Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Avast repeatedly displaying malicious URL [Solved]

Started by calmat01 , Jul 22 2013 02:13 PM

  • This topic is locked This topic is locked

#1
calmat01
Posted 22 July 2013 - 02:13 PM

calmat01

    Member

  • Member
  • PipPip
  • 50 posts
My wife's laptop has been doing funny things. It first was just making random noises and running random ads when windows weren't even open, but that has stopped. Now AVAST is constantly showing that a Malicious URL has been blocked. This message repeats with different OBJECTS identified in the description. We have not been able to run anything that requires more than a few seconds to scan. Each of the addresses that pops up shows that the URLS are coming from the Windows system 32 scchost.exe process. I don't know what that means, but I can no longer keep track of all the different Objects that AVAST has identified as Malicious URLS. Per your website's instructions, I downloaded and ran OTL. Here are the following results. Thank you for any help you can give me.

OTL logfile created on: 7/22/2013 2:21:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 44.41% Memory free
8.10 Gb Paging File | 5.82 Gb Available in Paging File | 71.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 216.81 Gb Free Space | 76.50% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 8.63 Gb Free Space | 58.93% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/22 14:19:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
PRC - [2013/07/18 18:11:03 | 001,861,512 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
PRC - [2013/07/08 19:00:05 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/06/27 12:15:06 | 002,249,352 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
PRC - [2013/06/27 12:15:06 | 000,349,832 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
PRC - [2013/06/27 12:15:06 | 000,206,984 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
PRC - [2013/06/27 12:15:06 | 000,173,192 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013/06/27 12:15:06 | 000,153,224 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 03:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 03:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/04/04 13:54:23 | 000,132,504 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
PRC - [2013/02/12 21:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/02/05 10:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccsvchst.exe
PRC - [2012/04/02 16:50:14 | 000,351,888 | ---- | M] (NDS Technologies) -- C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
PRC - [2012/04/02 16:49:58 | 000,686,208 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
PRC - [2011/11/07 14:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/18 18:11:02 | 016,166,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
MOD - [2013/07/08 19:00:04 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/02/12 21:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/12 21:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2012/04/02 16:52:04 | 000,091,240 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\z.dll
MOD - [2012/04/02 16:51:50 | 001,402,488 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\libxml2-2.dll
MOD - [2012/04/02 16:51:32 | 000,688,264 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
MOD - [2012/04/02 16:50:40 | 006,809,720 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\gsttspplugin.dll
MOD - [2012/04/02 16:50:30 | 000,273,528 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\ndsLogStore.dll
MOD - [2012/04/02 16:50:24 | 000,051,864 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\boost_thread-vc90-mt-1_39.dll
MOD - [2012/04/02 16:50:22 | 002,049,152 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\XferManagerDll.dll
MOD - [2012/04/02 16:50:20 | 001,945,704 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\TSB.dll
MOD - [2012/04/02 16:50:08 | 002,721,920 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerDll.dll
MOD - [2012/04/02 16:49:58 | 000,686,208 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
MOD - [2012/04/02 16:49:56 | 001,988,216 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\DrmSingleton.dll
MOD - [2012/04/02 16:49:52 | 001,226,872 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\CatalogDll.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/09 03:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2008/12/22 05:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/12/14 23:13:46 | 000,281,600 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/12/14 23:13:30 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 21:52:05 | 000,521,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ntmssvc.dll -- (NtmsSvc)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006/11/02 06:16:05 | 000,046,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (yksvc)
SRV - [2013/07/18 18:11:03 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/08 19:00:04 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/27 12:15:06 | 000,173,192 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 13:54:23 | 000,132,504 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2013/02/05 10:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360)
SRV - [2011/11/07 14:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/04 07:07:31 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2009/11/04 07:07:31 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/27 14:18:01 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/06/27 14:18:00 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/06/27 14:17:06 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/05/09 03:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 03:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 03:59:07 | 000,059,144 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr)
DRV:64bit: - [2013/05/09 03:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 03:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/04/30 03:51:09 | 000,040,616 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/07/05 21:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2012/07/05 21:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0604010.00E\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2012/06/06 23:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/05/21 20:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2012/05/03 15:35:14 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/29 20:44:03 | 000,015,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2012/03/29 01:28:38 | 000,445,560 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0604010.00E\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2012/03/29 01:28:25 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2012/03/29 01:06:25 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/09 09:00:34 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2011/09/09 09:00:34 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2011/06/15 10:10:14 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/27 13:40:40 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/04/11 01:16:39 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/03/26 08:00:16 | 000,071,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2009/03/19 17:02:00 | 000,311,296 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA009Vid.sys -- (OA009Vid)
DRV:64bit: - [2009/03/06 07:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA009Ufd.sys -- (OA009Ufd)
DRV:64bit: - [2009/01/07 09:35:42 | 000,033,792 | ---- | M] (Susteen, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sustucau.sys -- (SUSTUCAU)
DRV:64bit: - [2009/01/07 09:35:40 | 000,056,832 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sustucap.sys -- (SUSTUCAP)
DRV:64bit: - [2009/01/07 09:35:40 | 000,056,832 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sustucam.sys -- (SUSTUCAM)
DRV:64bit: - [2008/12/22 05:34:48 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/12/17 04:22:04 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/12/14 23:13:56 | 000,472,064 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/12/09 00:12:36 | 008,036,160 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/11/29 08:19:28 | 000,028,208 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2008/09/04 00:29:22 | 000,199,728 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/09/01 05:19:24 | 000,392,192 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/02/13 09:20:16 | 000,017,920 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Amusbx64.sys -- (Amusbprt)
DRV:64bit: - [2008/01/20 21:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2007/10/15 04:37:22 | 000,012,288 | ---- | M] ((Standard mouse types)) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\Amfltx64.sys -- (Amfilter)
DRV:64bit: - [2007/02/05 17:36:48 | 000,049,664 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV:64bit: - [2006/11/02 02:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV - [2013/05/31 11:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20130715.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/05/24 13:24:39 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20130722.003\ex64.sys -- (NAVEX15)
DRV - [2013/05/24 13:24:39 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20130722.003\eng64.sys -- (NAVENG)
DRV - [2013/01/24 17:31:08 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20130719.002\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/15 14:05:02 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/14 21:34:37 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/09/09 09:00:28 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/09/09 09:00:28 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...A-0023AE32B830}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2418376
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...A-0023AE32B830}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.internet-home-page.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 DC 52 34 FC 71 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = https://www.google.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {F539C88A-8455-4367-89EB-C9B7ED93BAAE}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...F5-5D634B1FBF66
IE - HKCU\..\SearchScopes\{2CFF5CC3-2777-4CB5-84A8-3E868B49D29D}: "URL" = http://www.internet-...q={searchTerms}
IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.att.ipl...q={searchTerms}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{4EB42CCA-CE23-47E0-A152-333462250264}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-03-29 16:38:06&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{97A1352C-CB9B-4B3F-ACCE-290243CDA5F7}: "URL" = http://www.internet-...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BAAEDA8-9929-DDF5-2A4A-B3FC1C987170}: "URL" = http://www.bing.com/...ferrer:source?}
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...il&geo=US&ver=5
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{B8B02A05-5EE4-4A57-8D05-643FF6C96D74}: "URL" = http://www.internet-...q={searchTerms}
IE - HKCU\..\SearchScopes\{E782DE68-D31E-46D6-8B25-CE33E5EF52BD}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...006.10043&st=23
IE - HKCU\..\SearchScopes\{EFBDF342-2B3A-44B0-810B-7DCF597AA883}: "URL" = http://www.internet-...{inputEncoding}
IE - HKCU\..\SearchScopes\{F539C88A-8455-4367-89EB-C9B7ED93BAAE}: "URL" = http://search.condui...3663708322&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files (x86)\FunWebProducts\Installr\1.bin\NPFunWeb.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@nds.com/PCShowPlugin: C:\Users\Owner\AppData\Local\DIRECTV Player\npPCShowPlugin.dll (NDS)
FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\Owner\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Users\Owner\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPlgn\ [2013/05/24 19:32:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\coFFPlgn\ [2013/07/22 13:47:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/06/04 00:36:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/06/20 18:10:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/08 18:59:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/08 18:59:50 | 000,000,000 | ---D | M]

[2011/11/29 10:00:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2010/08/16 14:51:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\[email protected]
[2013/05/24 19:41:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dplph78z.default\extensions
[2011/11/29 10:07:56 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dplph78z.default\extensions\[email protected]
[2013/06/08 18:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dplph78z.default\extensions\staged
[2013/06/20 17:29:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\i90z0oa4.default\extensions
[2012/05/19 20:22:16 | 000,004,733 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\dplph78z.default\extensions\[email protected]
[2013/06/20 17:29:18 | 000,216,095 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\i90z0oa4.default\extensions\[email protected]
[2013/07/08 18:59:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/07/08 18:59:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/08 18:59:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/08 19:00:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/08 18:59:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\distribution\extensions
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/12/20 00:42:07 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/13 23:28:05 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files (x86)\mozilla firefox\plugins\nppopcaploader.dll
[2009/07/02 11:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2011/10/17 13:14:28 | 000,002,149 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2010/08/19 17:31:16 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/09/30 16:23:49 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/09/16 09:42:21 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011/10/23 00:08:57 | 000,001,943 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Yahooober33103209.xml
[2011/10/17 14:07:59 | 000,001,943 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Yahooober92330252.xml

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - No CLSID value found.
O2 - BHO: (no name) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - No CLSID value found.
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (no name) - {FDCC62B4-8059-4FCF-8B69-BD2EC413A6F2} - No CLSID value found.
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKCU..\Run: [EPSON NX510 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Windows\TEMP\E_S5B97.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [EPSON NX510 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Windows\TEMP\E_S25D8.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [EPSON8E0A7A] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Windows\TEMP\E_S3583.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [PCShowServer] C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe (NDS Technologies)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O9 - Extra Button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: inboswdollars.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: patientslikeme.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: tv.com ([authorize] https in Trusted sites)
O15 - HKCU\..Trusted Domains: walmart.com ([www] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C62E2A6-F79D-404C-8C15-D4431A8F3A74}: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8801CC70-4EF6-4EA0-A471-62DD7D5D54DF}: DhcpNameServer = 192.168.7.254
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Local\Microsoft\BingDesktop\themes\2013-07-22.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Local\Microsoft\BingDesktop\themes\2013-07-22.jpg
O32 - HKLM CDRom: AutoRun - 1
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/08 18:59:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/06/28 08:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop
[2013/06/26 20:09:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/06/25 17:19:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Crochet Apache Tears FREE Pattern __files
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/22 14:14:49 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/22 13:56:11 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/22 13:49:50 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/22 13:46:35 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/22 13:46:35 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/22 13:46:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/18 18:33:00 | 000,605,080 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/18 18:32:59 | 000,719,946 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/18 18:32:59 | 000,104,934 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/18 18:08:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/07/17 16:53:20 | 000,313,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/06/28 08:33:08 | 000,001,813 | ---- | M] () -- C:\Windows\SysWow64\UserPref.json
[2013/06/28 08:33:08 | 000,000,093 | ---- | M] () -- C:\Windows\SysWow64\Configurations.plist.signed
[2013/06/27 14:18:06 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/06/27 14:18:01 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/06/27 14:18:00 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/06/27 14:18:00 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/06/27 14:17:06 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/06/27 14:17:06 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/06/27 14:07:59 | 773,715,211 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/28 08:33:08 | 000,001,813 | ---- | C] () -- C:\Windows\SysWow64\UserPref.json
[2013/06/28 08:33:06 | 000,000,093 | ---- | C] () -- C:\Windows\SysWow64\Configurations.plist.signed
[2013/06/27 14:18:11 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/06/26 18:58:58 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/06/26 18:58:58 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2012/01/29 17:51:46 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/01/29 17:51:46 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/11/10 18:46:59 | 000,000,439 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011/10/04 18:47:58 | 000,000,732 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2011/05/21 15:04:57 | 006,874,694 | ---- | C] () -- C:\Users\Owner\com.terrypaton.breakit4.air
[2011/05/10 10:01:34 | 000,905,728 | -HS- | C] () -- C:\Users\Owner\ehthumbs_vista.db
[2010/10/16 12:01:28 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/06/03 21:43:06 | 000,024,226 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2009/05/26 17:03:03 | 000,001,184 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/05/26 00:05:35 | 000,024,064 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/05/20 14:15:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Arkadium
[2012/06/29 22:58:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\calibre
[2010/02/03 11:38:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/01 13:49:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CrystalIdea Software
[2009/11/19 11:34:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
[2011/01/28 13:08:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DriverCure
[2009/06/25 21:38:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\eMusic
[2011/01/07 11:29:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Epson
[2010/05/31 00:05:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Facebook
[2009/11/07 01:46:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo
[2010/09/17 19:31:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leader Technologies
[2010/08/16 15:08:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LimeWire
[2011/10/27 11:15:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mahjong LoT
[2011/11/16 09:19:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Oberon Media
[2010/11/13 13:21:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Paltalk
[2012/01/27 14:08:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ParetoLogic
[2012/09/19 17:32:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PCCUStubInstaller
[2009/06/03 21:43:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PeerNetworking
[2011/03/09 08:29:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Registry Mechanic
[2012/04/10 08:39:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Spotify
[2011/10/14 08:45:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Systweak
[2009/06/07 11:22:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2010/09/25 17:19:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Tific
[2009/09/21 11:04:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009/11/08 22:16:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2009/11/08 12:21:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TweetPocket.206395F9AD09DB46721ECAB992E1762159D60F5A.1
[2012/04/25 08:56:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Uniblue
[2009/05/25 22:13:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:303528AB
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:AA4982C6
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

OTL Extras logfile created on: 7/22/2013 2:21:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 44.41% Memory free
8.10 Gb Paging File | 5.82 Gb Available in Paging File | 71.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 216.81 Gb Free Space | 76.50% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 8.63 Gb Free Space | 58.93% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = BF 5D 24 5D 26 F1 C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{080FDAEB-DD36-461F-8DFD-2615E6467621}" = lport=445 | protocol=6 | dir=in | app=system |
"{082FD1C2-A27D-40EA-BD08-6296C0EDC2A4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{08DDC34A-3322-4865-B956-C56DD9D37FD4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{0CFB68B9-5600-43F4-8DDA-9F7D1937CE17}" = lport=10243 | protocol=6 | dir=in | app=system |
"{150973C0-BE93-4128-A10A-BD007E96F2D3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1FDB4F9A-895A-47B8-B24F-9E88C13A0E58}" = lport=138 | protocol=17 | dir=in | app=system |
"{2CA2A89A-9FF9-4A1E-9C0F-833233309E04}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{2EABD2AE-9495-4EA0-A9EA-97E28AC85B6B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3695DC67-2C66-402A-8DA8-A0A801292651}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{36AE0600-F775-463A-8CF5-5132628A4D47}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{3C19D78A-81D1-48A1-A4A4-28DC5514CD17}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{3ED53BDD-4D11-4F4E-B3C0-17519458F7F0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3EE514B3-3CC5-47C1-9226-38497C1D002F}" = lport=1723 | protocol=6 | dir=in | app=system |
"{485C235D-5EBA-4AD5-AE8A-D4B9C085567B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4DEBF618-AD93-406F-ADA4-FE11423589A5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{656A2863-0070-4C79-B29B-B3CC78E9F9F0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6EA2C3CF-1F33-467C-BEC1-4E4B48A45765}" = lport=137 | protocol=17 | dir=in | app=system |
"{71425B02-8CC1-444D-AA98-5891193DD60E}" = rport=139 | protocol=6 | dir=out | app=system |
"{74C7F05B-BB0A-4B6A-9D53-65FCE583AF81}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{7C4E6510-EBC1-4EAA-8594-FF15B7F729C2}" = lport=1701 | protocol=17 | dir=in | app=system |
"{7D97B808-8814-426F-8A82-3403CD8BF0C3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8499809E-1C33-426F-AE8E-CF7F5C40DC2D}" = rport=1701 | protocol=17 | dir=out | app=system |
"{88EFCA7C-3805-4994-8C4B-0E48A3619B35}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8BFA0C5B-C03D-4A16-85A3-A0F181A2F999}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8C783841-10A0-4E10-94A2-743FB43259A2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{A46BF225-9E5D-41BD-BC3D-E3E74B3FAB41}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{A46F8124-9D84-4FB7-AEB1-D952DC2EF3E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{A722E691-5A37-4F65-89E0-81AC236B049D}" = rport=445 | protocol=6 | dir=out | app=system |
"{ADCE0DD7-A8B6-44C5-8575-99DD3384D359}" = lport=139 | protocol=6 | dir=in | app=system |
"{AECD2663-874F-4977-9BEF-A8D92565035D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B38A55AE-6393-4D23-8485-E07B4B6AA8CE}" = rport=138 | protocol=17 | dir=out | app=system |
"{B549DE9F-ACDE-4AAE-BD41-A36CC08E79A7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BF188B5C-A21A-4540-AD7B-C6A323C8A722}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C4DA1480-CEC6-4939-8F34-069707194948}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D65FAF69-0A83-47BE-9582-86452156C44A}" = rport=137 | protocol=17 | dir=out | app=system |
"{D7179D0C-67F7-43EF-A8F2-E732D247BF72}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{DDA03F72-2637-4C4C-BFD5-56AAFA99F4A4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{E32E915F-5897-4E82-A8EE-E43F50D84FD8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{ED36C5FF-A53F-4B08-B987-A68D7D644914}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F0BF4CE8-2C6F-4A76-AC71-87DD50A25FA6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F83AF1A7-3DBF-493B-ADB9-1EBBEA50DF77}" = rport=1723 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03EBB042-50FC-4BA4-8D6C-DDE34A6D6289}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{093D1143-2A77-413F-85DC-8E2E8BB65CF9}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{0DFB07D7-13AC-44BC-A972-F4F6CB6C8AF4}" = protocol=6 | dir=out | app=system |
"{117E3227-7E87-47A6-B57A-08FB9AF09F06}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{17E5A0D2-3C72-4704-A779-C8C4F6BBF78A}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{1AF69BC2-C412-4143-A9E7-653FFC58704E}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{20C0C479-EAAD-4092-B626-44BA8A2B56CC}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{216EAAD5-7B85-4EB2-8BC0-C88E25020320}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{2A10A6BD-BD9F-4938-95B2-FBCE8BA1D2A7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2A397B91-24D5-43BD-82C7-7BB121D66CA2}" = protocol=17 | dir=in | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{2F9A2CE7-163A-489A-8A20-A655F3609237}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{3005A14D-F93D-45D0-BBD3-2999FF47EF5F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{467F8C2D-2195-40B7-8B68-5AE573E81F04}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{49031C56-4EC8-4B21-9042-2890F0C80DB6}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{497E7B1F-F242-455A-B2D7-4D607A8F26DE}" = protocol=17 | dir=in | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{4B1473B1-3EC8-46F7-81B3-D987EDCFE812}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{52C3B5A6-44ED-4537-83C3-F68BC64E003F}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{57A6D680-2670-4DE0-841A-F99CC0F9DD83}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{58200508-D0C8-47CE-BF4B-B04283654270}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{63E66E0C-3D65-417F-89AA-CD8F4016A15C}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{67E9B11B-78ED-467D-B959-07640BB787EB}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{67FF3D6D-1E00-47E2-A35B-06057079EE8B}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{6860D54A-E0E4-4036-B423-967058E0BD70}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{6E6CD869-4A5E-4EE7-8D57-E41B9873E6FA}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{700DB62B-BEF6-4FCE-9DE6-653AD04A3ED8}" = protocol=6 | dir=out | app=system |
"{78DF612E-3EDF-479C-89D8-11883FAB136C}" = protocol=6 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{79440D95-0B44-4038-88C8-121E18462DC6}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{79D0CD25-A083-4CDF-8DB6-32069143BACD}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{7F4D6BEF-9AFD-4997-BE37-88347C11B56D}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{83B93C8A-F7E7-490F-9ED8-E40F22BE2EFE}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{87670EF5-88FA-4FE7-B7AB-B81C817892A7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8911E086-C043-4D18-96A1-0FE49E3A74D7}" = protocol=17 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{8F370D0A-F139-46BC-88E6-1C9750096400}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{93561EA5-C6E8-4CF1-A765-A7DAE0C23D84}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{94C91C5C-9702-4C65-A372-EEC8FF3164F9}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{ACC39DAB-15F0-4618-8735-77A125E1063B}" = protocol=17 | dir=in | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{B0FB5768-36CC-4E2D-AAAB-4227C4767E99}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{B103477F-5559-495B-BC71-ADC84A80B11F}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{B3078E4A-727F-4466-824A-A58CD8CFC9AB}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{B3D2FEB2-EB68-4A83-A3E8-94ADF53CC4D0}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{B82D72F2-CB80-45EB-87F9-0DF1CA9B1C15}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{B93984A3-5530-4666-8A41-590EA27B1D82}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BD8ED45E-0886-47E6-AB88-F6500C64F2F6}" = protocol=17 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{BE61A27E-0635-48C5-AD75-A8C5CB2299F3}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{C4B289A4-173D-4206-B9D6-B54643B37F87}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{C5793A64-4F03-4828-96DE-7C2CB69A2EA4}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{D19D08FF-D52E-4D77-9B51-FDA7A23A6886}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D7D2E5DA-2368-4220-BE92-393C7C1E15FE}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{D92F92BB-58DE-45F3-AA40-AD9135ADC7BB}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{DF9CBA9D-0A2A-4E19-806A-62CB2BD42D2A}" = protocol=6 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{E4A0640C-5BEC-40C1-ACB8-9FB709AA913B}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{E4E78CB1-4860-401C-8951-1759C34412EB}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{E77B0D3D-2DB3-4ADE-8C21-1599DCC6539C}" = protocol=6 | dir=out | app=system |
"{F05F1EEE-770C-4E4F-8C4A-9C54B1822E4A}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{F4CFFA41-5E5E-4EAE-8C4B-0C6136ACBEE3}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{F9053017-18F0-40B6-AE8C-483408D0B245}" = protocol=17 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{FAE8DDBF-E380-4CEE-82C2-1CDA4419DEBD}" = protocol=6 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{FEA2B801-9802-405F-88C9-0ACEBF07B3C0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{FF97F397-2572-4DE4-9F71-0E02C4990A3E}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"TCP Query User{00838CFF-A5D2-430A-B3AC-34CD1036313F}C:\program files (x86)\dell video chat\dellvideochat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"TCP Query User{11DF193C-E45C-4217-9AE1-98B95CD35E8F}C:\users\owner\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{1BB7067A-AEF8-462D-978B-06E601797B48}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{1E75F155-769A-4D3A-8F1F-4A00CDDC272F}C:\users\owner\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
"TCP Query User{371674A5-2F3C-4082-A444-C5DD3336DABC}C:\users\owner\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
"UDP Query User{25BC0CD5-2803-407D-8204-A100680274CB}C:\users\owner\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{59EB21B1-219D-477A-BC95-DBEFA0AB4F35}C:\users\owner\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
"UDP Query User{9F937267-1A31-4B2C-B8A5-B67FCC730DE4}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{B8A616C6-BA87-4A43-97BF-1914916E7C64}C:\program files (x86)\dell video chat\dellvideochat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"UDP Query User{F23FAFDC-29C0-4E16-8BFF-9927F19958AE}C:\users\owner\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java™ 6 Update 30 (64-bit)
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{AB79B2CD-4555-4D3F-BC37-8948598223F2}" = runtime64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"CCleaner" = CCleaner
"Creative OA009" = Integrated Webcam Driver (1.02.01.0320)
"EPSON NX510 Series" = EPSON NX510 Series Printer Uninstall
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{053C30EA-D4C6-47A0-8537-8D231D9BE873}" = DELL0703
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F3783B7-F809-45A7-8A92-A44B441FDA7C}" = DIRECTV Player
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7456BBA3-642F-4E59-9F89-7639977D7C39}" = Cozi
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A3810BEE-967B-41DC-9662-F941A3F7D689}" = calibre
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E6C82F8F-2031-4825-8CC3-98C5960875C1}" = Epson CreativeZone
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Amazon Add to Wish List IE Extension" = Amazon Add to Wish List IE Extension 1.1
"avast" = avast! Free Antivirus
"Cisco Connect" = Cisco Connect
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"EPSON Scanner" = EPSON Scan
"Flash Player Pro_is1" = Flash Player Pro V5.4
"GameHouse" = GameHouse
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hoyle Mahjong Tiles" = Hoyle Mahjong Tiles
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"Norton PC Checkup_is1" = Norton PC Checkup
"NortonPCCheckup" = Norton PC Checkup
"NSS" = Norton Security Scan
"SoftwareUpdUtility" = Download Updater (AOL Inc.)
"Uninstall_is1" = Uninstall 1.0.0.1
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WT088846" = Aquitania
"WT088996" = Mahjongg Dimensions Deluxe
"WTA-b0eca5e8-624c-4ad3-88ca-a0bb0a04d0df" = Call of Atlantis
"WTA-d7a0e190-bd45-4025-9a60-0f5f574f45de" = Mahjong: Legacy of Toltecs

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Facebook Plug-In" = Facebook Plug-In
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/18/2013 7:22:42 PM | Computer Name = Owner-PC | Source = MsiInstaller | ID = 11500
Description =

Error - 7/18/2013 7:22:43 PM | Computer Name = Owner-PC | Source = MsiInstaller | ID = 11500
Description =

Error - 7/18/2013 7:22:44 PM | Computer Name = Owner-PC | Source = MsiInstaller | ID = 11500
Description =

Error - 7/18/2013 7:22:53 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application mscorsvw.exe, version 4.0.30319.1, time stamp
0x4ba1da21, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x7405a57d, process id 0xdfc, application start time
0x01ce840db9452f64.

Error - 7/18/2013 7:23:19 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application mscorsvw.exe, version 4.0.30319.1, time stamp
0x4ba1da21, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x7405a57d, process id 0x144, application start time
0x01ce840dc95eb4c4.

Error - 7/18/2013 7:23:56 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application mscorsvw.exe, version 4.0.30319.1, time stamp
0x4ba1da21, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x7405a57d, process id 0x9a0, application start time
0x01ce840ddf4d44e4.

Error - 7/18/2013 7:24:59 PM | Computer Name = Owner-PC | Source = MsiInstaller | ID = 11500
Description =

Error - 7/18/2013 7:25:36 PM | Computer Name = Owner-PC | Source = EventSystem | ID = 4621
Description =

Error - 7/18/2013 7:25:45 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application mscorsvw.exe, version 4.0.30319.1, time stamp
0x4ba1da21, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x7405a57d, process id 0x250, application start time
0x01ce840e1fd86e94.

Error - 7/22/2013 2:46:55 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

[ Broadcom Wireless LAN Events ]
Error - 1/7/2013 12:54:52 AM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
Description = 22:54:52, Sun, Jan 06, 13 Error - Unable to gain access to user store


Error - 1/7/2013 3:09:42 PM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
Description = 13:09:42, Mon, Jan 07, 13 Error - Unable to gain access to user store


Error - 1/8/2013 5:20:04 AM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
Description = 03:20:04, Tue, Jan 08, 13 Error - Unable to gain access to user store


Error - 1/8/2013 7:26:50 PM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
Description = 17:26:50, Tue, Jan 08, 13 Error - Unable to gain access to user store


Error - 1/9/2013 9:33:48 AM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
Description = 07:33:48, Wed, Jan 09, 13 Error - Unable to gain access to user store


Error - 1/9/2013 11:34:25 PM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
Description = 21:34:25, Wed, Jan 09, 13 Error - Unable to gain access to user store


Error - 1/10/2013 2:10:25 PM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
Description = 12:10:25, Thu, Jan 10, 13 Error - Unable to gain access to user store


Error - 1/11/2013 9:35:12 AM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
Description = 07:35:11, Fri, Jan 11, 13 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 5/19/2012 12:44:24 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/19/2012 2:17:06 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/19/2012 4:09:54 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/19/2012 6:59:27 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/19/2012 8:26:19 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/20/2012 1:34:39 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/20/2012 3:29:08 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/20/2012 6:03:49 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/21/2012 4:37:10 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 1/31/2011 1:55:31 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/18/2013 7:10:52 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
Description =

Error - 7/22/2013 2:46:40 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =

Error - 7/22/2013 2:46:56 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/22/2013 2:46:56 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/22/2013 2:46:56 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/22/2013 2:46:56 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/22/2013 2:47:43 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10016
Description =

Error - 7/22/2013 2:57:53 PM | Computer Name = Owner-PC | Source = bowser | ID = 8003
Description =

Error - 7/22/2013 3:48:18 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 7/22/2013 3:48:19 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7032
Description =


< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 22 July 2013 - 02:40 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, you currently have three antivirus programmes running. This is the one time when more is not better

Assuming you wish to keep Avast then I would recommend that you uninstall Norton and McAfee

I will give a link for the removal tools to run after they have been uninstalled via control panel > programmes and features

Norton removal tool
McAfee removal tool

Could you screenshot the Avast alert and attach it here as that will give me more information

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...A-0023AE32B830}
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2418376
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...A-0023AE32B830}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...F5-5D634B1FBF66
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-03-29 16:38:06&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{E782DE68-D31E-46D6-8B25-CE33E5EF52BD}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...006.10043&st=23
IE - HKCU\..\SearchScopes\{F539C88A-8455-4367-89EB-C9B7ED93BAAE}: "URL" = http://search.condui...3663708322&UM=2
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files (x86)\FunWebProducts\Installr\1.bin\NPFunWeb.dll File not found
[2011/10/17 13:14:28 | 000,002,149 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2010/08/19 17:31:16 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - No CLSID value found.
O2 - BHO: (no name) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - No CLSID value found.
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (no name) - {FDCC62B4-8059-4FCF-8B69-BD2EC413A6F2} - No CLSID value found.

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

FINALLY

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
calmat01
Posted 22 July 2013 - 07:47 PM

calmat01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
here are the scan results. The first one is a registry I got after rebooting the laptop when the OTL fix ran. This is followed by the log when OTL ran a second time. Also, I have attached three of the sample screen shots when Avast keeps warning me of the suspicious URLS.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E782DE68-D31E-46D6-8B25-CE33E5EF52BD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E782DE68-D31E-46D6-8B25-CE33E5EF52BD}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F539C88A-8455-4367-89EB-C9B7ED93BAAE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F539C88A-8455-4367-89EB-C9B7ED93BAAE}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@funwebproducts.com/Plugin\ deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\adawaretb.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDCC62B4-8059-4FCF-8B69-BD2EC413A6F2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDCC62B4-8059-4FCF-8B69-BD2EC413A6F2}\ not found.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 480 bytes
->Temporary Internet Files folder emptied: 938 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 95035380 bytes
->Flash cache emptied: 43486 bytes

User: Owner
->Temp folder emptied: 58113353 bytes
->Temporary Internet Files folder emptied: 5309312 bytes
->Java cache emptied: 81992412 bytes
->FireFox cache emptied: 30278705 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1211985 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 177097943 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 1601 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 428.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07222013_201352

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL logfile created on: 7/22/2013 8:28:00 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 51.22% Memory free
8.10 Gb Paging File | 5.93 Gb Available in Paging File | 73.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 218.46 Gb Free Space | 77.08% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 8.63 Gb Free Space | 58.93% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/22 19:44:10 | 000,932,528 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/07/22 14:19:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
PRC - [2013/07/18 18:11:03 | 001,861,512 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
PRC - [2013/07/08 19:00:05 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/06/27 12:15:06 | 002,249,352 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
PRC - [2013/06/27 12:15:06 | 000,349,832 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
PRC - [2013/06/27 12:15:06 | 000,206,984 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
PRC - [2013/06/27 12:15:06 | 000,173,192 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013/06/27 12:15:06 | 000,153,224 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 03:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 03:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/04/04 13:54:23 | 000,132,504 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
PRC - [2013/02/12 21:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/02/05 10:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012/04/02 16:50:14 | 000,351,888 | ---- | M] (NDS Technologies) -- C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
PRC - [2012/04/02 16:49:58 | 000,686,208 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
PRC - [2011/11/07 14:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/12/17 23:27:22 | 004,823,928 | ---- | M] (Dell Inc. and SightSpeed Inc.) -- C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
PRC - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 17:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/22 19:44:10 | 000,932,528 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2013/07/18 18:11:02 | 016,166,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
MOD - [2013/07/08 19:00:04 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/02/12 21:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/12 21:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2012/04/02 16:52:04 | 000,091,240 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\z.dll
MOD - [2012/04/02 16:51:50 | 001,402,488 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\libxml2-2.dll
MOD - [2012/04/02 16:51:32 | 000,688,264 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
MOD - [2012/04/02 16:50:40 | 006,809,720 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\gsttspplugin.dll
MOD - [2012/04/02 16:50:30 | 000,273,528 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\ndsLogStore.dll
MOD - [2012/04/02 16:50:24 | 000,051,864 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\boost_thread-vc90-mt-1_39.dll
MOD - [2012/04/02 16:50:22 | 002,049,152 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\XferManagerDll.dll
MOD - [2012/04/02 16:50:20 | 001,945,704 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\TSB.dll
MOD - [2012/04/02 16:50:08 | 002,721,920 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerDll.dll
MOD - [2012/04/02 16:49:58 | 000,686,208 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
MOD - [2012/04/02 16:49:56 | 001,988,216 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\DrmSingleton.dll
MOD - [2012/04/02 16:49:52 | 001,226,872 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\CatalogDll.dll
MOD - [2008/12/17 23:24:14 | 006,510,416 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\QtGui4.dll
MOD - [2008/12/17 23:24:14 | 001,657,168 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\QtCore4.dll
MOD - [2008/12/17 23:24:14 | 000,396,112 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\QtOpenGL4.dll
MOD - [2008/12/17 23:24:14 | 000,366,928 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\QtNetwork4.dll
MOD - [2008/12/17 23:24:14 | 000,027,472 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\SDL.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/09 03:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2008/12/22 05:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/12/14 23:13:46 | 000,281,600 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/12/14 23:13:30 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 21:52:05 | 000,521,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ntmssvc.dll -- (NtmsSvc)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006/11/02 06:16:05 | 000,046,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (yksvc)
SRV - [2013/07/18 18:11:03 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/08 19:00:04 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/27 12:15:06 | 000,173,192 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 13:54:23 | 000,132,504 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2013/02/05 10:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/11/07 14:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/04 07:07:31 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2009/11/04 07:07:31 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/27 14:18:01 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/06/27 14:18:00 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/06/27 14:17:06 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/05/09 03:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 03:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 03:59:07 | 000,059,144 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr)
DRV:64bit: - [2013/05/09 03:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 03:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/04/30 03:51:09 | 000,040,616 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/03/29 20:44:03 | 000,015,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/09 09:00:34 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2011/09/09 09:00:34 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2011/06/15 10:10:14 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/27 13:40:40 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/04/11 01:16:39 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/03/26 08:00:16 | 000,071,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2009/03/19 17:02:00 | 000,311,296 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA009Vid.sys -- (OA009Vid)
DRV:64bit: - [2009/03/06 07:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA009Ufd.sys -- (OA009Ufd)
DRV:64bit: - [2009/01/07 09:35:42 | 000,033,792 | ---- | M] (Susteen, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sustucau.sys -- (SUSTUCAU)
DRV:64bit: - [2009/01/07 09:35:40 | 000,056,832 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sustucap.sys -- (SUSTUCAP)
DRV:64bit: - [2009/01/07 09:35:40 | 000,056,832 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sustucam.sys -- (SUSTUCAM)
DRV:64bit: - [2008/12/22 05:34:48 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/12/17 04:22:04 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/12/14 23:13:56 | 000,472,064 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/12/09 00:12:36 | 008,036,160 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/11/29 08:19:28 | 000,028,208 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2008/09/04 00:29:22 | 000,199,728 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/09/01 05:19:24 | 000,392,192 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/02/13 09:20:16 | 000,017,920 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Amusbx64.sys -- (Amusbprt)
DRV:64bit: - [2008/01/20 21:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2007/10/15 04:37:22 | 000,012,288 | ---- | M] ((Standard mouse types)) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\Amfltx64.sys -- (Amfilter)
DRV:64bit: - [2007/02/05 17:36:48 | 000,049,664 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV:64bit: - [2006/11/02 02:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV - [2011/09/09 09:00:28 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/09/09 09:00:28 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.internet-home-page.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 DC 52 34 FC 71 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = https://www.google.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {F539C88A-8455-4367-89EB-C9B7ED93BAAE}
IE - HKCU\..\SearchScopes\{2CFF5CC3-2777-4CB5-84A8-3E868B49D29D}: "URL" = http://www.internet-...q={searchTerms}
IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.att.ipl...q={searchTerms}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{4EB42CCA-CE23-47E0-A152-333462250264}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{97A1352C-CB9B-4B3F-ACCE-290243CDA5F7}: "URL" = http://www.internet-...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BAAEDA8-9929-DDF5-2A4A-B3FC1C987170}: "URL" = http://www.bing.com/...ferrer:source?}
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...il&geo=US&ver=5
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{B8B02A05-5EE4-4A57-8D05-643FF6C96D74}: "URL" = http://www.internet-...q={searchTerms}
IE - HKCU\..\SearchScopes\{EFBDF342-2B3A-44B0-810B-7DCF597AA883}: "URL" = http://www.internet-...{inputEncoding}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@nds.com/PCShowPlugin: C:\Users\Owner\AppData\Local\DIRECTV Player\npPCShowPlugin.dll (NDS)
FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\Owner\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Users\Owner\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/06/04 00:36:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/06/20 18:10:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/08 18:59:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/08 18:59:50 | 000,000,000 | ---D | M]

[2011/11/29 10:00:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2010/08/16 14:51:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\[email protected]
[2013/05/24 19:41:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dplph78z.default\extensions
[2011/11/29 10:07:56 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dplph78z.default\extensions\[email protected]
[2013/06/08 18:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dplph78z.default\extensions\staged
[2013/06/20 17:29:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\i90z0oa4.default\extensions
[2012/05/19 20:22:16 | 000,004,733 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\dplph78z.default\extensions\[email protected]
[2013/06/20 17:29:18 | 000,216,095 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\i90z0oa4.default\extensions\[email protected]
[2013/07/08 18:59:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/07/08 18:59:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/08 18:59:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/08 19:00:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/08 18:59:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\distribution\extensions
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/12/20 00:42:07 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/13 23:28:05 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files (x86)\mozilla firefox\plugins\nppopcaploader.dll
[2009/07/02 11:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2011/09/30 16:23:49 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/09/16 09:42:21 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011/10/23 00:08:57 | 000,001,943 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Yahooober33103209.xml
[2011/10/17 14:07:59 | 000,001,943 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Yahooober92330252.xml

O1 HOSTS File: ([2013/07/22 20:14:22 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [EPSON NX510 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Windows\TEMP\E_S5B97.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [EPSON NX510 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Windows\TEMP\E_S25D8.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [EPSON8E0A7A] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Windows\TEMP\E_S3583.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [PCShowServer] C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe (NDS Technologies)
O4 - HKCU..\Run: [SightSpeed] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKCU..\Run: [Spotify] C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O9 - Extra Button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: inboswdollars.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: patientslikeme.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: tv.com ([authorize] https in Trusted sites)
O15 - HKCU\..Trusted Domains: walmart.com ([www] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C62E2A6-F79D-404C-8C15-D4431A8F3A74}: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8801CC70-4EF6-4EA0-A471-62DD7D5D54DF}: DhcpNameServer = 192.168.7.254
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Local\Microsoft\BingDesktop\themes\2013-07-22.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Local\Microsoft\BingDesktop\themes\2013-07-22.jpg
O32 - HKLM CDRom: AutoRun - 1
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/22 20:13:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/22 19:50:27 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2013/07/18 18:06:27 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/07/18 18:06:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/07/18 18:06:23 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/18 18:06:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/18 18:06:22 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/07/18 18:06:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/07/18 18:06:21 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/07/18 18:06:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/07/18 18:06:18 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/07/18 18:06:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/07/18 18:06:16 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/18 18:06:16 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/18 18:06:12 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/18 18:06:10 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/07/18 18:06:09 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/17 13:08:20 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/17 13:08:19 | 001,706,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/17 13:08:13 | 000,619,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/17 13:08:12 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/17 13:07:58 | 001,556,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/17 13:07:57 | 000,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/07/17 13:07:56 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/07/17 13:07:53 | 001,268,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/07/17 13:07:52 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/07/17 13:07:52 | 000,287,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/07/17 13:07:51 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/07/17 13:07:50 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/07/08 18:59:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/06/28 08:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop
[2013/06/26 20:09:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/06/25 17:19:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Crochet Apache Tears FREE Pattern __files

========== Files - Modified Within 30 Days ==========

[2013/07/22 20:20:20 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/22 20:19:57 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/22 20:19:56 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/22 20:19:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/22 20:14:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/22 20:02:54 | 000,000,274 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1B9804EA-42ED-4529-981C-46E7C5450341}.job
[2013/07/22 19:57:30 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/18 18:33:00 | 000,605,080 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/18 18:32:59 | 000,719,946 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/18 18:32:59 | 000,104,934 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/18 18:11:03 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/18 18:11:03 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/07/18 18:08:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/06/28 08:33:08 | 000,001,813 | ---- | M] () -- C:\Windows\SysWow64\UserPref.json
[2013/06/28 08:33:08 | 000,000,093 | ---- | M] () -- C:\Windows\SysWow64\Configurations.plist.signed
[2013/06/27 14:18:06 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/06/27 14:18:01 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/06/27 14:18:00 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/06/27 14:18:00 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/06/27 14:17:06 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/06/27 14:17:06 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum

========== Files Created - No Company Name ==========

[2013/07/22 20:02:54 | 000,000,274 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{1B9804EA-42ED-4529-981C-46E7C5450341}.job
[2013/06/28 08:33:08 | 000,001,813 | ---- | C] () -- C:\Windows\SysWow64\UserPref.json
[2013/06/28 08:33:06 | 000,000,093 | ---- | C] () -- C:\Windows\SysWow64\Configurations.plist.signed
[2013/06/27 14:18:11 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/06/26 18:58:58 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/06/26 18:58:58 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2012/01/29 17:51:46 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/01/29 17:51:46 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/11/10 18:46:59 | 000,000,439 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011/10/04 18:47:58 | 000,000,732 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2011/05/21 15:04:57 | 006,874,694 | ---- | C] () -- C:\Users\Owner\com.terrypaton.breakit4.air
[2011/05/10 10:01:34 | 000,905,728 | -HS- | C] () -- C:\Users\Owner\ehthumbs_vista.db
[2010/10/16 12:01:28 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/06/03 21:43:06 | 000,024,226 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2009/05/26 17:03:03 | 000,001,184 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/05/26 00:05:35 | 000,024,064 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:303528AB
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:AA4982C6
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

Attached Thumbnails

  • screenshots.jpg

  • 0

#4
calmat01
Posted 22 July 2013 - 10:39 PM

calmat01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Here are the results of the scan from AdwCleaner. I forgot to include it with the previous post.

# AdwCleaner v2.306 - Logfile created 07/22/2013 at 22:09:56
# Updated 19/07/2013 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : WajamUpdater

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\FreeCause
Deleted on reboot : C:\Program Files (x86)\Common Files\Software Update Utility
Deleted on reboot : C:\Program Files (x86)\Conduit
Deleted on reboot : C:\Program Files (x86)\Iminent
Deleted on reboot : C:\Program Files (x86)\OApps
Deleted on reboot : C:\Program Files (x86)\ParetoLogic
Deleted on reboot : C:\Program Files (x86)\registry mechanic
Deleted on reboot : C:\Program Files (x86)\Yontoo Layers Client
Deleted on reboot : C:\ProgramData\ParetoLogic
Deleted on reboot : C:\ProgramData\Tarma Installer
Deleted on reboot : C:\ProgramData\Trymedia
Deleted on reboot : C:\Users\Owner\AppData\Local\Conduit
Deleted on reboot : C:\Users\Owner\AppData\Local\PackageAware
Deleted on reboot : C:\Users\Owner\AppData\Local\Wajam
Deleted on reboot : C:\Users\Owner\AppData\LocalLow\boost_interprocess
Deleted on reboot : C:\Users\Owner\AppData\LocalLow\Conduit
Deleted on reboot : C:\Users\Owner\AppData\LocalLow\PriceGong
Deleted on reboot : C:\Users\Owner\AppData\LocalLow\StumbleUpon
Deleted on reboot : C:\Users\Owner\AppData\LocalLow\TelevisionFanaticEI
Deleted on reboot : C:\Users\Owner\AppData\LocalLow\Toolbar4
Deleted on reboot : C:\Users\Owner\AppData\LocalLow\Zango
Deleted on reboot : C:\Users\Owner\AppData\Roaming\DriverCure
Deleted on reboot : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dplph78z.default\extensions\[email protected]
Deleted on reboot : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dplph78z.default\extensions\staged
Deleted on reboot : C:\Users\Owner\AppData\Roaming\ParetoLogic
Deleted on reboot : C:\Users\Owner\AppData\Roaming\registry mechanic

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\alot
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\ShopperReports3
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShopperReportsSA
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\Software\Bandoo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AA2E16F2-387A-415F-BA95-B89BAF3AF109}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\StumbleUpon
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i90z0oa4.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [15666 octets] - [22/07/2013 22:09:56]

########## EOF - C:\AdwCleaner[S1].txt - [15727 octets] ##########
  • 0

#5
Essexboy
Posted 23 July 2013 - 07:10 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Were you able to run AswMBR at all ?

I will remove the last of Norton and then check out the MBR

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
SRV - [2013/04/04 13:54:23 | 000,132,504 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/11/07 14:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe -- (PCCUJobMgr)

:Files
C:\Program Files (x86)\Norton PC Checkup

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

#6
calmat01
Posted 23 July 2013 - 10:55 AM

calmat01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Here is the log from the aswMBR scan. I was able to run it last night but did not post the results until now.

Attached Files


  • 0

#7
Essexboy
Posted 23 July 2013 - 12:06 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK continue with TDSSKiller please
  • 0

#8
calmat01
Posted 23 July 2013 - 03:40 PM

calmat01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
I ran TDSSKiller. It detected 7 suspicious threats. However, I could not see where to copy or save the log. It did not give me an option to save and when I tried to right click and select all to copy and paste, it wouldn't allow me to do so. So, I am currently trying to determine how to post the log.
  • 0

#9
Essexboy
Posted 24 July 2013 - 05:44 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Suspicious will not be a problem, if there was nothing to cure then the MBR is good

Are the alerts still apparent ?
  • 0

#10
calmat01
Posted 24 July 2013 - 05:54 PM

calmat01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
I left the laptop on for a day. No AVAST alerts appeared during the entire time. I believe I am ready for the next step in the process.
  • 0

#11
Essexboy
Posted 25 July 2013 - 06:18 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That's good it was probably Wajam causing the alerts

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run AdwCleaner and press uninstall
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
Posted Image


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#12
calmat01
Posted 26 July 2013 - 11:27 PM

calmat01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Thanks for all of your help. I have had no issues since I last reported to you.
  • 0

#13
Essexboy
Posted 27 July 2013 - 04:50 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP