 00420008 _____ () C:\windows\system32\locale.nls
2014-02-19 11:29 - 2013-12-09 20:28 - 00610304 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-19 11:29 - 2013-12-09 20:02 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-02-19 11:29 - 2013-12-05 20:30 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-02-19 11:29 - 2013-12-05 20:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-02-19 11:29 - 2013-12-05 20:02 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-02-19 11:29 - 2013-12-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-02-19 11:28 - 2013-12-24 17:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-02-19 11:28 - 2013-12-24 16:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-02-19 11:28 - 2013-12-03 20:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-02-19 11:28 - 2013-12-03 20:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-02-19 11:28 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-02-19 11:28 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-02-19 11:28 - 2013-12-03 20:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-02-19 11:28 - 2013-12-03 20:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-02-19 11:28 - 2013-12-03 20:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-02-19 11:28 - 2013-12-03 20:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-02-19 11:28 - 2013-12-03 20:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-02-19 11:28 - 2013-12-03 20:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll
2014-02-19 11:28 - 2013-12-03 20:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll
2014-02-19 11:28 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll
2014-02-19 11:28 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll
2014-02-19 11:28 - 2013-12-03 20:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2014-02-19 11:28 - 2013-12-03 19:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe
2014-02-19 11:28 - 2013-12-03 19:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe
2014-02-19 11:28 - 2013-12-03 19:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe
2014-02-19 11:28 - 2013-12-03 19:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-19 11:28 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-02-19 11:28 - 2013-11-22 16:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-02-19 11:27 - 2014-02-03 09:28 - 01188864 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-19 11:27 - 2014-02-03 09:27 - 12296192 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-19 11:27 - 2014-02-03 09:27 - 09078784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-19 11:27 - 2014-02-03 09:27 - 02458112 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-19 11:27 - 2014-02-03 09:27 - 01495040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-19 11:27 - 2014-02-03 09:27 - 00735232 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-19 11:27 - 2014-02-03 09:27 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-19 11:27 - 2014-02-03 09:27 - 00134144 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-02-19 11:27 - 2014-02-03 09:27 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-02-19 11:27 - 2014-02-03 09:27 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-19 11:27 - 2014-02-03 09:05 - 01232896 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-19 11:27 - 2014-02-03 09:05 - 00981504 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-19 11:27 - 2014-02-03 09:05 - 00132096 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-02-19 11:27 - 2014-02-03 09:04 - 11020800 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-19 11:27 - 2014-02-03 09:04 - 06040064 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-19 11:27 - 2014-02-03 09:04 - 02078208 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-19 11:27 - 2014-02-03 09:04 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-19 11:27 - 2014-02-03 09:04 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-19 11:27 - 2014-02-03 09:04 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-02-19 11:27 - 2014-02-03 09:04 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-19 11:27 - 2014-02-03 07:38 - 01638912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-19 11:27 - 2014-02-03 07:14 - 01638912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-18 11:41 - 2014-02-20 12:03 - 00243638 ____N () C:\windows\WindowsUpdate.log
2014-02-18 11:31 - 2014-02-18 11:31 - 00000000 _____ () C:\Users\Cyndy\Desktop\cfw_installer_5732_83.exe
2014-02-18 11:30 - 2014-02-18 11:31 - 33900914 _____ (COMODO) C:\Users\Cyndy\Desktop\cfw_installer_5732_83.exe.part
2014-02-18 10:26 - 2014-02-18 10:26 - 00180000 _____ (Kaspersky Lab) C:\Users\Cyndy\Desktop\kss12.0.1.117EN_RU_DE_FR_2926.exe
2014-02-12 21:30 - 2014-02-18 11:17 - 00000000 ____D () C:\Users\Cyndy\AppData\Roaming\KompoZer
2014-02-12 21:29 - 2014-02-18 11:17 - 00000000 ____D () C:\Program Files (x86)\KompoZer 0.7.10
2014-02-12 21:25 - 2014-02-12 22:42 - 07949904 _____ () C:\Users\Cyndy\Desktop\kompozer-0.7.10-win32.zip
2014-02-12 21:03 - 2014-02-18 11:17 - 00000000 ____D () C:\Program Files\Ipswitch
2014-02-12 21:03 - 2014-02-12 21:04 - 00000000 ____D () C:\Users\Cyndy\AppData\Roaming\Ipswitch
2014-02-12 21:03 - 2014-02-12 21:03 - 00000000 ____D () C:\ProgramData\Ipswitch
2014-02-12 21:03 - 2014-02-12 21:03 - 00000000 ____D () C:\Program Files (x86)\Ipswitch
2014-01-29 12:21 - 2014-01-29 12:21 - 04721920 _____ (Piriform Ltd) C:\Users\Cyndy\ccsetup410.exe
2014-01-23 00:15 - 2014-01-23 00:15 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Cyndy\spybot-2.2.exe

==================== One Month Modified Files and Folders =======

2014-02-20 14:52 - 2014-02-20 14:52 - 00014147 _____ () C:\Users\Cyndy\Desktop\FRST.txt
2014-02-20 14:52 - 2014-02-20 14:51 - 00000000 ____D () C:\FRST
2014-02-20 14:49 - 2011-10-18 01:30 - 00000000 ____D () C:\Users\Cyndy\Documents\Personal Stuff
2014-02-20 14:45 - 2014-02-20 14:45 - 02153984 _____ (Farbar) C:\Users\Cyndy\Desktop\FRST64.exe
2014-02-20 14:25 - 2013-09-26 15:39 - 00000000 ____D () C:\Users\Cyndy\AppData\Roaming\Skype
2014-02-20 12:03 - 2014-02-18 11:41 - 00243638 ____N () C:\windows\WindowsUpdate.log
2014-02-20 12:03 - 2009-07-13 22:45 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-20 12:03 - 2009-07-13 22:45 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-20 12:01 - 2014-01-19 19:55 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-20 11:55 - 2014-01-15 12:27 - 00417570 _____ () C:\windows\system32\Drivers\vsconfig.xml
2014-02-20 11:55 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-20 01:42 - 2011-09-21 12:36 - 00000000 ____D () C:\Users\Cyndy\Documents\TEXTBROKER
2014-02-19 19:16 - 2014-02-19 19:09 - 00000000 ____D () C:\Users\Cyndy\Desktop\hijackthis
2014-02-19 19:09 - 2014-02-19 19:09 - 00212849 _____ () C:\Users\Cyndy\Desktop\hijackthis.zip
2014-02-19 11:41 - 2013-07-11 21:50 - 00000000 ____D () C:\windows\system32\MRT
2014-02-19 11:39 - 2011-06-15 22:09 - 88567024 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-02-19 11:38 - 2013-09-26 16:26 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-19 11:38 - 2012-02-22 22:20 - 00000000 ____D () C:\ProgramData\Skype
2014-02-18 12:01 - 2013-04-14 14:47 - 00000000 ____D () C:\Users\Cyndy\Documents\STATE FARM
2014-02-18 11:31 - 2014-02-18 11:31 - 00000000 _____ () C:\Users\Cyndy\Desktop\cfw_installer_5732_83.exe
2014-02-18 11:31 - 2014-02-18 11:30 - 33900914 _____ (COMODO) C:\Users\Cyndy\Desktop\cfw_installer_5732_83.exe.part
2014-02-18 11:18 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\rescache
2014-02-18 11:17 - 2014-02-12 21:30 - 00000000 ____D () C:\Users\Cyndy\AppData\Roaming\KompoZer
2014-02-18 11:17 - 2014-02-12 21:29 - 00000000 ____D () C:\Program Files (x86)\KompoZer 0.7.10
2014-02-18 11:17 - 2014-02-12 21:03 - 00000000 ____D () C:\Program Files\Ipswitch
2014-02-18 11:17 - 2010-10-07 23:55 - 00000000 ____D () C:\Users\Cyndy
2014-02-18 11:17 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\AppCompat
2014-02-18 11:17 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-02-18 11:16 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\registration
2014-02-18 11:12 - 2014-01-19 20:01 - 00000000 ____D () C:\ProgramData\AVG2014
2014-02-18 10:26 - 2014-02-18 10:26 - 00180000 _____ (Kaspersky Lab) C:\Users\Cyndy\Desktop\kss12.0.1.117EN_RU_DE_FR_2926.exe
2014-02-12 22:42 - 2014-02-12 21:25 - 07949904 _____ () C:\Users\Cyndy\Desktop\kompozer-0.7.10-win32.zip
2014-02-12 21:04 - 2014-02-12 21:03 - 00000000 ____D () C:\Users\Cyndy\AppData\Roaming\Ipswitch
2014-02-12 21:03 - 2014-02-12 21:03 - 00000000 ____D () C:\ProgramData\Ipswitch
2014-02-12 21:03 - 2014-02-12 21:03 - 00000000 ____D () C:\Program Files (x86)\Ipswitch
2014-02-05 11:50 - 2012-09-18 12:21 - 00000000 ____D () C:\Users\Cyndy\AppData\Roaming\QuickScan
2014-02-03 09:28 - 2014-02-19 11:27 - 01188864 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-03 09:27 - 2014-02-19 11:27 - 12296192 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-03 09:27 - 2014-02-19 11:27 - 09078784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-03 09:27 - 2014-02-19 11:27 - 02458112 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-03 09:27 - 2014-02-19 11:27 - 01495040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-03 09:27 - 2014-02-19 11:27 - 00735232 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-03 09:27 - 2014-02-19 11:27 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-03 09:27 - 2014-02-19 11:27 - 00134144 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-02-03 09:27 - 2014-02-19 11:27 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-02-03 09:27 - 2014-02-19 11:27 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-03 09:05 - 2014-02-19 11:27 - 01232896 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-03 09:05 - 2014-02-19 11:27 - 00981504 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-03 09:05 - 2014-02-19 11:27 - 00132096 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-02-03 09:04 - 2014-02-19 11:27 - 11020800 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-03 09:04 - 2014-02-19 11:27 - 06040064 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-03 09:04 - 2014-02-19 11:27 - 02078208 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-03 09:04 - 2014-02-19 11:27 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-03 09:04 - 2014-02-19 11:27 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-03 09:04 - 2014-02-19 11:27 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-02-03 09:04 - 2014-02-19 11:27 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-03 07:38 - 2014-02-19 11:27 - 01638912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-03 07:14 - 2014-02-19 11:27 - 01638912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-01-29 12:21 - 2014-01-29 12:21 - 04721920 _____ (Piriform Ltd) C:\Users\Cyndy\ccsetup410.exe
2014-01-28 12:25 - 2013-09-23 17:50 - 00000000 ____D () C:\Users\Cyndy\Documents\NexREP
2014-01-23 11:34 - 2013-12-20 10:57 - 00000948 _____ () C:\windows\wininit.ini
2014-01-23 00:15 - 2014-01-23 00:15 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Cyndy\spybot-2.2.exe

Files to move or delete:
====================
C:\Users\Cyndy\ccsetup410.exe
C:\Users\Cyndy\spybot-2.2.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-18 15:08

==================== End Of Log ============================

* * * * * * * *

* * * * * * * *

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-02-2014
Ran by Cyndy at 2014-02-20 14:53:27
Running from C:\Users\Cyndy\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (x32 Version: - Microsoft)
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
8500A909_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
8500A909_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
8500A909n (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
AVG 2014 (Version: 14.0.3705 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 2014.0.4259 - AVG Technologies)
BPD_DSWizards (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help English (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help French (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help German (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
ccc-utility64 (Version: 2010.0315.1050.17562 - ATI) Hidden
CDBurnerXP (x32 Version: 4.5.2.4291 - CDBurnerXP)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Foxit Reader (x32 Version: 6.0.2.413 - Foxit Corporation)
HP Document Manager 2.0 (Version: 2.0 - HP)
HP Imaging Device Functions 14.0 (Version: 14.0 - HP)
HP Officejet Pro 8500 A909 Series (Version: 14.0 - HP)
Java 7 Update 21 (x32 Version: 7.0.210 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Lexmark 8300 Series (Version: - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0 - Microsoft Corporation)
MyPDFConverter (x32 Version: 2.6001.00010 - Aedge Performance BCN SL)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (Version: 14.0 - HP)
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Quickbooks Financial Center (x32 Version: 2.02 - TOSHIBA Corporation)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.17.304.2010 - Realtek)
Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (x32 Version: 2.00.0012 - Realtek)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Skype Click to Call (x32 Version: 6.12.13601 - Skype Technologies S.A.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (Version: 15.0.8.1 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TOSHIBA Application Installer (x32 Version: 9.0.1.0 - TOSHIBA)
TOSHIBA Bulletin Board (Version: 1.6.07.64 - TOSHIBA Corporation) Hidden
TOSHIBA Bulletin Board (x32 Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.2.11.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.2.11.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (x32 Version: 1.2.11.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (x32 Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.6C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (x32 Version: 1.63.0.21C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.21C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
Toshiba Laptop Checkup (x32 Version: 2.0.3.198 - Symantec Corporation)
TOSHIBA Media Controller (x32 Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.5.10 - TOSHIBA CORPORATION)
Toshiba Online Backup (x32 Version: 1.2.0.38 - Toshiba)
TOSHIBA PC Health Monitor (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (x32 Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.6.06.64 - TOSHIBA Corporation) Hidden
TOSHIBA ReelTime (x32 Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (x32 Version: 2.1.40 - TOSHIBA)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.9C - TOSHIBA CORPORATION)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.9C - TOSHIBA CORPORATION) Hidden
TOSHIBA Value Added Package (Version: 1.3.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.3.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (x32 Version: 1.3.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (x32 Version: 1.1.1.15 - TOSHIBA Corporation)
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft)
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
ZoneAlarm Firewall (x32 Version: 12.0.118.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (x32 Version: 12.0.118.000 - Check Point)
ZoneAlarm Security (x32 Version: 12.0.118.000 - Check Point Software Technologies Ltd.) Hidden

==================== Restore Points =========================

09-02-2014 19:27:42 Windows Update
12-02-2014 17:01:04 Windows Update
13-02-2014 03:01:12 Installed WS_FTP
13-02-2014 03:03:24 Installed WS_FTP
13-02-2014 17:46:10 Installed AVG 2014
16-02-2014 00:32:11 Windows Update
17-02-2014 17:46:56 Installed AVG 2014
19-02-2014 17:04:24 Windows Update
19-02-2014 17:30:01 Windows Update

==================== Hosts content: ==========================

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {7B114F2A-EA0C-46A3-B118-12329A85CA10} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\ProgramData\cis9481.exe
Task: {CB12F688-2E5E-4C61-A4D5-E77A0394371F} - System32\Tasks\CCleanerSkipUAC => C:\Users\Cyndy\PROGRAMS\CCleaner.exe [2013-12-17] (Piriform Ltd)

==================== Loaded Modules (whitelisted) =============

2012-12-19 12:02 - 2012-12-05 20:24 - 00087040 _____ () C:\windows\System32\custmon64.dll
2013-12-25 19:07 - 2013-11-12 21:39 - 03363952 _____ () C:\Users\Cyndy\PROGRAMS\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TurboMeeting => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Cyndy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: ATT-SST_McciTrayApp => "C:\Program Files\ATT-SST\pcTrayApp.exe"
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark 8300 Series\ezprint.exe"
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: HWSetup => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
MSCONFIG\startupreg: KeNotify => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
MSCONFIG\startupreg: LXCJCATS => rundll32 C:\windows\system32\spool\DRIVERS\x64\3\LXCJtime.dll,RunDLLEntry
MSCONFIG\startupreg: lxcjmon.exe => "C:\Program Files (x86)\Lexmark 8300 Series\lxcjmon.exe"
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SVPWUTIL => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

==================== Faulty Device Manager Devices =============

Name: Officejet Pro 8500 A909n
Description: Officejet Pro 8500 A909n
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8500 A909n
Description: Officejet Pro 8500 A909n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/19/2014 11:32:45 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is 餂቞䬜. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (02/19/2014 11:32:44 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is 餂቞䬜. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (02/19/2014 11:32:41 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is 呢랴ឡက烐=. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (02/19/2014 11:32:41 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is 呢랴ឡက烐=. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (02/19/2014 11:32:40 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is 响ᆽឡ. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (02/18/2014 03:23:41 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Failed to end a Windows Installer transaction C:\ProgramData\AVG2014\SetupBackup\COREx64.msi. Error 1622 occurred while ending the transaction.

Error: (02/18/2014 03:12:27 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (02/18/2014 11:38:41 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/18/2014 11:38:41 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/18/2014 11:38:41 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (02/20/2014 11:56:01 AM) (Source: Service Control Manager) (User: )
Description: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 1 time(s).

Error: (02/20/2014 11:56:00 AM) (Source: Service Control Manager) (User: )
Description: The ZoneAlarm Privacy Service service failed to start due to the following error:
%%1053

Error: (02/20/2014 11:56:00 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ZoneAlarm Privacy Service service to connect.

Error: (02/19/2014 08:23:58 PM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (02/19/2014 06:50:53 PM) (Source: Service Control Manager) (User: )
Description: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 1 time(s).

Error: (02/19/2014 03:54:04 PM) (Source: Service Control Manager) (User: )
Description: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 1 time(s).

Error: (02/19/2014 11:48:19 AM) (Source: Service Control Manager) (User: )
Description: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 1 time(s).

Error: (02/19/2014 10:53:17 AM) (Source: Service Control Manager) (User: )
Description: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 1 time(s).

Error: (02/19/2014 10:47:39 AM) (Source: Service Control Manager) (User: )
Description: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 1 time(s).

Error: (02/18/2014 11:39:45 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2011-10-11 19:03:27.912
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-10-11 18:41:45.532
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-10-11 18:32:49.522
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-10-11 16:52:32.860
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-10-11 16:41:43.383
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-10-11 16:31:22.872
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-10-11 16:19:02.495
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-10-11 15:50:57.109
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-10-11 14:08:09.486
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-10-11 13:36:49.913
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 46%
Total physical RAM: 3835.68 MB
Available physical RAM: 2046.29 MB
Total Pagefile: 7669.55 MB
Available Pagefile: 5720.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (TI105838W0G) (Fixed) (Total:286.59 GB) (Free:230.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 9E910039)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=287 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=17)

==================== End Of Log ============================
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 2/21/2014 11:31 AM (GMT +3)    Quote: Syswow64Alert an admin about: Syswow64
You have 2 active antivirus running, it's not a good idea, so I would recommend that you uninstall either:
AVG AntiVirus Free Edition(s)
Or:
Microsoft Security Essentials

(If you can remove it)





Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.


start
HKLM\...\Run: [] - [X]
C:\Users\Cyndy\ccsetup410.exe
C:\Users\Cyndy\spybot-2.2.exe
Task: {7B114F2A-EA0C-46A3-B118-12329A85CA10} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\ProgramData\cis9481.exe
Task: {CB12F688-2E5E-4C61-A4D5-E77A0394371F} - System32\Tasks\CCleanerSkipUAC => C:\Users\Cyndy\PROGRAMS\CCleaner.exe [2013-12-17] (Piriform Ltd)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
end



NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Save notepad as fixlist.txt
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warned you about the outdated version please download and run the updated version.



Please download zoek. exe and save it to your Desktop:
www.hijackthis.nl/smeenk/060712/zoek.exe

•Close any open browsers
• Temporarily disable your AntiVirus program. (If necessary)

•Double click on zoek.exe to run the tool .
Please wait while the tool does not start...

•Copy the text present inside the code box below and paste it into the large window in the zoek tool:


createsrpoint; 
empty directory check, delete
shortcutfix;
emptyfolderscheck;delete
emptyclsid;
firefoxlook;
FFdefaults;
Chromelook;
CHRdefaults;
autoclean;
iedefaults;


Click on Run Script button.
Please wait until a logreport will open (this can be after reboot)

•Save notepad to your Desktop and post here zoek-results.log


Note: It will also create a log in the C:\ directory named "zoek-results.log"


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Cyndy
New Member


Date Joined Sep 2010
Total Posts : 16
 
   Posted 2/22/2014 10:01 AM (GMT +3)    Quote: Syswow64Alert an admin about: Syswow64
In attempting to follow your instructions above, I came to the spot that says to " Run FRST/FRST64 and press the Fix button just once and wait. "

When I go to my desktop and right click on the FRST64 icon and choose to run as administrator, I get an error message box that says " Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 2/23/2014 10:43 AM (GMT +3)    Quote: Syswow64Alert an admin about: Syswow64
Ok, see if you can run Zoek, then.


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Cyndy
New Member


Date Joined Sep 2010
Total Posts : 16
 
   Posted 2/24/2014 7:36 AM (GMT +3)    Quote: Syswow64Alert an admin about: Syswow64
Zoek.exe v5.0.0.0 Updated 15-February-2014
Tool run by Cyndy on Sun 02/23/2014 at 22:04:27.10.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Cyndy\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

2/23/2014 10:07:47 PM Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Attractel deleted successfully
C:\PROGRA~2\Citrix deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Program Files\Google deleted successfully
C:\Program Files\Norton PC Checkup deleted successfully
C:\ProgramData\Oracle deleted successfully
C:\Users\Cyndy\AppData\Local\Adobe deleted successfully
C:\Users\Cyndy\AppData\Local\CUSTPDF Writer deleted successfully
C:\Users\Cyndy\AppData\Local\LogMeIn Rescue Applet deleted successfully
C:\Users\Five9\AppData\Local\VirtualStore deleted successfully

==== Creating Sample_20140223_1017.zip ======================

Copied file C:\Users\Cyndy\ccsetup410.exe to sample\ccsetup410.exe
Copied file C:\Users\Cyndy\spybot-2.2.exe to sample\spybot-2.2.exe
sample\ccsetup410.exe renamed to 755246A3D44BFDB8A66DB8C19122724B
sample\spybot-2.2.exe renamed to 66DEBFC4ADE6A68E0827457B337BC866

C:\Users\Public\Desktop\sample_20140223_1017.zip created successfully
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 2/24/2014 4:30 PM (GMT +3)    Quote: Syswow64Alert an admin about: Syswow64
How are things running now ?


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Cyndy
New Member


Date Joined Sep 2010
Total Posts : 16
 
   Posted 2/25/2014 5:47 AM (GMT +3)    Quote: Syswow64Alert an admin about: Syswow64
I wasn't sure if we were finished yet with all the procedures that would be necessary,
but I immediately noticed a big difference after completing the last set of instructions.

Regarding the antivirus issue (where 2 are showing on my system,)
I had formerly used Microsoft Security Essentials, but then went to AVG.
When I did that, I disabled the Microsoft one. Not sure if I can remove it, but I will try.

Wow... words can't express how much I appreciate what you have done for me!
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 2/26/2014 9:56 AM (GMT +3)    Quote: Syswow64Alert an admin about: Syswow64
My pleasure smile




I had formerly used Microsoft Security Essentials, but then went to AVG.



Could you remove Microsoft Security Essentials ?


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 
You cannot post new topics in this forum. Post reply to : Syswow64 Printable version of : Syswow64
 
Forum Information
Currently it is Sunday, August 31, 2014 9:20 AM (GMT +3)
There are a total of 60,580 posts in 13,312 threads.
In the last 3 days there were 0 new threads and 3 reply posts. View Active Threads
Who's Online
This forum has 36293 registered members. Please welcome our newest member, Connie Burns.
6 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Bullguard 2014 Firewall and high DPC latency (15)8/30/2014 12:06:05 PM (ComFox)
Blocking of sites (4)8/29/2014 8:49:52 PM (Leto)