Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

All sorts of errors - OTL log included [Closed]


  • This topic is locked This topic is locked

#1
bimple

bimple

    New Member

  • Member
  • Pip
  • 1 posts
My daughter is having all kinds of odd issues with her computer, such as not being able to access certain websites, and strange search returns, and programs being installed that she has no idea of how they got there and now I can't even tun combofix due to an error that says "The syntax of the command is incorrect" when it firsts starts to scan, efter the registry backup, and malwarebytes found nothing so I decided to post her OTL here in hopes that someone can help:

OTL logfile created on: 7/5/2013 2:58:37 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = I:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.70 Gb Available Physical Memory | 71.26% Memory free
15.99 Gb Paging File | 13.20 Gb Available in Paging File | 82.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 440.59 Gb Total Space | 196.85 Gb Free Space | 44.68% Space Free | Partition Type: NTFS
Drive I: | 1.86 Gb Total Space | 0.04 Gb Free Space | 2.17% Space Free | Partition Type: FAT
Drive Z: | 753.33 Gb Total Space | 566.36 Gb Free Space | 75.18% Space Free | Partition Type: NTFS

Computer Name: ROSETHORN | User Name: Lydia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/05 14:57:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- I:\OTL (1).exe
PRC - [2013/06/28 13:31:08 | 002,236,080 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/06/28 13:31:08 | 001,598,128 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
PRC - [2013/06/28 13:31:08 | 000,152,240 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
PRC - [2013/06/14 21:28:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/06/06 23:57:24 | 019,676,256 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/10 03:57:36 | 000,840,768 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/05 11:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012/12/23 23:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccsvchst.exe
PRC - [2012/10/14 12:35:40 | 000,132,056 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
PRC - [2012/07/03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/04/02 16:44:14 | 001,058,912 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2012/02/03 13:34:58 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2012/01/05 13:24:31 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/03/30 10:12:18 | 000,310,944 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/10/12 10:04:20 | 004,142,448 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
PRC - [2010/10/08 12:49:40 | 000,285,696 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe
PRC - [2010/08/27 10:32:50 | 004,577,760 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
PRC - [2010/05/14 17:13:16 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\ASTSRV.EXE
PRC - [2010/04/01 05:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/12/04 19:59:28 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
PRC - [2009/07/27 12:13:28 | 000,061,440 | ---- | M] () -- C:\Windows\SysWOW64\ASDR.exe
PRC - [2009/07/26 22:37:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2009/07/16 12:05:10 | 000,114,688 | ---- | M] (JME) -- C:\Program Files (x86)\jmesoft\hotkey.exe
PRC - [2008/11/25 00:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008/09/14 19:38:42 | 000,648,488 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2002/01/11 22:44:44 | 001,310,720 | ---- | M] (ASUSTeK Inc.) -- C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
PRC - [2001/03/17 16:06:34 | 000,184,320 | ---- | M] (Sierra Online) -- Z:\APPS\Hallmark Card Creator\planner\PLNRnote.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/05 14:36:59 | 000,128,512 | ---- | M] () -- C:\Users\Lydia\AppData\Local\Temp\_MEI13562\_elementtree.pyd
MOD - [2013/07/05 14:36:59 | 000,098,816 | ---- | M] () -- C:\Users\Lydia\AppData\Local\Temp\_MEI13562\win32api.pyd
MOD - [2013/07/05 14:36:59 | 000,044,032 | ---- | M] () -- C:\Users\Lydia\AppData\Local\Temp\_MEI13562\_socket.pyd
MOD - [2013/07/05 14:36:58 | 000,557,056 | ---- | M] () -- C:\Users\Lydia\AppData\Local\Temp\_MEI13562\pysqlite2._sqlite.pyd
MOD - [2013/07/05 14:36:58 | 000,320,512 | ---- | M] () -- C:\Users\Lydia\AppData\Local\Temp\_MEI13562\win32com.shell.shell.pyd
MOD - [2013/07/05 14:36:58 | 000,070,656 | ---- | M] () -- C:\Users\Lydia\AppData\Local\Temp\_MEI13562\wx._html2.pyd
MOD - [2013/07/05 14:36:58 | 000,026,624 | ---- | M] () -- C:\Users\Lydia\AppData\Local\Temp\_MEI13562\_multiprocessing.pyd
MOD - [2013/07/05 14:36:58 | 000,022,528 | ---- | M] () -- C:\Users\Lydia\AppData\Local\Temp\_MEI13562\win32ts.pyd
MOD - [2013/07/05 14:36:58 | 000,011,264 | ---- | M] () -- C:\Users\Lydia\AppData\Local\Temp\_MEI13562\win32crypt.pyd
MOD - [2013/07/05 14:36:57 | 001,022,416 | ---- | M] () -- C:\Users\Lydia\AppData\Local\Temp\_MEI13562\windows._cacheinvalidation.pyd
MOD - [2013/07/05 14:36:57 | 000,805,888 | ---- | M] () -- C:\Users\Lydia\AppData\Local\Temp\_MEI13562\wx._gdi_.pyd
MOD - [2013/07/05 14:36:57 | 000,735,232 | ---- | M] () -- C:\Users\Lydia\AppData\Local\Temp\_MEI13562\wx._misc_.pyd
MOD - [2013/07/05 14:36:57 | 000,364,544 | ---- | M] () -- C:\Users\Lydia\AppData\Local\Temp\_MEI13562\pythoncom27.dll
MOD - [2013/07/05 14:36:57 | 000,087,040 | ---- | M] () -- C:\Users\Lydia\AppData\Local\Temp\_MEI13562\_ctypes.pyd
MOD - [2013/07/05 14:36:57 | 000,017,408 | ---- | M] () -- C:\Users\Lydia\AppData\Local\Temp\_MEI13562\win32profile.pyd
MOD - [2013/07/05 14:36:56 | 001,175,040 | ---- | M] () -- C:\Users\Lydia\AppData\Local\Temp\_MEI13562\wx._core_.pyd
MOD - [2013/07/05 14:36:56 | 001,153,024 | ---- | M] () -- C:\Users\Lydia\AppData\Local\Temp\_MEI13562\_ssl.pyd
MOD - [2013/07/05 14:36:56 | 000,110,080 | ---- | M] () -- C:\Users\Lydia\AppData\Local\Temp\_MEI13562\PyWinTypes27.dll
MOD - [2013/07/05 14:36:56 | 000,108,544 | ---- | M] () -- C:\Users\Lydia\AppData\Local\Temp\_MEI13562\win32security.pyd
MOD - [2013/07/05 14:36:55 | 000,811,008 | ---- | M] () -- C:\Users\Lydia\AppData\Local\Temp\_MEI13562\wx._windows_.pyd
MOD - [2013/07/05 14:36:55 | 000,711,680 | ---- | M] () -- C:\Users\Lydia\AppData\Local\Temp\_MEI13562\_hashlib.pyd
MOD - [2013/07/05 14:36:55 | 000,122,368 | ---- | M] () -- C:\Users\Lydia\AppData\Local\Temp\_MEI13562\wx._wizard.pyd
MOD - [2013/07/05 14:36:55 | 000,119,808 | ---- | M] () -- C:\Users\Lydia\AppData\Local\Temp\_MEI13562\win32file.pyd
MOD - [2013/07/05 14:36:55 | 000,038,912 | ---- | M] () -- C:\Users\Lydia\AppData\Local\Temp\_MEI13562\win32inet.pyd
MOD - [2013/07/05 14:36:55 | 000,035,840 | ---- | M] () -- C:\Users\Lydia\AppData\Local\Temp\_MEI13562\win32process.pyd
MOD - [2013/07/05 14:36:55 | 000,025,600 | ---- | M] () -- C:\Users\Lydia\AppData\Local\Temp\_MEI13562\win32pdh.pyd
MOD - [2013/07/05 14:36:54 | 001,062,400 | ---- | M] () -- C:\Users\Lydia\AppData\Local\Temp\_MEI13562\wx._controls_.pyd
MOD - [2013/07/05 14:36:54 | 000,686,080 | ---- | M] () -- C:\Users\Lydia\AppData\Local\Temp\_MEI13562\unicodedata.pyd
MOD - [2013/07/05 14:36:54 | 000,127,488 | ---- | M] () -- C:\Users\Lydia\AppData\Local\Temp\_MEI13562\pyexpat.pyd
MOD - [2013/07/05 14:36:54 | 000,018,432 | ---- | M] () -- C:\Users\Lydia\AppData\Local\Temp\_MEI13562\win32event.pyd
MOD - [2013/07/05 14:36:54 | 000,010,240 | ---- | M] () -- C:\Users\Lydia\AppData\Local\Temp\_MEI13562\select.pyd
MOD - [2013/06/28 13:31:08 | 002,236,080 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
MOD - [2013/06/28 13:31:08 | 000,521,392 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\log4cplusU.dll
MOD - [2013/06/28 13:31:08 | 000,145,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\SiteSafety.dll
MOD - [2013/06/14 21:28:42 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll
MOD - [2013/06/14 21:28:40 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
MOD - [2013/06/14 21:27:51 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libglesv2.dll
MOD - [2013/06/14 21:27:50 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libegl.dll
MOD - [2013/06/14 21:27:48 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll
MOD - [2012/05/30 10:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\wincfi39.dll
MOD - [2012/01/24 19:34:04 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll
MOD - [2012/01/24 17:39:46 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2012/01/04 03:47:42 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011/12/04 07:59:44 | 000,807,936 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\CrashRpt.dll
MOD - [2011/12/04 01:00:09 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011/12/04 00:59:33 | 014,339,072 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/12/04 00:59:20 | 012,234,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/12/04 00:59:11 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/12/04 00:58:55 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
MOD - [2011/12/04 00:57:49 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/12/04 00:57:34 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/12/04 00:57:21 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/12/04 00:57:18 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/12/04 00:57:17 | 007,963,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/12/04 00:57:07 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/13 00:46:02 | 000,498,760 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\cximagecrt.dll
MOD - [2010/10/06 17:55:44 | 000,091,544 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\Docklets\Calendar\Calendar.dll
MOD - [2010/09/30 21:50:23 | 000,675,840 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\DockShellHook.dll
MOD - [2010/09/20 21:55:52 | 000,182,272 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Brightness System\ddcHelperWraper.dll
MOD - [2010/09/20 13:08:10 | 000,210,432 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Brightness System\KeyStoneAdapter.dll
MOD - [2010/08/27 10:32:50 | 004,577,760 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
MOD - [2010/07/08 12:24:42 | 000,258,048 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll
MOD - [2010/03/09 17:58:30 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\zlib.dll
MOD - [2010/03/09 17:58:24 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\Docklets\Clock\Clock.dll
MOD - [2009/12/04 20:04:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
MOD - [2009/12/04 19:59:54 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
MOD - [2009/07/16 12:20:38 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\jmesoft\KeyHook.dll
MOD - [2007/12/31 13:27:42 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\jmesoft\VistaVolume.dll
MOD - [2007/03/13 17:46:50 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\VOV32.dll
MOD - [2007/02/28 19:34:04 | 000,643,142 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\aticlocklib.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/09 15:10:00 | 000,614,016 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2012/02/21 08:01:02 | 000,151,648 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
SRV:64bit: - [2011/12/12 01:00:00 | 000,135,824 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc)
SRV:64bit: - [2011/11/30 13:05:50 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/10/27 19:21:12 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010/09/30 13:30:10 | 003,140,424 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV:64bit: - [2010/05/14 17:13:16 | 000,072,192 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysNative\nlsInterface.EXE -- (nlscc)
SRV:64bit: - [2010/03/03 00:12:12 | 000,202,752 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/12/01 15:22:58 | 000,063,488 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\Windows\SysNative\ATKFUSService.exe -- (ATKFUSService)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/06/28 13:31:08 | 001,598,128 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe -- (vToolbarUpdater15.3.0)
SRV - [2013/05/31 07:19:28 | 000,032,808 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/12/23 23:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe -- (N360)
SRV - [2012/10/14 12:35:40 | 000,132,056 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2012/06/21 13:52:31 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/02/03 13:34:58 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2012/01/05 13:24:31 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/12/16 18:01:25 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/12/03 06:40:06 | 000,077,824 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Illustrate\dBpoweramp\Asset-UPnPService.exe -- (AssetUPnP)
SRV - [2011/11/23 01:45:12 | 000,110,944 | ---- | M] (BlueStack Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2011/11/08 18:50:00 | 004,321,976 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/10/27 19:24:40 | 001,974,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/10/27 19:21:08 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/08/19 16:25:00 | 000,272,864 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)
SRV - [2010/05/14 17:13:16 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\ASTSRV.EXE -- (astcc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/15 16:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- Z:\APPS\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/27 12:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASDR.exe -- (ASDR)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/25 00:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$BWDATOOLSET)
SRV - [2008/09/14 19:38:42 | 000,648,488 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/28 13:31:08 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/17 19:17:49 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/01/30 23:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/01/28 21:45:20 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/01/28 21:45:20 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/01/21 22:15:34 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symds64.sys -- (SymDS)
DRV:64bit: - [2012/11/15 22:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/07/27 23:05:22 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/07/22 21:34:24 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/12/14 21:33:42 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/12/03 06:41:01 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/11/28 21:34:24 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EIO64.sys -- (EIO64)
DRV:64bit: - [2011/09/29 18:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/19 10:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011/08/19 10:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/07/07 19:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/06/24 07:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/16 23:44:24 | 000,057,856 | ---- | M] (GenesysLogic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GeneStor.sys -- (GeneStor)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/08/21 00:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/06/11 14:13:52 | 001,101,600 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ae1000w7.sys -- (AE1000)
DRV:64bit: - [2010/03/09 06:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/03 00:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/03/03 00:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/02 23:07:33 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/02/22 16:46:36 | 000,023,680 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IOMap64.sys -- (IOMap)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/11/06 09:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2009/07/26 22:54:30 | 000,090,544 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/07/21 17:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 20:17:30 | 000,011,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\spio.sys -- (SuperIO)
DRV:64bit: - [2009/05/05 10:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/02/17 19:22:22 | 000,039,424 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATKDispLowFilter.sys -- (atkdisplf)
DRV:64bit: - [2009/02/17 19:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)
DRV:64bit: - [2008/09/14 19:36:56 | 000,031,544 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2008/09/14 19:36:54 | 000,033,080 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2008/04/08 09:43:04 | 000,020,832 | ---- | M] (Nicomsoft Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ddcdrv.sys -- (WinI2C-DDC)
DRV:64bit: - [2008/03/13 03:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2007/01/19 19:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2013/05/31 12:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130620.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/05/23 15:58:54 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130629.007\ex64.sys -- (NAVEX15)
DRV - [2013/05/23 15:58:54 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130629.007\eng64.sys -- (NAVENG)
DRV - [2013/05/06 17:29:38 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/02/16 11:26:18 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130628.001\IDSviA64.sys -- (IDSVia64)
DRV - [2011/11/23 01:46:36 | 000,070,496 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2011/11/19 21:29:52 | 000,202,592 | ---- | M] (Oracle Corporation) [Kernel | Auto | Running] -- C:\Program Files (x86)\YouWave_Android\vb\VBoxDrv.sys -- (VBoxDrv)
DRV - [2010/10/07 14:34:32 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/03/22 21:13:08 | 000,015,712 | ---- | M] (Nicomsoft Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\ddcdrv.sys -- (WinI2C-DDC)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/04 14:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=12-04-2012
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.iminen...a1-9bf4d322b0b9
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=12-04-2012
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7LEND
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg....sa&d=2013-06-28 13:31:30&v=15.3.0.11&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://mysearch.avg....sa&d=2013-06-28 13:31:30&v=15.3.0.11&pid=safeguard&sg=0&sap=hp"
FF - prefs.js..extensions.enabledAddons: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.4.0.8
FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.3.0.9 - 4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/07/05 13:47:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/11 12:54:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/07/05 14:38:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Iminent\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/02/19 08:40:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11 [2013/06/28 13:31:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/03 17:56:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/05 13:47:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/11 12:54:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/03 17:56:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/05 13:47:40 | 000,000,000 | ---D | M]

[2011/12/03 07:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lydia\AppData\Roaming\Mozilla\Extensions
[2013/06/28 13:31:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lydia\AppData\Roaming\Mozilla\Firefox\Profiles\2ad8vtup.default\extensions
[2012/04/12 17:46:05 | 000,000,000 | ---D | M] (Games.com Toolbar) -- C:\Users\Lydia\AppData\Roaming\Mozilla\Firefox\Profiles\2ad8vtup.default\extensions\{493b4069-8c4f-4b4a-8f8c-506200c9887a}
[2012/04/11 17:25:35 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Lydia\AppData\Roaming\Mozilla\Firefox\Profiles\2ad8vtup.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2013/06/28 13:31:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lydia\AppData\Roaming\Mozilla\Firefox\Profiles\2ad8vtup.default\extensions\staged
[2012/07/03 19:16:15 | 000,743,290 | ---- | M] () (No name found) -- C:\Users\Lydia\AppData\Roaming\Mozilla\Firefox\Profiles\2ad8vtup.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/07/02 15:02:06 | 000,002,230 | ---- | M] () -- C:\Users\Lydia\AppData\Roaming\Mozilla\Firefox\Profiles\2ad8vtup.default\searchplugins\SearchTheWeb.xml
[2012/04/26 15:59:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/19 08:40:00 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPLGN
[2012/06/21 13:52:32 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 15:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012/06/21 13:52:30 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/06/28 13:31:38 | 000,003,726 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2012/06/21 13:52:30 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.co...=LEND&bmod=LEND
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Google Drive = C:\Users\Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Lilly Pulitzer = C:\Users\Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbpppaoddgakkggpcadaefofdnbmfkcm\2_0\
CHR - Extension: YouTube = C:\Users\Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0\
CHR - Extension: Google+ = C:\Users\Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.2.0.418_0\
CHR - Extension: We-Care Reminder = C:\Users\Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcnlcdpdncgchnamlmdhdhokahkaikhl\4.2.25.1_0\
CHR - Extension: Norton Identity Protection = C:\Users\Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0\
CHR - Extension: AVG SafeGuard toolbar = C:\Users\Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.3.0.11_0\
CHR - Extension: Gmail = C:\Users\Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/03/09 14:17:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe (JME)
O4 - HKLM..\Run: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo)
O4 - HKLM..\Run: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo)
O4 - HKLM..\Run: [LenovoFSC] C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe (Lenovo (Shenzhen) Electronic Co., Ltd.)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Lydia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O4 - Startup: C:\Users\Lydia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe (Stardock)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96DD62B5-D7C0-4012-895B-D5EC4EAD1788}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4F296B0-8605-46D8-8F45-95DC656B208A}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5387AB8-8C8B-4F5D-B309-CAEE1C3FD917}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB3EC955-20B7-4FB8-9DB9-1A94C941772A}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE1CA123-4B71-4BF3-8E69-87480F0D8D9D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3ABE8ED-1D39-4579-8708-DEA24C482AFC}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll (Stardock)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (FbDefrag)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/05 14:50:19 | 000,000,000 | --SD | C] -- C:\yyyyayaya
[2013/07/05 14:36:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/05 13:59:28 | 005,085,843 | R--- | C] (Swearware) -- C:\Users\Lydia\Desktop\yyyyayaya.exe
[2013/07/05 13:56:17 | 000,000,000 | ---D | C] -- C:\Users\Lydia\AppData\Roaming\HPAppData
[2013/06/28 13:34:56 | 000,000,000 | ---D | C] -- C:\Users\Lydia\Documents\RCT3Demo 1.1
[2013/06/28 13:32:13 | 000,000,000 | ---D | C] -- C:\Users\Lydia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2013/06/28 13:32:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/06/28 13:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\We-Care Reminder
[2013/06/28 13:31:55 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
[2013/06/28 13:31:51 | 000,000,000 | ---D | C] -- C:\Users\Lydia\AppData\Local\AVG SafeGuard toolbar
[2013/06/28 13:31:28 | 000,045,856 | ---- | C] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/06/28 13:31:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/06/28 13:31:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/06/28 13:31:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/06/28 13:31:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/06/17 08:49:39 | 000,000,000 | ---D | C] -- C:\Users\Lydia\AppData\Roaming\3909 LLC
[2011/12/03 06:41:01 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Lydia\AppData\Roaming\pcouffin.sys
[2011/05/04 20:57:00 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe

========== Files - Modified Within 30 Days ==========

[2013/07/05 14:50:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/05 14:47:19 | 000,020,688 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/05 14:47:19 | 000,020,688 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/05 14:40:25 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/05 14:37:04 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/05 14:36:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/07/05 14:35:56 | 017,497,623 | ---- | M] () -- C:\windows\SysNative\oodbs.lor
[2013/07/05 14:01:43 | 000,844,020 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/07/05 14:01:43 | 000,706,288 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/07/05 14:01:43 | 000,138,210 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/07/05 13:58:06 | 005,085,843 | R--- | M] (Swearware) -- C:\Users\Lydia\Desktop\yyyyayaya.exe
[2013/07/05 13:47:45 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2013/06/30 12:40:05 | 000,000,286 | ---- | M] () -- C:\windows\tasks\RMSchedule.job
[2013/06/28 13:34:46 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3 Demo.lnk
[2013/06/28 13:32:19 | 000,001,009 | ---- | M] () -- C:\Users\Lydia\Desktop\Install RollerCoaster Tycoon 3 demo.lnk
[2013/06/28 13:32:13 | 000,001,053 | ---- | M] () -- C:\Users\Lydia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2013/06/28 13:32:13 | 000,001,043 | ---- | M] () -- C:\Users\Lydia\Desktop\MyPC Backup.lnk
[2013/06/28 13:31:57 | 000,033,958 | ---- | M] () -- C:\ProgramData\uninstaller.exe
[2013/06/28 13:31:08 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys

========== Files Created - No Company Name ==========

[2013/07/05 14:40:24 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/05 13:47:44 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2013/06/28 13:34:46 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3 Demo.lnk
[2013/06/28 13:32:18 | 000,001,009 | ---- | C] () -- C:\Users\Lydia\Desktop\Install RollerCoaster Tycoon 3 demo.lnk
[2013/06/28 13:32:13 | 000,001,053 | ---- | C] () -- C:\Users\Lydia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2013/06/28 13:32:13 | 000,001,043 | ---- | C] () -- C:\Users\Lydia\Desktop\MyPC Backup.lnk
[2013/06/28 13:31:57 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe
[2013/06/17 08:49:54 | 003,300,352 | ---- | C] () -- C:\Users\Lydia\Desktop\PapersPlease.exe
[2013/05/22 11:21:06 | 004,325,376 | ---- | C] () -- C:\ProgramData\ReadOnlyInstaller.msi
[2013/01/30 16:51:40 | 000,000,079 | ---- | C] () -- C:\windows\XP200.ini
[2012/12/09 13:19:18 | 000,581,642 | ---- | C] () -- C:\Users\Lydia\AppData\Roaming\technic-launcher.jar
[2012/04/14 17:39:45 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/04/14 17:39:45 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/04/14 17:39:45 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/04/14 17:39:45 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/04/14 17:39:45 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/02/11 12:48:05 | 000,171,823 | ---- | C] () -- C:\windows\hpoins37.dat
[2012/02/11 12:48:05 | 000,000,558 | ---- | C] () -- C:\windows\hpomdl37.dat
[2011/12/24 16:29:12 | 000,000,412 | ---- | C] () -- C:\Users\Lydia\AppData\Roaming\All CPU Meter_Settings.ini
[2011/12/24 16:27:07 | 000,000,352 | ---- | C] () -- C:\Users\Lydia\AppData\Roaming\Network Meter_Settings.ini
[2011/12/24 15:07:36 | 000,000,218 | ---- | C] () -- C:\Users\Lydia\.recently-used.xbel
[2011/12/23 21:31:42 | 000,306,688 | ---- | C] () -- C:\windows\SysWow64\LFFPX7.DLL
[2011/12/23 21:31:42 | 000,095,232 | ---- | C] () -- C:\windows\SysWow64\LFKODAK.DLL
[2011/12/23 21:31:35 | 000,044,544 | ---- | C] () -- C:\windows\SysWow64\gif89.dll
[2011/12/23 21:29:34 | 000,000,342 | ---- | C] () -- C:\windows\SIERRA.INI
[2011/12/17 23:27:09 | 000,000,016 | ---- | C] () -- C:\windows\popcinfo.dat
[2011/12/16 17:01:22 | 000,000,533 | ---- | C] () -- C:\windows\eReg.dat
[2011/12/14 07:50:36 | 000,000,016 | ---- | C] () -- C:\Users\Lydia\persistent_state
[2011/12/07 08:04:57 | 000,189,248 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2011/12/07 08:04:56 | 000,075,136 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2011/12/06 23:00:35 | 002,580,552 | R--- | C] () -- C:\windows\SysWow64\pbsvc.exe
[2011/12/03 16:44:51 | 000,000,022 | -HS- | C] () -- C:\Users\Lydia\AppData\Roaming\Sys2662.Config.Repository.bin
[2011/12/03 09:00:55 | 000,000,254 | ---- | C] () -- C:\windows\RomeTW.ini
[2011/12/03 07:14:51 | 000,197,120 | ---- | C] () -- C:\windows\patchw32.dll
[2011/12/03 06:41:01 | 000,007,859 | ---- | C] () -- C:\Users\Lydia\AppData\Roaming\pcouffin.cat
[2011/12/03 06:41:01 | 000,001,167 | ---- | C] () -- C:\Users\Lydia\AppData\Roaming\pcouffin.inf
[2011/12/03 06:40:07 | 000,005,923 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-Asset UPnP.dat
[2011/12/03 06:39:28 | 000,003,018 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp WavPack Codec.dat
[2011/12/03 06:39:00 | 000,001,230 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp Wave64 Codec.dat
[2011/12/03 06:38:34 | 000,003,071 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2011/12/03 06:38:10 | 000,002,884 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
[2011/12/03 06:37:54 | 000,002,879 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
[2011/12/03 06:37:41 | 000,002,871 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
[2011/12/03 06:37:30 | 000,002,869 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
[2011/12/03 06:37:12 | 000,002,901 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
[2011/12/03 06:36:25 | 000,003,024 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2011/12/03 06:35:58 | 000,013,082 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/12/03 06:35:56 | 004,624,616 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall.exe
[2011/12/03 06:35:56 | 000,018,123 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/12/03 05:29:26 | 000,837,832 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/11/30 13:07:12 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll
[2011/11/30 13:07:00 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OVDecoder.dll
[2011/11/28 21:34:10 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\asfrencch.dll
[2011/11/28 21:34:10 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\asrussian.dll
[2011/11/28 21:34:10 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\askorean.dll
[2011/11/28 21:34:10 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\asjapan.dll
[2011/11/28 21:34:10 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\asgerman.dll
[2011/11/28 21:34:10 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\asfrench.dll
[2011/11/28 21:34:10 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\aseng.dll
[2011/11/28 21:34:10 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\ASCHT.dll
[2011/11/28 21:34:10 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\aschs.dll
[2011/11/28 21:34:09 | 000,761,856 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2011/11/28 21:34:09 | 000,180,224 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\windows\SysWow64\nvStreaming.exe
[2011/08/19 10:26:20 | 010,898,456 | ---- | C] () -- C:\windows\SysWow64\LogiDPP.dll
[2011/08/19 10:26:20 | 000,336,408 | ---- | C] () -- C:\windows\SysWow64\DevManagerCore.dll
[2011/08/19 10:26:20 | 000,104,472 | ---- | C] () -- C:\windows\SysWow64\LogiDPPApp.exe

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011/08/30 01:25:09 | 014,173,184 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/08/30 00:21:25 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/26 18:48:55 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\.minecraft
[2013/04/13 07:13:20 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\.techniclauncher
[2013/06/17 08:49:39 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\3909 LLC
[2013/06/28 13:34:56 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\Atari
[2011/12/03 13:26:39 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\Braid
[2011/12/14 21:44:55 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\DAEMON Tools Lite
[2011/12/03 06:35:24 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\DAEMON Tools Pro
[2011/12/03 06:40:08 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\dBpoweramp
[2011/12/12 08:26:13 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\Doodle_Jump_PC
[2011/12/14 08:36:50 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\Dream Aquarium
[2013/01/31 18:44:24 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\Epson
[2011/12/03 12:55:12 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\FreeArc
[2013/04/13 07:18:38 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\ftblauncher
[2011/12/03 06:46:23 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\GameHouse
[2011/12/25 10:34:16 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\GAMEON
[2012/01/21 08:08:30 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\GamesCafe
[2011/12/03 12:38:45 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\GetRightToGo
[2011/12/24 15:06:37 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\gtk-2.0
[2011/12/23 09:42:52 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\IndigoRose
[2011/12/03 07:15:28 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\InterTrust
[2011/12/03 06:46:52 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\iWin
[2011/12/24 21:11:08 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\KeePass
[2011/12/25 10:33:48 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\KidZui
[2013/01/31 18:44:23 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\Leader Technologies
[2011/12/03 07:14:52 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\Leadertech
[2012/12/14 19:35:29 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\logs
[2011/12/03 07:50:17 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\ManyCam
[2011/12/14 22:23:18 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\Marine Aquarium 3
[2011/12/22 12:18:47 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\mjusbsp
[2011/12/20 22:07:37 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\Mobipocket
[2012/01/01 11:46:17 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\My Games
[2011/12/03 06:28:41 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\onOne Software
[2012/04/11 17:44:06 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\OpenCandy
[2013/06/17 08:19:46 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\Origin
[2013/04/27 13:31:41 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\PCCUStubInstaller
[2012/02/18 16:06:00 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\PlayFirst
[2011/12/07 17:42:14 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\Pogo Games
[2012/01/05 13:24:29 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\PunkBuster
[2011/12/04 10:40:46 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\pymclevel
[2012/03/28 19:01:17 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\Registry Mechanic
[2011/12/19 07:48:26 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\Rovio
[2012/12/20 17:29:21 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\skyz
[2011/12/04 11:24:38 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\SoftGrid Client
[2011/12/17 20:31:06 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\SPORE
[2011/12/04 07:38:07 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\Stardock
[2011/12/05 16:29:39 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\The Creative Assembly
[2011/12/03 05:30:10 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\TP
[2011/12/23 21:05:08 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\TuneUp Software
[2011/12/03 05:08:08 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\URSoft
[2013/03/23 21:10:42 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\uTorrent
[2011/12/03 10:44:04 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\Vso
[2012/12/15 12:30:24 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\WorldPainter

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:DDCD5068
@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:1CE11B51
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:D2F2F703
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

Attached Files

  • Attached File  OTL2.Txt   157.74KB   33 downloads

Edited by bimple, 05 July 2013 - 01:55 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, this may be easy or it could turn into a nightmare. Lets hope it is the former

First we will remove the remnants of Norton and McAfee

First download the following two programmes to the desktop :

Norton removal tool
McAfee removal tool

From Control Panel > Programs and Features
Uninstall Norton/Symantec/McAfee

After the necessary reboots run each of the removal tools that you downloaded, a reboot may be needed after each run

Now to start removing some of the rubbish

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.iminen...a1-9bf4d322b0b9
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Iminent\[email protected]
[2012/04/12 17:46:05 | 000,000,000 | ---D | M] (Games.com Toolbar) -- C:\Users\Lydia\AppData\Roaming\Mozilla\Firefox\Profiles\2ad8vtup.default\extensions\{493b4069-8c4f-4b4a-8f8c-506200c9887a}
[2012/07/02 15:02:06 | 000,002,230 | ---- | M] () -- C:\Users\Lydia\AppData\Roaming\Mozilla\Firefox\Profiles\2ad8vtup.default\searchplugins\SearchTheWeb.xml
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
[2013/07/05 14:50:19 | 000,000,000 | --SD | C] -- C:\yyyyayaya
[2013/07/05 13:59:28 | 005,085,843 | R--- | C] (Swearware) -- C:\Users\Lydia\Desktop\yyyyayaya.exe
[2013/06/28 13:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\We-Care Reminder
[2013/06/28 13:31:55 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
[2012/04/11 17:44:06 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\OpenCandy

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

THEN

CLEAR THE BAD TOOLBARS

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

FINALLY

Re-run OTL with the following script

Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes there will be just one log..

  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP