[WilliamP]

I don't know how it got on the system but I would like to get rid of it. Can you please help?

[Advertisements]

Hello and welcome to Geeks to Go! My nickname is Pystryker , and I will be helping you with your issue today.

Please note: I am currently in training and all my fixes must be approved by my teacher before being posted. This gives you the advantage of having two people working to solve your problems.

Before we get started, I have a few things I need to go over with you

• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  
• Please subscribe to this topic. By subscribing, the board will notify you when a new reply is added to your topic. You can find instructions on how to do that by clicking here.

• If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  
  
• Please read through my instructions carefully and completely before executing them.
  
• Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  
• Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  
• This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  
• Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  
• Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  
• It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  
• If possible, please have your original Windows installation disks handy, just in case.
  
• If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  
• If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  
• Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  
• Please remember, the fixes are for your machine and your machine ONLY!

Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Now, let's get started, shall we?


Hi, let's run some scans and see what's going on. Please follow the instructions below.



Step 1: OTL Scan


Download OTL

Download OTL to your desktop by clicking here. If for some reason, that link is working, please click here for a secondary site.

• Close any open windows and then double click (Vists, Windows 7, 8, right click and then click Run as Administrator) the icon to start OTL.
  
• Please make sure the following boxes are checked.
  
• Scan All Users
• Use Company-Name WhiteList
• Skip Microsoft Files
• Use No-Company-Name Whitelist
• LOP Check
• Purity Check
  
• Please check Use Safelist is checked under Extra Registry.
  
• Copy the contents of the quote box below Do not copy the word quote! and paste them into the Custom Scans/Fixes box at the bottom of OTL's control panel.
  
  

  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  dir "%systemdrive%\*" /S /A:L /C
  

• Click the Run Scan button.

• Please do not interrupt the scanning process. It may take a while to complete the scan, so please be patient.
  
• When the scan is finished, it will generate 2 logs, OTL.txt and Extras.txt, each in a Notepad window. Both of these logs are saved in the same location as OTL. In this case, on your desktop.
  
• Please post each log in your next reply.

Step 2: aswMBR Scan

• Please download aswMBR.exe to your desktop.
  
• Double click the file to run it.
  
• It will ask if you want to download the latest Avast! virus definitions, please answer yes.

• Click the Scan button to begin the scan.

• Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  
• Click Exit

Things I need to see in your next post:

OTL Scan Log

OTL Extras Log

aswMBR Log

[pystryker]

Hello and welcome to Geeks to Go! My nickname is Pystryker , and I will be helping you with your issue today.

Please note: I am currently in training and all my fixes must be approved by my teacher before being posted. This gives you the advantage of having two people working to solve your problems.

Before we get started, I have a few things I need to go over with you

• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  
• Please subscribe to this topic. By subscribing, the board will notify you when a new reply is added to your topic. You can find instructions on how to do that by clicking here.

• If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  
  
• Please read through my instructions carefully and completely before executing them.
  
• Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  
• Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  
• This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  
• Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  
• Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  
• It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  
• If possible, please have your original Windows installation disks handy, just in case.
  
• If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  
• If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  
• Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  
• Please remember, the fixes are for your machine and your machine ONLY!

Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Now, let's get started, shall we?


Hi, let's run some scans and see what's going on. Please follow the instructions below.



Step 1: OTL Scan


Download OTL

Download OTL to your desktop by clicking here. If for some reason, that link is working, please click here for a secondary site.

• Close any open windows and then double click (Vists, Windows 7, 8, right click and then click Run as Administrator) the icon to start OTL.
  
• Please make sure the following boxes are checked.
  
• Scan All Users
• Use Company-Name WhiteList
• Skip Microsoft Files
• Use No-Company-Name Whitelist
• LOP Check
• Purity Check
  
• Please check Use Safelist is checked under Extra Registry.
  
• Copy the contents of the quote box below Do not copy the word quote! and paste them into the Custom Scans/Fixes box at the bottom of OTL's control panel.
  
  

  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  dir "%systemdrive%\*" /S /A:L /C
  

• Click the Run Scan button.

• Please do not interrupt the scanning process. It may take a while to complete the scan, so please be patient.
  
• When the scan is finished, it will generate 2 logs, OTL.txt and Extras.txt, each in a Notepad window. Both of these logs are saved in the same location as OTL. In this case, on your desktop.
  
• Please post each log in your next reply.

Step 2: aswMBR Scan

• Please download aswMBR.exe to your desktop.
  
• Double click the file to run it.
  
• It will ask if you want to download the latest Avast! virus definitions, please answer yes.

• Click the Scan button to begin the scan.

• Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  
• Click Exit

Things I need to see in your next post:

OTL Scan Log

OTL Extras Log

aswMBR Log

[WilliamP]

OTL.TXTOTL logfile created on: 10/11/2013 1:03:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lou\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.29 Gb Available Physical Memory | 78.77% Memory free
15.96 Gb Paging File | 14.22 Gb Available in Paging File | 89.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238.37 Gb Total Space | 156.47 Gb Free Space | 65.64% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 131.34 Gb Free Space | 88.12% Space Free | Partition Type: NTFS
Drive E: | 149.04 Gb Total Space | 103.84 Gb Free Space | 69.67% Space Free | Partition Type: NTFS

Computer Name: LOU-PC | User Name: Lou | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/10/11 12:54:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lou\Downloads\OTL.exe
PRC - [2013/10/03 13:49:01 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4barsvc.exe
PRC - [2013/10/03 13:49:01 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4brmon.exe
PRC - [2013/09/30 11:01:31 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/09/30 11:01:14 | 001,164,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
PRC - [2013/09/30 11:01:13 | 000,972,872 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
PRC - [2013/09/30 11:01:13 | 000,681,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/09/30 11:01:13 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/09/23 21:18:26 | 000,164,816 | ---- | M] (APN LLC.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2013/09/23 21:18:18 | 001,673,680 | ---- | M] (APN) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
PRC - [2013/09/05 10:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2012/05/30 02:08:28 | 001,842,384 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
PRC - [2012/02/20 15:54:08 | 001,666,560 | ---- | M] (AimerSoft) -- C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
PRC - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011/06/16 17:00:28 | 000,315,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/02/25 17:59:54 | 000,144,672 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Scrapbook Factory Deluxe 5.0\ReminderApp.exe
PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/09 14:37:33 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll
MOD - [2013/10/09 14:37:27 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/09 14:37:23 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll
MOD - [2013/10/09 14:37:23 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/10/09 14:37:18 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/02 17:57:39 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013/10/02 17:57:31 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\62f93ab850d8784b320de819666df705\System.Data.ni.dll
MOD - [2013/10/02 17:57:31 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5970036570c1e44e8ae0f6f94c1039aa\System.EnterpriseServices.ni.dll
MOD - [2013/10/02 17:57:31 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4ada2213cefea889a5ed6e2fb6839b93\System.Transactions.ni.dll
MOD - [2013/10/02 17:57:17 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/10/02 17:57:06 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/10/02 17:57:03 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/10/02 17:53:18 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2010/11/20 23:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/02/25 18:00:04 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Scrapbook Factory Deluxe 5.0\AddressBookCore.dll
MOD - [2010/02/25 17:59:54 | 000,144,672 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Scrapbook Factory Deluxe 5.0\ReminderApp.exe
MOD - [2010/02/25 17:40:04 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Scrapbook Factory Deluxe 5.0\en-US\ReminderApp.resources.dll
MOD - [2009/06/10 17:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/30 18:57:54 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/23 16:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2013/10/08 12:30:56 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/03 13:49:01 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4barsvc.exe -- (DictionaryBossService)
SRV - [2013/09/30 11:01:31 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/09/30 11:01:14 | 001,164,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe -- (AntiVirWebService)
SRV - [2013/09/30 11:01:13 | 000,972,872 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe -- (AntiVirMailService)
SRV - [2013/09/30 11:01:13 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/09/23 21:18:26 | 000,164,816 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2013/09/10 22:26:44 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/05 10:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/30 11:01:14 | 000,083,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\avnetflt.sys -- (avnetflt)
DRV:64bit: - [2013/09/30 11:01:13 | 000,132,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/09/30 11:01:13 | 000,105,856 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/09/30 11:01:13 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/08/30 20:11:28 | 012,528,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/08/30 18:32:32 | 000,618,496 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/07/05 04:40:38 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/26 18:37:16 | 000,374,320 | ---- | M] (TeraByte, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TBIMount.sys -- (TBIMount)
DRV:64bit: - [2012/10/30 22:20:58 | 000,034,424 | ---- | M] (TeraByte, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\phylock.sys -- (phylock)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/21 14:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
IE - HKLM\..\URLSearchHook: {2088f46c-e352-46dd-9434-bb81014359db} - C:\Program Files (x86)\Vafmusic8\prxtbVafm.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {33D796A8-3794-40F5-A714-ABBBE38D122B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-3603830166-4043132608-3735572350-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3603830166-4043132608-3735572350-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\S-1-5-21-3603830166-4043132608-3735572350-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKU\S-1-5-21-3603830166-4043132608-3735572350-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3603830166-4043132608-3735572350-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3603830166-4043132608-3735572350-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E1 F4 D0 2F 96 BF CE 01 [binary data]
IE - HKU\S-1-5-21-3603830166-4043132608-3735572350-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3603830166-4043132608-3735572350-1000\..\URLSearchHook: {e7472076-ff9d-4325-8eaf-613572008758} - No CLSID value found
IE - HKU\S-1-5-21-3603830166-4043132608-3735572350-1000\..\SearchScopes,DefaultScope = {33D796A8-3794-40F5-A714-ABBBE38D122B}
IE - HKU\S-1-5-21-3603830166-4043132608-3735572350-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-3603830166-4043132608-3735572350-1000\..\SearchScopes\{33D796A8-3794-40F5-A714-ABBBE38D122B}: "URL" = http://search.condui...9151418421&UM=2
IE - HKU\S-1-5-21-3603830166-4043132608-3735572350-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..CT3303001.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: "Vafmusic8 Customized Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Vafmusic8 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Vafmusic8 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..keyword.URL: "http://search.condui...399352&UM=2&q="
FF - prefs.js..keyword.enabled: false
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@DictionaryBoss.com/Plugin: C:\Program Files (x86)\DictionaryBoss\bar\1.bin\NPv4Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DictionaryBoss\bar\1.bin [2013/10/10 09:26:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/10/02 14:43:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lou\AppData\Roaming\Mozilla\Extensions
[2013/10/10 18:57:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\mm8a3wmr.default\extensions
[2013/09/23 21:19:03 | 000,744,112 | ---- | M] () (No name found) -- C:\Users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\mm8a3wmr.default\extensions\[email protected]
[2013/10/09 15:09:16 | 000,000,995 | ---- | M] () -- C:\Users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\mm8a3wmr.default\searchplugins\conduit.xml
[2013/10/02 14:43:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/02 14:43:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Vafmusic8 Toolbar) - {2088f46c-e352-46dd-9434-bb81014359db} - C:\Program Files (x86)\Vafmusic8\prxtbVafm.dll (Conduit Ltd.)
O2 - BHO: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
O2 - BHO: (Search Assistant BHO) - {58376892-60e7-4f63-aca0-0f686af554d6} - C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4SrcAs.dll (MindSpark)
O2 - BHO: (Toolbar BHO) - {6eb534fb-2001-45c4-b860-bc904865a379} - C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4bar.dll (MindSpark)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Vafmusic8 Toolbar) - {2088f46c-e352-46dd-9434-bb81014359db} - C:\Program Files (x86)\Vafmusic8\prxtbVafm.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DictionaryBoss) - {3042df7a-e900-4389-9b94-923df0daa57e} - C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4bar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
O3 - HKU\S-1-5-21-3603830166-4043132608-3735572350-1000\..\Toolbar\WebBrowser: (Vafmusic8 Toolbar) - {2088F46C-E352-46DD-9434-BB81014359DB} - C:\Program Files (x86)\Vafmusic8\prxtbVafm.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [DictionaryBoss Home Page Guard 64 bit] C:\Program Files (x86)\DictionaryBoss\bar\1.bin\AppIntegrator64.exe ()
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe (AimerSoft)
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DictionaryBoss Browser Plugin Loader] C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4brmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [DictionaryBoss Search Scope Monitor] C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4SrchMn.exe (MindSpark)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ReminderApp] C:\Program Files (x86)\Nova Development\Scrapbook Factory Deluxe 5.0\ReminderApp.exe ()
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3603830166-4043132608-3735572350-1000..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85561533-5071-4310-B8B8-666DC1587394}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/10 19:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/10 19:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/10/10 19:08:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/10 19:08:39 | 000,868,264 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/10/10 19:08:39 | 000,790,440 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/10/10 19:08:39 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/10/10 19:08:37 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/10/10 19:08:37 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/10/10 19:08:37 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/10 19:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/10 19:08:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/10/10 19:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/10/10 17:30:33 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\FileTypeAssistant
[2013/10/10 17:30:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Type Assistant
[2013/10/10 17:23:08 | 000,000,000 | ---D | C] -- C:\Users\Lou\Documents\MY_DVD
[2013/10/10 09:31:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/10/10 09:31:18 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/10/10 08:50:03 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\{E9EEA37B-1AE9-45A2-A11D-B287EA7BBC2E}
[2013/10/09 15:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/10/09 15:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab
[2013/10/09 15:12:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ClipGrab
[2013/10/09 15:09:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/10/09 15:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/10/09 15:09:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vafmusic8
[2013/10/09 15:09:25 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Conduit
[2013/10/09 15:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/10/09 15:09:16 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\SearchProtect
[2013/10/09 14:25:51 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/10/09 14:25:51 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/10/09 14:25:51 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/10/09 14:25:51 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/10/09 13:47:40 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Aimersoft
[2013/10/09 13:47:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aimersoft
[2013/10/09 13:47:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Aimersoft
[2013/10/09 13:47:34 | 000,000,000 | ---D | C] -- C:\Users\Lou\Documents\Aimersoft DVD Creator
[2013/10/09 13:47:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aimersoft
[2013/10/09 10:26:50 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\{48BA4DF1-F145-4BFC-ACD3-C59DA6A6AB1F}
[2013/10/08 13:05:37 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\{51480BA9-BA38-47A8-AA8A-A82568278B7B}
[2013/10/07 10:40:13 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\{D3FB485A-504A-4CB4-BEF5-94782A7A3964}
[2013/10/06 16:49:19 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\{B4517896-FF59-428A-A6B8-C4F2823B6CF1}
[2013/10/05 11:40:36 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\{EB98507D-5AC6-45D6-B26C-3ADFECA7C0D5}
[2013/10/05 11:40:36 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\{C5FBFCE2-3793-4406-AD99-2DE1666C8F06}
[2013/10/04 13:00:53 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\{8ECF6658-37D3-4B67-860B-215CB8C0818C}
[2013/10/03 18:47:43 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\ATI
[2013/10/03 18:47:43 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\ATI
[2013/10/03 18:47:43 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/10/03 18:47:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2013/10/03 18:47:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013/10/03 18:47:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2013/10/03 18:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2013/10/03 18:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2013/10/03 18:46:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013/10/03 18:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/10/03 18:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013/10/03 18:44:06 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013/10/03 18:12:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/10/03 18:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2013/10/03 18:05:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc
[2013/10/03 17:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013/10/03 17:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/10/03 17:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TBIView
[2013/10/03 17:34:15 | 000,374,320 | ---- | C] (TeraByte, Inc.) -- C:\Windows\SysNative\drivers\TBIMount.sys
[2013/10/03 17:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraByte Unlimited
[2013/10/03 17:34:14 | 000,034,424 | ---- | C] (TeraByte, Inc.) -- C:\Windows\SysNative\drivers\phylock.sys
[2013/10/03 17:34:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeraByte Unlimited
[2013/10/03 17:34:14 | 000,000,000 | ---D | C] -- C:\Users\Lou\Documents\My Backups
[2013/10/03 13:49:03 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\DictionaryBoss
[2013/10/03 13:49:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DictionaryBoss
[2013/10/03 11:18:31 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\{764A19A8-04A7-4D4E-AFA1-2D979ED2998E}
[2013/10/03 11:17:52 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\{654A7C9F-92C0-4961-BE62-AB7D9869F00E}
[2013/10/03 11:11:30 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\Canon
[2013/10/03 11:10:47 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Scansoft
[2013/10/03 11:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon CanoScan 8800F User Registration
[2013/10/03 11:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Presto! PageManager 7.15
[2013/10/03 11:09:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\NewSoft
[2013/10/03 11:09:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PDFView
[2013/10/03 11:09:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewSoft
[2013/10/03 11:09:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Color
[2013/10/03 11:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2013/10/03 11:08:31 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\ScanSoft
[2013/10/03 11:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSoft OmniPage SE 4
[2013/10/03 11:08:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ScanSoft Shared
[2013/10/03 11:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft
[2013/10/03 11:08:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScanSoft
[2013/10/03 11:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft PhotoStudio 5.5
[2013/10/03 11:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
[2013/10/03 11:07:19 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\PCDLIB32.DLL
[2013/10/03 10:30:30 | 000,000,000 | ---D | C] -- C:\Users\Lou\Documents\Quicken
[2013/10/03 09:58:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
[2013/10/03 09:58:55 | 004,200,024 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf400.dll
[2013/10/03 09:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2012
[2013/10/03 09:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
[2013/10/03 09:58:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quicken
[2013/10/03 09:58:26 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\Intuit
[2013/10/03 09:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2013/10/02 21:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2013/10/02 21:29:07 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\Canneverbe Limited
[2013/10/02 21:29:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2013/10/02 21:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
[2013/10/02 21:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2013/10/02 20:55:26 | 000,389,120 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLMBD.DLL
[2013/10/02 20:50:25 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Citi-Software
[2013/10/02 20:50:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citi-Software
[2013/10/02 20:37:16 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\Malwarebytes
[2013/10/02 20:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/02 20:37:13 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/10/02 20:37:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/10/02 20:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/02 20:36:55 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Programs
[2013/10/02 20:33:27 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\SUPERAntiSpyware.com
[2013/10/02 20:33:27 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Google
[2013/10/02 20:33:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/10/02 20:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/10/02 20:33:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/10/02 20:33:25 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/10/02 20:08:54 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Macromedia
[2013/10/02 20:08:49 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/02 20:08:49 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/02 20:08:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/10/02 19:02:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2013/10/02 19:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2013/10/02 19:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon CanoScan 8800F Manual
[2013/10/02 18:59:57 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2013/10/02 18:59:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2013/10/02 18:21:57 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Nova Development
[2013/10/02 18:19:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/10/02 18:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013/10/02 18:19:42 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\Macromedia
[2013/10/02 18:19:42 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Adobe
[2013/10/02 18:19:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013/10/02 18:18:06 | 000,055,856 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2013/10/02 18:18:06 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys
[2013/10/02 18:18:06 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys
[2013/10/02 18:17:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2013/10/02 18:17:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2013/10/02 18:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/10/02 18:16:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/10/02 18:15:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/10/02 18:12:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nova Development
[2013/10/02 18:04:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nova Development
[2013/10/02 18:04:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nova Development
[2013/10/02 18:00:37 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer
[2013/10/02 18:00:36 | 003,715,072 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf300.dll
[2013/10/02 18:00:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Web Publish
[2013/10/02 18:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Print Shop 23.1
[2013/10/02 17:59:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Broderbund
[2013/10/02 17:59:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Print Shop 23.1
[2013/10/02 17:57:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/10/02 17:56:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2013/10/02 17:19:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2013/10/02 16:38:29 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/10/02 15:53:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/10/02 15:53:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/10/02 15:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/10/02 15:52:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013/10/02 15:52:25 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Microsoft Help
[2013/10/02 15:52:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/10/02 15:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013/10/02 15:52:18 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/10/02 15:48:29 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2013/10/02 15:48:29 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2013/10/02 15:48:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/10/02 15:45:51 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/10/02 15:43:12 | 000,000,000 | ---D | C] -- C:\Users\Lou\Documents\PrintScreen Files
[2013/10/02 15:43:12 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
[2013/10/02 15:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
[2013/10/02 15:43:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gadwin Systems
[2013/10/02 15:39:07 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/10/02 15:16:24 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\{15BD6C63-A0FE-45B0-B8FA-C3508BF71DFB}
[2013/10/02 15:16:11 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\Windows Live Writer
[2013/10/02 15:16:11 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Windows Live Writer
[2013/10/02 15:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013/10/02 15:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013/10/02 15:11:22 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/10/02 15:10:28 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Windows Live
[2013/10/02 15:10:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013/10/02 15:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/10/02 15:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/10/02 14:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork
[2013/10/02 14:58:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AskPartnerNetwork
[2013/10/02 14:58:08 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/10/02 14:57:56 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\Avira
[2013/10/02 14:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/10/02 14:57:43 | 000,132,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/10/02 14:57:43 | 000,105,856 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/10/02 14:57:43 | 000,083,160 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013/10/02 14:57:43 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013/10/02 14:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/10/02 14:57:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013/10/02 14:51:12 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/10/02 14:43:09 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\Mozilla
[2013/10/02 14:43:09 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Mozilla
[2013/10/02 14:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/10/02 14:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/10/02 14:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/10/02 14:27:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/10/02 14:27:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/10/02 14:26:22 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\Adobe
[2013/10/02 14:17:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/10/02 14:12:51 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2013/10/02 14:12:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2013/10/02 14:12:48 | 000,385,024 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLMAF.DLL
[2013/10/02 13:37:29 | 000,471,144 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013/10/02 13:37:29 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2013/10/02 13:37:25 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/10/02 13:37:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013/10/02 13:32:31 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Diagnostics
[2013/10/02 12:47:06 | 000,000,000 | R--D | C] -- C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/10/02 12:47:06 | 000,000,000 | R--D | C] -- C:\Users\Lou\Searches
[2013/10/02 12:47:06 | 000,000,000 | R--D | C] -- C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/10/02 12:47:06 | 000,000,000 | -H-D | C] -- C:\Users\Lou\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/10/02 12:47:00 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\Identities
[2013/10/02 12:46:59 | 000,000,000 | R--D | C] -- C:\Users\Lou\Contacts
[2013/10/02 12:46:59 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\VirtualStore
[2013/10/02 12:46:57 | 000,000,000 | --SD | C] -- C:\Users\Lou\AppData\Roaming\Microsoft
[2013/10/02 12:46:57 | 000,000,000 | R--D | C] -- C:\Users\Lou\Videos
[2013/10/02 12:46:57 | 000,000,000 | R--D | C] -- C:\Users\Lou\Saved Games
[2013/10/02 12:46:57 | 000,000,000 | R--D | C] -- C:\Users\Lou\Pictures
[2013/10/02 12:46:57 | 000,000,000 | R--D | C] -- C:\Users\Lou\Music
[2013/10/02 12:46:57 | 000,000,000 | R--D | C] -- C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/10/02 12:46:57 | 000,000,000 | R--D | C] -- C:\Users\Lou\Links
[2013/10/02 12:46:57 | 000,000,000 | R--D | C] -- C:\Users\Lou\Favorites
[2013/10/02 12:46:57 | 000,000,000 | R--D | C] -- C:\Users\Lou\Downloads
[2013/10/02 12:46:57 | 000,000,000 | R--D | C] -- C:\Users\Lou\Documents
[2013/10/02 12:46:57 | 000,000,000 | R--D | C] -- C:\Users\Lou\Desktop
[2013/10/02 12:46:57 | 000,000,000 | R--D | C] -- C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\AppData\Local\Temporary Internet Files
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\Templates
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\Start Menu
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\SendTo
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\Recent
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\PrintHood
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\NetHood
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\Documents\My Videos
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\Documents\My Pictures
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\Documents\My Music
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\My Documents
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\Local Settings
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\AppData\Local\History
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\Cookies
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\Application Data
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\AppData\Local\Application Data
[2013/10/02 12:46:57 | 000,000,000 | -H-D | C] -- C:\Users\Lou\AppData
[2013/10/02 12:46:57 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Temp
[2013/10/02 12:46:57 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Microsoft
[2013/10/02 12:46:57 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\Media Center Programs
[2013/10/01 11:24:22 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/09/30 11:22:47 | 000,000,000 | ---D | C] -- C:\TEMP
[2013/09/25 16:31:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/25 11:28:53 | 000,000,000 | ---D | C] -- C:\AdwCleaner

========== Files - Modified Within 30 Days ==========

[2013/10/11 12:19:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/11 10:30:52 | 000,028,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/11 10:30:52 | 000,028,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/11 10:27:56 | 000,795,074 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/11 10:27:56 | 000,670,828 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/11 10:27:56 | 000,125,954 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/11 10:23:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/11 10:23:37 | 2133,835,775 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/10 19:08:33 | 000,868,264 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/10/10 19:08:33 | 000,790,440 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/10/10 19:08:33 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/10/10 19:08:33 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/10/10 19:08:33 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/10/10 19:08:33 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/10 09:31:18 | 000,002,965 | ---- | M] () -- C:\Users\Lou\Desktop\HiJackThis.lnk
[2013/10/09 15:12:21 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\ClipGrab.lnk
[2013/10/09 15:09:44 | 000,000,009 | ---- | M] () -- C:\END
[2013/10/09 14:34:10 | 001,220,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/09 14:33:01 | 000,787,196 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/09 13:47:39 | 000,001,180 | ---- | M] () -- C:\Users\Lou\Desktop\Aimersoft DVD Creator.lnk
[2013/10/08 12:30:56 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/08 12:30:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/07 20:02:19 | 000,001,837 | ---- | M] () -- C:\Users\Lou\Desktop\PrintScreen Files - Shortcut.lnk
[2013/10/06 18:23:19 | 003,238,600 | ---- | M] () -- C:\Users\Lou\Documents\SS in-service 1.sbk
[2013/10/05 20:06:37 | 000,005,632 | ---- | M] () -- C:\Users\Lou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/03 18:05:57 | 000,002,148 | ---- | M] () -- C:\Users\Lou\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2013/10/03 18:05:57 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2013/10/03 17:34:15 | 000,001,390 | ---- | M] () -- C:\Users\Lou\Desktop\Image for Windows.lnk
[2013/10/03 15:03:12 | 000,000,237 | ---- | M] () -- C:\Users\Lou\Desktop\Pronunciatio.URL
[2013/10/03 13:35:19 | 000,000,228 | ---- | M] () -- C:\Users\Lou\Desktop\DeltaNet.URL
[2013/10/03 13:35:16 | 000,000,232 | ---- | M] () -- C:\Users\Lou\Desktop\Delta Credit Union.URL
[2013/10/03 13:26:46 | 000,000,206 | ---- | M] () -- C:\Users\Lou\Desktop\DLTK's Crafts for Kids.URL
[2013/10/03 11:10:08 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Canon CanoScan 8800F User Registration.LNK
[2013/10/03 11:09:46 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Presto! PageManager 7.15.lnk
[2013/10/03 11:09:34 | 000,000,264 | ---- | M] () -- C:\Windows\setup.iss
[2013/10/03 11:08:33 | 000,000,424 | ---- | M] () -- C:\Windows\MAXLINK.INI
[2013/10/03 11:06:40 | 000,002,043 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2013/10/03 11:06:31 | 000,002,099 | ---- | M] () -- C:\Users\Public\Desktop\MP Navigator EX 1.0.lnk
[2013/10/03 11:06:08 | 000,002,347 | ---- | M] () -- C:\Users\Public\Desktop\CanoScan 8800F On-screen Manual.lnk
[2013/10/03 09:58:53 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\Quicken Deluxe 2012.lnk
[2013/10/03 09:58:48 | 000,000,126 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2013/10/02 22:25:59 | 000,000,468 | ---- | M] () -- C:\Users\Lou\Desktop\Photo Stor (D) - Shortcut.lnk
[2013/10/02 21:29:07 | 000,001,945 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2013/10/02 21:20:07 | 000,000,836 | ---- | M] () -- C:\Users\Lou\Desktop\WhoCrashed.lnk
[2013/10/02 20:50:04 | 000,003,059 | ---- | M] () -- C:\Users\Lou\Desktop\PASSWORDSAccess Manager 2.lnk
[2013/10/02 20:37:14 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/02 20:33:26 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/10/02 18:18:06 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 10.lnk
[2013/10/02 18:12:00 | 000,002,769 | ---- | M] () -- C:\Users\Public\Desktop\Scrapbook Factory Deluxe.lnk
[2013/10/02 18:00:32 | 000,002,645 | ---- | M] () -- C:\Users\Public\Desktop\The Print Shop 23.1.lnk
[2013/10/02 18:00:32 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Broderbund.com.lnk
[2013/10/02 18:00:32 | 000,001,942 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk
[2013/10/02 15:53:51 | 000,003,021 | ---- | M] () -- C:\Users\Lou\Desktop\Microsoft Word 2010.lnk
[2013/10/02 15:53:51 | 000,002,951 | ---- | M] () -- C:\Users\Lou\Desktop\Microsoft Excel 2010.lnk
[2013/10/02 15:40:47 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/10/02 15:40:46 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/10/02 15:39:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/10/02 15:23:42 | 000,001,458 | ---- | M] () -- C:\Users\Lou\Desktop\Windows Live Mail.lnk
[2013/10/02 15:02:19 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/10/02 14:43:02 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/10/02 14:25:57 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013/10/02 14:07:27 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/10/02 14:07:27 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/10/02 13:17:30 | 000,001,441 | ---- | M] () -- C:\Users\Lou\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/30 11:01:14 | 000,083,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013/09/30 11:01:13 | 000,132,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/09/30 11:01:13 | 000,105,856 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/09/30 11:01:13 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys

========== Files Created - No Company Name ==========

[2013/10/10 09:31:18 | 000,002,965 | ---- | C] () -- C:\Users\Lou\Desktop\HiJackThis.lnk
[2013/10/09 15:12:21 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\ClipGrab.lnk
[2013/10/09 15:09:04 | 000,000,009 | ---- | C] () -- C:\END
[2013/10/09 13:47:39 | 000,001,180 | ---- | C] () -- C:\Users\Lou\Desktop\Aimersoft DVD Creator.lnk
[2013/10/07 20:02:19 | 000,001,837 | ---- | C] () -- C:\Users\Lou\Desktop\PrintScreen Files - Shortcut.lnk
[2013/10/06 18:11:03 | 003,238,600 | ---- | C] () -- C:\Users\Lou\Documents\SS in-service 1.sbk
[2013/10/05 20:06:34 | 000,005,632 | ---- | C] () -- C:\Users\Lou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/03 18:05:57 | 000,002,148 | ---- | C] () -- C:\Users\Lou\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2013/10/03 18:05:57 | 000,002,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2013/10/03 18:05:57 | 000,002,124 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2013/10/03 17:34:15 | 000,091,224 | ---- | C] () -- C:\Windows\tbicd2hd.exe
[2013/10/03 17:34:15 | 000,001,390 | ---- | C] () -- C:\Users\Lou\Desktop\Image for Windows.lnk
[2013/10/03 15:03:12 | 000,000,237 | ---- | C] () -- C:\Users\Lou\Desktop\Pronunciatio.URL
[2013/10/03 13:35:19 | 000,000,228 | ---- | C] () -- C:\Users\Lou\Desktop\DeltaNet.URL
[2013/10/03 13:35:16 | 000,000,232 | ---- | C] () -- C:\Users\Lou\Desktop\Delta Credit Union.URL
[2013/10/03 13:26:46 | 000,000,206 | ---- | C] () -- C:\Users\Lou\Desktop\DLTK's Crafts for Kids.URL
[2013/10/03 11:09:46 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Presto! PageManager 7.15.lnk
[2013/10/03 11:09:34 | 000,009,606 | ---- | C] () -- C:\Windows\SysNative\NEWSOFT
[2013/10/03 11:09:28 | 000,000,264 | ---- | C] () -- C:\Windows\setup.iss
[2013/10/03 11:09:20 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2013/10/03 11:08:33 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2013/10/03 11:06:40 | 000,002,043 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2013/10/03 11:06:31 | 000,002,099 | ---- | C] () -- C:\Users\Public\Desktop\MP Navigator EX 1.0.lnk
[2013/10/03 09:58:53 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Deluxe 2012.lnk
[2013/10/03 09:58:25 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2013/10/02 22:25:59 | 000,000,468 | ---- | C] () -- C:\Users\Lou\Desktop\Photo Stor (D) - Shortcut.lnk
[2013/10/02 21:29:07 | 000,001,945 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2013/10/02 21:29:07 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2013/10/02 21:20:07 | 000,000,836 | ---- | C] () -- C:\Users\Lou\Desktop\WhoCrashed.lnk
[2013/10/02 20:50:04 | 000,003,059 | ---- | C] () -- C:\Users\Lou\Desktop\PASSWORDSAccess Manager 2.lnk
[2013/10/02 20:50:04 | 000,003,019 | ---- | C] () -- C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Access Manager 2.lnk
[2013/10/02 20:37:14 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/02 20:33:26 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/10/02 20:14:09 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/10/02 20:08:49 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/02 19:04:04 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Canon CanoScan 8800F User Registration.LNK
[2013/10/02 19:00:12 | 000,002,347 | ---- | C] () -- C:\Users\Public\Desktop\CanoScan 8800F On-screen Manual.lnk
[2013/10/02 18:19:51 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2013/10/02 18:18:06 | 000,001,912 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 10.lnk
[2013/10/02 18:18:06 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 10.lnk
[2013/10/02 18:12:00 | 000,002,769 | ---- | C] () -- C:\Users\Public\Desktop\Scrapbook Factory Deluxe.lnk
[2013/10/02 18:00:32 | 000,002,645 | ---- | C] () -- C:\Users\Public\Desktop\The Print Shop 23.1.lnk
[2013/10/02 18:00:32 | 000,001,948 | ---- | C] () -- C:\Users\Public\Desktop\Broderbund.com.lnk
[2013/10/02 18:00:32 | 000,001,942 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk
[2013/10/02 17:56:51 | 000,787,196 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/02 15:53:51 | 000,003,021 | ---- | C] () -- C:\Users\Lou\Desktop\Microsoft Word 2010.lnk
[2013/10/02 15:53:51 | 000,002,951 | ---- | C] () -- C:\Users\Lou\Desktop\Microsoft Excel 2010.lnk
[2013/10/02 15:40:43 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/10/02 15:40:42 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/10/02 15:39:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/10/02 15:23:42 | 000,001,458 | ---- | C] () -- C:\Users\Lou\Desktop\Windows Live Mail.lnk
[2013/10/02 15:19:31 | 2133,835,775 | -HS- | C] () -- C:\hiberfil.sys
[2013/10/02 15:13:24 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013/10/02 15:02:19 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/10/02 14:43:02 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/10/02 14:43:02 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/10/02 14:25:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/10/02 14:11:06 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/10/02 14:07:27 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/10/02 14:07:27 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/10/02 13:58:57 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/10/02 13:37:29 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2013/10/02 13:17:30 | 000,001,441 | ---- | C] () -- C:\Users\Lou\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/10/02 12:47:07 | 000,001,417 | ---- | C] () -- C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/10/02 12:46:57 | 000,000,290 | ---- | C] () -- C:\Users\Lou\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/10/02 12:46:57 | 000,000,272 | ---- | C] () -- C:\Users\Lou\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/08/30 19:53:48 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/08/30 19:47:50 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/08/30 19:47:50 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/08/30 19:04:52 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/08/30 19:04:52 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/02 21:29:07 | 000,000,000 | ---D | M] -- C:\Users\Lou\AppData\Roaming\Canneverbe Limited
[2013/10/03 11:15:29 | 000,000,000 | ---D | M] -- C:\Users\Lou\AppData\Roaming\Canon
[2013/10/03 11:08:31 | 000,000,000 | ---D | M] -- C:\Users\Lou\AppData\Roaming\ScanSoft
[2013/10/10 09:26:01 | 000,000,000 | ---D | M] -- C:\Users\Lou\AppData\Roaming\SearchProtect
[2013/10/02 17:28:24 | 000,000,000 | ---D | M] -- C:\Users\Lou\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/09/23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/09/05 10:04:00 | 000,559,090 | ---- | M] () MD5=8ADD48E413D05BF2E7AEC00173DDFABC -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.CSS >
[2011/09/16 19:47:38 | 000,000,093 | ---- | M] () MD5=F15FB82C578490B209442B8C1D5076CC -- C:\ProgramData\Intuit\Quicken\Inet\Common\Localweb\Services\Services.css
[2011/09/16 19:47:38 | 000,000,093 | ---- | M] () MD5=F15FB82C578490B209442B8C1D5076CC -- C:\Users\All Users\Intuit\Quicken\Inet\Common\Localweb\Services\Services.css

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2011/04/12 04:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2011/04/12 04:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.INI >
[2011/09/16 19:47:38 | 000,000,012 | ---- | M] () MD5=810C4D394B59FF7116A0CD6052286C41 -- C:\ProgramData\Intuit\Quicken\Inet\Common\Localweb\Services\Services.ini
[2011/09/16 19:47:38 | 000,000,012 | ---- | M] () MD5=810C4D394B59FF7116A0CD6052286C41 -- C:\Users\All Users\Intuit\Quicken\Inet\Common\Localweb\Services\Services.ini

< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2011/04/12 04:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2011/04/12 04:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2011/04/12 04:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2011/04/12 04:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is E031-BC85
Directory of C:\
07/14/2009 01:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 01:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 01:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 01:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 01:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 01:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 01:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 01:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 01:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Lou
10/02/2013 12:46 PM <JUNCTION> Application Data [C:\Users\Lou\AppData\Roaming]
10/02/2013 12:46 PM <JUNCTION> Cookies [C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Cookies]
10/02/2013 12:46 PM <JUNCTION> Local Settings [C:\Users\Lou\AppData\Local]
10/02/2013 12:46 PM <JUNCTION> My Documents [C:\Users\Lou\Documents]
10/02/2013 12:46 PM <JUNCTION> NetHood [C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/02/2013 12:46 PM <JUNCTION> PrintHood [C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/02/2013 12:46 PM <JUNCTION> Recent [C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Recent]
10/02/2013 12:46 PM <JUNCTION> SendTo [C:\Users\Lou\AppData\Roaming\Microsoft\Windows\SendTo]
10/02/2013 12:46 PM <JUNCTION> Start Menu [C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu]
10/02/2013 12:46 PM <JUNCTION> Templates [C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Lou\AppData\Local
10/02/2013 12:46 PM <JUNCTION> Application Data [C:\Users\Lou\AppData\Local]
10/02/2013 12:46 PM <JUNCTION> History [C:\Users\Lou\AppData\Local\Microsoft\Windows\History]
10/02/2013 12:46 PM <JUNCTION> Temporary Internet Files [C:\Users\Lou\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Lou\Documents
10/02/2013 12:46 PM <JUNCTION> My Music [C:\Users\Lou\Music]
10/02/2013 12:46 PM <JUNCTION> My Pictures [C:\Users\Lou\Pictures]
10/02/2013 12:46 PM <JUNCTION> My Videos [C:\Users\Lou\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
50 Dir(s) 168,007,921,664 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:CF08C48A

< End of report >

[WilliamP]

Extras.txtOTL Extras logfile created on: 10/11/2013 1:03:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lou\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.29 Gb Available Physical Memory | 78.77% Memory free
15.96 Gb Paging File | 14.22 Gb Available in Paging File | 89.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238.37 Gb Total Space | 156.47 Gb Free Space | 65.64% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 131.34 Gb Free Space | 88.12% Space Free | Partition Type: NTFS
Drive E: | 149.04 Gb Total Space | 103.84 Gb Free Space | 69.67% Space Free | Partition Type: NTFS

Computer Name: LOU-PC | User Name: Lou | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3603830166-4043132608-3735572350-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2CCCB5DE-E25D-43F2-A8A2-31F61087C63B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{59B78244-842F-451A-98E6-3B8D1FC638D8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06958969-E977-4B91-B41E-A122FBDF70A6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{4245A258-A500-4082-B3CD-D5763B09C8EA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{7C803BAE-F977-45A9-A4D0-3FC7570D5639}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |
"{99891CB1-7CD4-4E99-BC36-462C18EB67E0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series" = Canon iP4800 series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4805" = CanoScan 8800F
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1E9871B6-7C44-9A3A-A1C0-F9729663C7F5}" = AMD Catalyst Install Manager
"{67631D8E-EB7F-5D02-002C-D682BCF1D3EB}" = AMD Accelerated Video Transcoding
"{69045C17-66CE-1316-6CC9-7EA496D1F6EA}" = ccc-utility64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{CC7BE036-EA2E-5EED-2820-EF42498025DA}" = AMD Drag and Drop Transcoding
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{FFCEA5CD-93FE-F0DB-57AB-0E0A62F0214A}" = AMD Media Foundation Decoders
"CCleaner" = CCleaner
"WhoCrashed_is1" = WhoCrashed 4.02

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07B98CCD-72B4-7F02-F9C1-B0410BA81580}" = CCC Help Norwegian
"{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C8C6F56-41FA-44F6-8107-DCFAA7EFD601}" = The Print Shop 23.1
"{0D66D9EB-2DAE-599C-92D0-E2E6CCAA0666}" = CCC Help Japanese
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{1CA07BFA-8F7C-80CA-0A69-EAA93C7C7744}" = CCC Help Chinese Traditional
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{239D758B-F854-D61D-AC4E-1AAA9654426F}" = CCC Help French
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
"{2B2782F8-929D-AE80-1297-488D7590D208}" = CCC Help Portuguese
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{31DF9E67-DA8A-5C06-BBAD-3B3BCB5B2304}" = CCC Help Polish
"{41564952-412D-5637-00A7-A758B70C0501}" = Avira SearchFree Toolbar
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3BF70D-19A9-F87B-7B8B-8BADDFF9C8A5}" = CCC Help Finnish
"{51853D9B-0D96-7A31-88D7-8520B50373F0}" = CCC Help Italian
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{580B86B2-0E0F-996C-0045-38D0B681B16E}" = CCC Help Danish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7C3B6C59-CB8F-46B1-AAAA-61CD39570611}" = Access Manager 2
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{8624569E-94AE-EF90-92E2-6AD8E5A617ED}" = AMD Catalyst Control Center
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{88B2ABCF-9C00-47C1-8FC4-369B98845DD7}" = Catalyst Control Center - Branding
"{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1" = ClipGrab 3.2.0.10
"{8A6F6649-5244-9C2E-80CD-AD49603321AF}" = CCC Help German
"{8BF66753-6750-D41C-43EB-F64C54A8E80D}" = CCC Help Chinese Standard
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EA39464-1316-0125-7FD8-E74B49ADB429}" = CCC Help Turkish
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90D2DF70-F0E8-2CA3-F3B9-DD7CE267BB19}" = Catalyst Control Center Graphics Previews Common
"{9785513D-0335-E199-3AC0-74DF83246F20}" = CCC Help Czech
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A049FD86-61DA-E6DB-2602-0065CB7D4414}" = CCC Help Greek
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A7B4D968-7FB7-2CD3-9792-5ACCAECAC72E}" = CCC Help Korean
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B05FBD47-2A22-2259-E65C-A2D3FB647A6A}" = CCC Help Russian
"{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}" = ScanSoft OmniPage SE 4
"{B328A1B9-D169-FBA9-F4AF-806E0046F89A}" = CCC Help Spanish
"{B5BE22C7-420A-5F14-A1B9-4AB3F3DE0A3E}" = Catalyst Control Center InstallProxy
"{BE73543D-E7A0-01D8-7866-C05693BB6BBE}" = CCC Help English
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6A8CB97-FC39-4B9A-9FEA-8AAD6D12E66A}" = Scrapbook Factory Deluxe 5.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9E34320-D91C-E961-D902-B60788EAA26E}" = CCC Help Hungarian
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF4CBDE3-8789-A589-46F2-7F5B78092D5F}" = CCC Help Swedish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EC2D4C8B-D8BF-7E06-C094-26B4CE84BF8C}" = CCC Help Dutch
"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FB474A6C-CB62-AA42-A618-2EA58F0F2504}" = Catalyst Control Center Localization All
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFB3193B-D922-DD38-B218-EB86DD3F3FAD}" = CCC Help Thai
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Aimersoft DVD Creator_is1" = Aimersoft DVD Creator(Build 2.6.5)
"Avira AntiVir Desktop" = Avira Antivirus Suite
"Belarc Advisor" = Belarc Advisor 8.3
"Canon CanoScan 8800F User Registration" = Canon CanoScan 8800F User Registration
"CanonSolutionMenu" = Canon Utilities Solution Menu
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"DictionaryBossbar Uninstall Firefox" = DictionaryBoss Firefox Toolbar
"DictionaryBossbar Uninstall Internet Explorer" = DictionaryBoss Internet Explorer Toolbar
"DMUninstaller" = DMUninstaller
"Gadwin PrintScreen" = Gadwin PrintScreen
"Image for Windows (V2)_is1" = Image for Windows 2.83 Trial
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"TBIView_is1" = TBIView 4.32 - TBIMount 1.10
"Trusted Software Assistant_is1" = File Type Assistant
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/10/2013 9:33:32 PM | Computer Name = Lou-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 10/10/2013 9:33:32 PM | Computer Name = Lou-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 10/10/2013 9:33:32 PM | Computer Name = Lou-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 10/10/2013 9:33:32 PM | Computer Name = Lou-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 10/10/2013 9:33:32 PM | Computer Name = Lou-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 10/10/2013 9:33:32 PM | Computer Name = Lou-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 10/10/2013 9:33:32 PM | Computer Name = Lou-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 10/10/2013 9:33:32 PM | Computer Name = Lou-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 10/10/2013 9:35:16 PM | Computer Name = Lou-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/11/2013 10:25:33 AM | Computer Name = Lou-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 10/9/2013 10:24:55 AM | Computer Name = Lou-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 10/9/2013 2:36:27 PM | Computer Name = Lou-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 10/9/2013 2:36:27 PM | Computer Name = Lou-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 10/9/2013 2:36:28 PM | Computer Name = Lou-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.

Error - 10/9/2013 2:36:28 PM | Computer Name = Lou-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 10/10/2013 8:48:09 AM | Computer Name = Lou-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:58:08 PM on ?10/?9/?2013 was unexpected.

Error - 10/10/2013 8:48:20 AM | Computer Name = Lou-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 10/10/2013 8:48:20 AM | Computer Name = Lou-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 10/10/2013 9:33:32 PM | Computer Name = Lou-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 10/10/2013 9:33:32 PM | Computer Name = Lou-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.


< End of report >

[WilliamP]

aswMBR LogaswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-11 13:25:23
-----------------------------
13:25:23.450 OS Version: Windows x64 6.1.7601 Service Pack 1
13:25:23.450 Number of processors: 8 586 0x2A07
13:25:23.450 ComputerName: LOU-PC UserName: Lou
13:25:23.684 Initialize success
13:27:56.883 AVAST engine defs: 13101001
13:28:08.661 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
13:28:08.661 Disk 0 Vendor: M4-CT256M4SSD2 000F Size: 244198MB BusType: 11
13:28:08.661 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-4
13:28:08.661 Disk 1 Vendor: ST3160318AS CC38 Size: 152626MB BusType: 11
13:28:08.661 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP7T0L0-7
13:28:08.677 Disk 2 Vendor: ST3160813AS CC2J Size: 152626MB BusType: 11
13:28:08.677 Disk 0 MBR read successfully
13:28:08.677 Disk 0 MBR scan
13:28:08.692 Disk 0 Windows 7 default MBR code
13:28:08.692 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:28:08.692 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 244096 MB offset 206848
13:28:08.708 Disk 0 scanning C:\Windows\system32\drivers
13:28:13.279 Service scanning
13:28:19.815 Modules scanning
13:28:19.815 Disk 0 trace - called modules:
13:28:19.831 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
13:28:19.831 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007db1790]
13:28:19.831 3 CLASSPNP.SYS[fffff8800193643f] -> nt!IofCallDriver -> [0xfffffa8007b7b520]
13:28:19.846 5 ACPI.sys[fffff88000f5e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8007b85060]
13:28:20.065 AVAST engine scan C:\Windows
13:28:20.611 AVAST engine scan C:\Windows\system32
13:29:27.800 AVAST engine scan C:\Windows\system32\drivers
13:29:30.717 AVAST engine scan C:\Users\Lou
13:29:38.393 AVAST engine scan C:\ProgramData
13:30:13.212 Scan finished successfully
13:30:23.882 Disk 0 MBR has been saved successfully to "C:\Users\Lou\Downloads\MBR.dat"
13:30:23.898 The log file has been saved successfully to "C:\Users\Lou\Downloads\aswMBR.txt"

[pystryker]

Hi, we have some work to do, so let's get started.

Step 1

Please disable your anti-virus and anti-spyware programs before we begin, you can re-enable them after we are done.

Also, one of your anti-virus programs Avira comes bundled with the Ask Toolbar these days. Our fixes will remove the toolbar, and may interfere with Avira's operation. I suggest a new antivirus program and uninstall Avira.

Here are a couple of suggestions. Avast is a good one, and is light on system resources.

Avast
Microsoft Security Essentials


Windows Fix It

You have Windows Sidebar running on your machine and it is known to have some security problems. Microsoft Corporation has an article about these issues, and you can read it by clicking here . Please disable it by using Fix It.

You can download Fix It by clicking here.


Step 2: OTL Fix


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the dektop and icons, they will return on reboot.

Run OTL

• Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

:Commands
[createrestorepoint]

:OTL
SRV - [2013/09/23 21:18:26 | 000,164,816 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
IE - HKLM\..\URLSearchHook: {2088f46c-e352-46dd-9434-bb81014359db} - C:\Program Files (x86)\Vafmusic8\prxtbVafm.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {33D796A8-3794-40F5-A714-ABBBE38D122B}
IE - HKU\S-1-5-21-3603830166-4043132608-3735572350-1000\..\URLSearchHook: {e7472076-ff9d-4325-8eaf-613572008758} - No CLSID value found
IE - HKU\S-1-5-21-3603830166-4043132608-3735572350-1000\..\SearchScopes,DefaultScope = {33D796A8-3794-40F5-A714-ABBBE38D122B}
IE - HKU\S-1-5-21-3603830166-4043132608-3735572350-1000\..\SearchScopes\{33D796A8-3794-40F5-A714-ABBBE38D122B}: "URL" = http://search.condui...9151418421&UM=2
FF - prefs.js..browser.search.defaultenginename: "Vafmusic8 Customized Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Vafmusic8 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Vafmusic8 Customized Web Search"
FF - prefs.js..keyword.URL: "http://search.condui...399352&UM=2&q="
[2013/10/09 15:09:16 | 000,000,995 | ---- | M] () -- C:\Users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\mm8a3wmr.default\searchplugins\conduit.xml
O2 - BHO: (Vafmusic8 Toolbar) - {2088f46c-e352-46dd-9434-bb81014359db} - C:\Program Files (x86)\Vafmusic8\prxtbVafm.dll (Conduit Ltd.)
O2 - BHO: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
O3 - HKLM\..\Toolbar: (Vafmusic8 Toolbar) - {2088f46c-e352-46dd-9434-bb81014359db} - C:\Program Files (x86)\Vafmusic8\prxtbVafm.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3603830166-4043132608-3735572350-1000\..\Toolbar\WebBrowser: (Vafmusic8 Toolbar) - {2088F46C-E352-46DD-9434-BB81014359DB} - C:\Program Files (x86)\Vafmusic8\prxtbVafm.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
[2013/10/09 15:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/10/09 15:09:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vafmusic8
[2013/10/09 15:09:25 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Conduit
[2013/10/09 15:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/10/09 15:09:16 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\SearchProtect
[2013/10/02 14:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork
[2013/10/02 14:58:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AskPartnerNetwork

:Commands
[emptytemp]

• Click the Run Fix button at the top of the OTL control panel.
  
• Let the program run until it's finished and then reboot the computer.
  
• Once your machine has rebooted, a log will open. Please attach that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Step 3: AdwCleaner

I see that you have AdwCleaner on your machine, we'll run it again to get rid any remnants.

Double-click AdwCleaner.exe to run the tool again. If you have deleted it, download it to your desktop by clicking here.

• Click the Scan button.
  Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
• AdwCleaner will begin to scan your computer like it did before.
• After the scan has finished...
• This time click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Step 4: Junkware Removal Tool


Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 5: OTL Quick Scan


Open OTL and click the Quick Scan button.

When it finishes, it will produce a log. Please post that log in your next reply as well.



Things I need to see in your next post:

• OTL Fix Log
  
• AdwCleaner Log
  
• Junkware Removal Log
  
• OTL Quick Scan Log
  
• How is the computer running now?

[WilliamP]

OTL Fix LogAll processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service APNMCP stopped successfully!
Service APNMCP deleted successfully!
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{2088f46c-e352-46dd-9434-bb81014359db} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2088f46c-e352-46dd-9434-bb81014359db}\ deleted successfully.
C:\Program Files (x86)\Vafmusic8\prxtbVafm.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3603830166-4043132608-3735572350-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{e7472076-ff9d-4325-8eaf-613572008758} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e7472076-ff9d-4325-8eaf-613572008758}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{e7472076-ff9d-4325-8eaf-613572008758}\ deleted successfully.
HKEY_USERS\S-1-5-21-3603830166-4043132608-3735572350-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3603830166-4043132608-3735572350-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33D796A8-3794-40F5-A714-ABBBE38D122B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33D796A8-3794-40F5-A714-ABBBE38D122B}\ not found.
Prefs.js: "Vafmusic8 Customized Web Search" removed from browser.search.defaultenginename
Prefs.js: "Vafmusic8 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.condui...={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Vafmusic8 Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "http://search.condui...399352&UM=2&q=" removed from keyword.URL
C:\Users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\mm8a3wmr.default\searchplugins\conduit.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2088f46c-e352-46dd-9434-bb81014359db}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2088f46c-e352-46dd-9434-bb81014359db}\ not found.
File C:\Program Files (x86)\Vafmusic8\prxtbVafm.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}\ deleted successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2088f46c-e352-46dd-9434-bb81014359db} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2088f46c-e352-46dd-9434-bb81014359db}\ not found.
File C:\Program Files (x86)\Vafmusic8\prxtbVafm.dll not found.
Registry value HKEY_USERS\S-1-5-21-3603830166-4043132608-3735572350-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2088F46C-E352-46DD-9434-BB81014359DB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2088F46C-E352-46DD-9434-BB81014359DB}\ not found.
File C:\Program Files (x86)\Vafmusic8\prxtbVafm.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{41564952-412D-5637-00A7-7A786E7484D7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}\ not found.
File V7\Passport.dll not found.
C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.
C:\Program Files (x86)\Conduit folder moved successfully.
C:\Program Files (x86)\Vafmusic8 folder moved successfully.
C:\Users\Lou\AppData\Local\Conduit\CT3303001 folder moved successfully.
C:\Users\Lou\AppData\Local\Conduit folder moved successfully.
C:\ProgramData\Conduit folder moved successfully.
C:\Users\Lou\AppData\Roaming\SearchProtect\bin folder moved successfully.
C:\Users\Lou\AppData\Roaming\SearchProtect folder moved successfully.
C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\Updater\Response folder moved successfully.
C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\Updater\Config folder moved successfully.
C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\Updater folder moved successfully.
C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\24.57772 folder moved successfully.
C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX folder moved successfully.
C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7 folder moved successfully.
C:\ProgramData\AskPartnerNetwork\Toolbar folder moved successfully.
C:\ProgramData\AskPartnerNetwork folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\AVIRA-V7 folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID} folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\Updater\{PartnerID} folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\Updater folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\{Crx_Version} folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID} folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\common appdata\AskPartnerNetwork\Toolbar folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\common appdata\AskPartnerNetwork folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\common appdata folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder} folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\appdata\Mozilla\Firefox\Profiles folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\appdata\Mozilla\Firefox folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\appdata\Mozilla folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\appdata folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7 folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lou
->Temp folder emptied: 102928495 bytes
->Temporary Internet Files folder emptied: 855123 bytes
->Java cache emptied: 251986 bytes
->FireFox cache emptied: 59817074 bytes
->Flash cache emptied: 570 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 156.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10122013_090852

Files\Folders moved on Reboot...
C:\Users\Lou\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Lou\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[WilliamP]

Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Lou on Sat 10/12/2013 at 9:19:43.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3303001



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\Lou\appdata\local\dictionaryboss"
Successfully deleted: [Folder] "C:\Users\Lou\appdata\local\filetypeassistant"
Successfully deleted: [Folder] "C:\Users\Lou\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Lou\appdata\locallow\dictionaryboss"
Successfully deleted: [Folder] "C:\Users\Lou\appdata\locallow\pricegong"
Failed to delete: [Folder] "C:\Program Files (x86)\dictionaryboss"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
Successfully deleted: [Empty Folder] C:\Users\Lou\appdata\local\{15BD6C63-A0FE-45B0-B8FA-C3508BF71DFB}
Successfully deleted: [Empty Folder] C:\Users\Lou\appdata\local\{1AE2CD4F-B32E-4C88-88B0-A7D3FCD8CCF1}
Successfully deleted: [Empty Folder] C:\Users\Lou\appdata\local\{48BA4DF1-F145-4BFC-ACD3-C59DA6A6AB1F}
Successfully deleted: [Empty Folder] C:\Users\Lou\appdata\local\{51480BA9-BA38-47A8-AA8A-A82568278B7B}
Successfully deleted: [Empty Folder] C:\Users\Lou\appdata\local\{654A7C9F-92C0-4961-BE62-AB7D9869F00E}
Successfully deleted: [Empty Folder] C:\Users\Lou\appdata\local\{764A19A8-04A7-4D4E-AFA1-2D979ED2998E}
Successfully deleted: [Empty Folder] C:\Users\Lou\appdata\local\{8ECF6658-37D3-4B67-860B-215CB8C0818C}
Successfully deleted: [Empty Folder] C:\Users\Lou\appdata\local\{B4517896-FF59-428A-A6B8-C4F2823B6CF1}
Successfully deleted: [Empty Folder] C:\Users\Lou\appdata\local\{C5FBFCE2-3793-4406-AD99-2DE1666C8F06}
Successfully deleted: [Empty Folder] C:\Users\Lou\appdata\local\{D3FB485A-504A-4CB4-BEF5-94782A7A3964}
Successfully deleted: [Empty Folder] C:\Users\Lou\appdata\local\{E9EEA37B-1AE9-45A2-A11D-B287EA7BBC2E}
Successfully deleted: [Empty Folder] C:\Users\Lou\appdata\local\{EB98507D-5AC6-45D6-B26C-3ADFECA7C0D5}



~~~ FireFox

Successfully deleted: [File] C:\Users\Lou\AppData\Roaming\mozilla\firefox\profiles\mm8a3wmr.default\extensions\[email protected]
Successfully deleted the following from C:\Users\Lou\AppData\Roaming\mozilla\firefox\profiles\mm8a3wmr.default\prefs.js

user_pref("CT3303001.smartbar.homepage", "true");
user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3303001&CUI=UN41826138341399352&UM=2&SearchSource=13&UP=SP1C404241-F8C4-475F-8714-E68470B50937");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
user_pref("extensions.toolbar.mindspark._v4Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=F42B7395-946E-4E25-91BE-B71ABE6A0F3C&n=77fd7919&p2=^XQ^xdm002^YYA^us&si=
user_pref("extensions.toolbar.mindspark._v4Members_.initialized", true);
user_pref("extensions.toolbar.mindspark._v4Members_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._v4Members_.installation.installDate", "2013100313");
user_pref("extensions.toolbar.mindspark._v4Members_.installation.partnerId", "^XQ^xdm002^YYA^us");
user_pref("extensions.toolbar.mindspark._v4Members_.installation.partnerSubId", "CP7O_NOc-7kCFSlo7AodMhIADw");
user_pref("extensions.toolbar.mindspark._v4Members_.installation.success", true);
user_pref("extensions.toolbar.mindspark._v4Members_.installation.toolbarId", "F42B7395-946E-4E25-91BE-B71ABE6A0F3C");
user_pref("extensions.toolbar.mindspark._v4Members_.lastActivePing", "1380822543262");
user_pref("extensions.toolbar.mindspark._v4Members_.options.defaultSearch", false);
user_pref("extensions.toolbar.mindspark._v4Members_.options.homePageEnabled", false);
user_pref("extensions.toolbar.mindspark._v4Members_.options.keywordEnabled", false);
user_pref("extensions.toolbar.mindspark._v4Members_.options.tabEnabled", false);
user_pref("extensions.toolbar.mindspark._v4Members_.searchHistory", "martha");
user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
user_pref("smartbar.addressBarOwnerCTID", "CT3303001");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3303001&CUI=UN41826138341399352&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3303001&CUI
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3303001&SearchSource=2&CUI=UN41826138341399352&UM=2&q=");
user_pref("smartbar.defaultSearchOwnerCTID", "CT3303001");
user_pref("smartbar.homePageOwnerCTID", "CT3303001");
user_pref("smartbar.machineId", "XOAUZ4KF4CYAOX81KFXII6LQAXXVSBHHXBD5USSPOGMIF5IBSAMTEJZLCSJA+UAAPPAW1YXIFYQOQYMCQFG5RW");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 10/12/2013 at 9:23:39.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[WilliamP]

ADW Log# AdwCleaner v3.005 - Report created 25/09/2013 at 11:35:02
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bill's - LOU
# Running from : C:\Users\Bill's\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : SystemStoreService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\visualbee
Folder Deleted : C:\Program Files (x86)\SoftwareUpdater
Folder Deleted : C:\Users\Bill's\AppData\Local\DownloadGuide
Folder Deleted : C:\Users\Bill's\AppData\Local\iac
Folder Deleted : C:\Users\Bill's\AppData\Local\PackageAware
Folder Deleted : C:\Users\Bill's\AppData\Local\visualbeeexe
Folder Deleted : C:\Users\Bill's\AppData\LocalLow\visualbee
Folder Deleted : C:\Users\Bill's\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Bill's\AppData\Roaming\Mozilla\Firefox\Profiles\4cndd157.default\ConduitCommon
Folder Deleted : C:\Users\Bill's\AppData\Roaming\Mozilla\Firefox\Profiles\4cndd157.default\CT2438727
Folder Deleted : C:\Users\Bill's\AppData\Roaming\Mozilla\Firefox\Profiles\4cndd157.default\Extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Bill's\AppData\Roaming\Mozilla\Firefox\Profiles\4cndd157.default\\invalidprefs.js
File Deleted : C:\Users\Bill's\AppData\Roaming\Mozilla\Firefox\Profiles\4cndd157.default\searchplugins\my-web-search.xml
File Deleted : C:\Users\Bill's\AppData\Roaming\Mozilla\Firefox\Profiles\4cndd157.default\user.js
File Deleted : C:\Windows\System32\Tasks\BitGuard
File Deleted : C:\Windows\System32\Tasks\EPUpdater
File Deleted : C:\Windows\System32\Tasks\Software Updater Ui
File Deleted : C:\Windows\System32\Tasks\Software Updater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKCU\Software\e6ddd8e66fe444
Key Deleted : HKLM\SOFTWARE\e6ddd8e66fe444
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Bill's\AppData\Roaming\Mozilla\Firefox\Profiles\4cndd157.default\prefs.js ]

Line Deleted : user_pref("CT2438727..clientLogIsEnabled", false);
Line Deleted : user_pref("CT2438727..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2438727..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2438727.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2438727.BrowserCompStateIsOpen_1000515", true);
Line Deleted : user_pref("CT2438727.CT2438727", "CT2438727");
Line Deleted : user_pref("CT2438727.CT2438727.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2438727&octid=CT2438727&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=UM_[...]
Line Deleted : user_pref("CT2438727.ConfigurationLastCheckTime", "Tue Sep 24 2013 19:28:47 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT2438727.CurrentServerDate", "25-9-2013");
Line Deleted : user_pref("CT2438727.DSInstall", false);
Line Deleted : user_pref("CT2438727.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2438727.DialogsGetterLastCheckTime", "Thu Sep 19 2013 19:18:00 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT2438727.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2438727.FirstServerDate", "20-9-2013");
Line Deleted : user_pref("CT2438727.FirstTime", true);
Line Deleted : user_pref("CT2438727.FirstTimeFF3", true);
Line Deleted : user_pref("CT2438727.FirstTimeHiddenVer", true);
Line Deleted : user_pref("CT2438727.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2438727.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2438727.HPInstall", false);
Line Deleted : user_pref("CT2438727.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2438727.Initialize", true);
Line Deleted : user_pref("CT2438727.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2438727.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2438727.InstallationType", "Unknown");
Line Deleted : user_pref("CT2438727.InstalledDate", "Thu Sep 19 2013 19:18:13 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT2438727.IsGrouping", false);
Line Deleted : user_pref("CT2438727.IsInitSetupIni", true);
Line Deleted : user_pref("CT2438727.IsMulticommunity", false);
Line Deleted : user_pref("CT2438727.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2438727.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2438727.LanguagePackLastCheckTime", "Tue Sep 24 2013 19:28:47 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2438727.LastLogin_3.20.0.4", "Wed Sep 25 2013 11:22:50 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT2438727.LatestVersion", "3.20.0.4");
Line Deleted : user_pref("CT2438727.Locale", "en");
Line Deleted : user_pref("CT2438727.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2438727.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2438727.MyStuffEnabledAtInstallation", false);
Line Deleted : user_pref("CT2438727.OriginalFirstVersion", "3.20.0.4");
Line Deleted : user_pref("CT2438727.SearchAPILastCheckTime", "Tue Sep 24 2013 19:28:47 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT2438727.SearchCaption", "Zynga Customized Web Search");
Line Deleted : user_pref("CT2438727.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&SearchSource=2&CUI=SB_CUI&UM=UM_ID&q=");
Line Deleted : user_pref("CT2438727.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Deleted : user_pref("CT2438727.SearchInNewTabURLFromSearchAPI", "hxxp://search.conduit.com/?ctid=CT2438727&octid=CT2438727&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=UM_ID");
Line Deleted : user_pref("CT2438727.SearchInNewTabUserEnabled", false);
Line Deleted : user_pref("CT2438727.SendProtectorDataViaLogin", true);
Line Deleted : user_pref("CT2438727.ServiceMapLastCheckTime", "Tue Sep 24 2013 19:28:47 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT2438727.SettingsLastCheckTime", "Wed Sep 25 2013 11:22:49 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT2438727.SettingsLastUpdate", "1380096675");
Line Deleted : user_pref("CT2438727.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2438727&SearchSource=13");
Line Deleted : user_pref("CT2438727.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT2438727.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2438727");
Line Deleted : user_pref("CT2438727.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT2438727.UserID", "UN31173046010789845");
Line Deleted : user_pref("CT2438727.alertChannelId", "832836");
Line Deleted : user_pref("CT2438727.components.1000515", true);
Line Deleted : user_pref("CT2438727.countryCode", "US");
Line Deleted : user_pref("CT2438727.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT2438727.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2438727.initDone", true);
Line Deleted : user_pref("CT2438727.myStuffEnabled", true);
Line Deleted : user_pref("CT2438727.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2438727.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2438727.navigateToUrlOnSearch", false);
Line Deleted : user_pref("CT2438727.revertSettingsEnabled", true);
Line Deleted : user_pref("CT2438727.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2438727.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2438727.testingCtid", "");
Line Deleted : user_pref("CT2438727.toolbarAppMetaDataLastCheckTime", "Tue Sep 24 2013 19:28:47 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2438727/CT2438727", "\"d36112ad29ae77a77d99b33d4ea25bd43\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2438727", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.20.0.4", "\"23c5489aa686ce1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2438727", "\"9971ee9815a5fc569766cf6ddcaaca8e\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"570022812a2886069d9aec5f179dd5a2\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"f2982e793f1ad490a79e05219fde8c7e\"");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2438727");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2438727");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "933409a4-0b32-404e-9649-76b87807c624");
Line Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://visualbee.delta-search.com/?babsrc=HP_ss&mntrId=E031002522FA9961&affID=121376&tsp=5010");
Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Bing");
Line Deleted : user_pref("extensions.crossrider.bic", "1413884038dc4fa394b214871db83de9");

-\\ Google Chrome v

[ File : C:\Users\Bill's\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [11332 octets] - [25/09/2013 11:29:03]
AdwCleaner[S0].txt - [11475 octets] - [25/09/2013 11:35:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11536 octets] ##########
# AdwCleaner v3.007 - Report created 12/10/2013 at 09:40:52
# Updated 09/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lou - LOU-PC
# Running from : C:\Users\Lou\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Lou\AppData\LocalLow\Vafmusic8

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DictionaryBoss Search Scope Monitor]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DictionaryBoss Browser Plugin Loader]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E7007A9-D556-4668-957D-A95836C91F8B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2088F46C-E352-46DD-9434-BB81014359DB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E7007A9-D556-4668-957D-A95836C91F8B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2088F46C-E352-46DD-9434-BB81014359DB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6E7007A9-D556-4668-957D-A95836C91F8B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7E4831EB-A7D1-4B66-981D-E38BBC05C9FD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B45E2793-60F6-4AD6-8F57-F29FA8C353BB}
Key Deleted : HKCU\Software\AppDataLow\Software\Vafmusic8
Key Deleted : HKLM\Software\Vafmusic8

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\mm8a3wmr.default\prefs.js ]

Line Deleted : user_pref("CT3303001.FF19Solved", "true");
Line Deleted : user_pref("CT3303001.UserID", "UN41826138341399352");
Line Deleted : user_pref("CT3303001.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3303001.fullUserID", "UN41826138341399352.IN.20131009150915");
Line Deleted : user_pref("CT3303001.installDate", "09/10/2013 15:09:16");
Line Deleted : user_pref("CT3303001.installSessionId", "{AA2CE30A-48AB-4B7A-ACD1-883433E380F6}");
Line Deleted : user_pref("CT3303001.installSp", "TRUE");
Line Deleted : user_pref("CT3303001.installerVersion", "1.7.1.4");
Line Deleted : user_pref("CT3303001.keyword", "true");
Line Deleted : user_pref("CT3303001.originalHomepage", "hxxp://www.yahoo.com/");
Line Deleted : user_pref("CT3303001.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3303001.originalSearchEngine", "");
Line Deleted : user_pref("CT3303001.originalSearchEngineName", "");
Line Deleted : user_pref("CT3303001.searchRevert", "false");
Line Deleted : user_pref("CT3303001.searchUserMode", "2");
Line Deleted : user_pref("CT3303001.versionFromInstaller", "10.20.1.8");
Line Deleted : user_pref("CT3303001.xpeMode", "0");

*************************

AdwCleaner[R0].txt - [17928 octets] - [25/09/2013 11:29:03]
AdwCleaner[R1].txt - [6655 octets] - [12/10/2013 09:17:51]
AdwCleaner[R2].txt - [3316 octets] - [12/10/2013 09:40:32]
AdwCleaner[S0].txt - [14855 octets] - [25/09/2013 11:35:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14916 octets] ##########

[WilliamP]

OTL OTL logfile created on: 10/12/2013 9:44:14 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lou\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.58 Gb Available Physical Memory | 82.41% Memory free
15.96 Gb Paging File | 14.42 Gb Available in Paging File | 90.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238.37 Gb Total Space | 154.75 Gb Free Space | 64.92% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 131.34 Gb Free Space | 88.12% Space Free | Partition Type: NTFS
Drive E: | 149.04 Gb Total Space | 103.84 Gb Free Space | 69.67% Space Free | Partition Type: NTFS

Computer Name: LOU-PC | User Name: Lou | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/10/11 12:54:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lou\Downloads\OTL.exe
PRC - [2013/10/03 13:49:01 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4barsvc.exe
PRC - [2013/09/30 11:01:31 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/09/30 11:01:14 | 001,164,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
PRC - [2013/09/30 11:01:13 | 000,972,872 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
PRC - [2013/09/30 11:01:13 | 000,681,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/09/30 11:01:13 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/09/05 10:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2012/05/30 02:08:28 | 001,842,384 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
PRC - [2012/02/20 15:54:08 | 001,666,560 | ---- | M] (AimerSoft) -- C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
PRC - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/02/25 17:59:54 | 000,144,672 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Scrapbook Factory Deluxe 5.0\ReminderApp.exe
PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/09 14:37:33 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll
MOD - [2013/10/09 14:37:27 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/09 14:37:23 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll
MOD - [2013/10/09 14:37:23 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/10/09 14:37:18 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/02 17:57:39 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013/10/02 17:57:31 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\62f93ab850d8784b320de819666df705\System.Data.ni.dll
MOD - [2013/10/02 17:57:31 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5970036570c1e44e8ae0f6f94c1039aa\System.EnterpriseServices.ni.dll
MOD - [2013/10/02 17:57:31 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4ada2213cefea889a5ed6e2fb6839b93\System.Transactions.ni.dll
MOD - [2013/10/02 17:57:17 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/10/02 17:57:06 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/10/02 17:57:03 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/10/02 17:53:18 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2010/11/20 23:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/02/25 18:00:04 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Scrapbook Factory Deluxe 5.0\AddressBookCore.dll
MOD - [2010/02/25 17:59:54 | 000,144,672 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Scrapbook Factory Deluxe 5.0\ReminderApp.exe
MOD - [2010/02/25 17:40:04 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Scrapbook Factory Deluxe 5.0\en-US\ReminderApp.resources.dll
MOD - [2009/06/10 17:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/30 18:57:54 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/23 16:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2013/10/08 12:30:56 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/03 13:49:01 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4barsvc.exe -- (DictionaryBossService)
SRV - [2013/09/30 11:01:31 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/09/30 11:01:14 | 001,164,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe -- (AntiVirWebService)
SRV - [2013/09/30 11:01:13 | 000,972,872 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe -- (AntiVirMailService)
SRV - [2013/09/30 11:01:13 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/09/10 22:26:44 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/05 10:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/30 11:01:14 | 000,083,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\avnetflt.sys -- (avnetflt)
DRV:64bit: - [2013/09/30 11:01:13 | 000,132,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/09/30 11:01:13 | 000,105,856 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/09/30 11:01:13 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/08/30 20:11:28 | 012,528,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/08/30 18:32:32 | 000,618,496 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/07/05 04:40:38 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/26 18:37:16 | 000,374,320 | ---- | M] (TeraByte, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TBIMount.sys -- (TBIMount)
DRV:64bit: - [2012/10/30 22:20:58 | 000,034,424 | ---- | M] (TeraByte, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\phylock.sys -- (phylock)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/21 14:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E1 F4 D0 2F 96 BF CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..keyword.enabled: false
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@DictionaryBoss.com/Plugin: C:\Program Files (x86)\DictionaryBoss\bar\1.bin\NPv4Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DictionaryBoss\bar\1.bin [2013/10/12 09:21:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/10/02 14:43:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lou\AppData\Roaming\Mozilla\Extensions
[2013/10/12 09:23:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\mm8a3wmr.default\extensions
[2013/10/02 14:43:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/02 14:43:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Search Assistant BHO) - {58376892-60e7-4f63-aca0-0f686af554d6} - C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4SrcAs.dll File not found
O2 - BHO: (Toolbar BHO) - {6eb534fb-2001-45c4-b860-bc904865a379} - C:\PROGRA~2\DICTIO~2\bar\1.bin\v4bar.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (DictionaryBoss) - {3042df7a-e900-4389-9b94-923df0daa57e} - C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4bar.dll File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [DictionaryBoss Home Page Guard 64 bit] C:\Program Files (x86)\DictionaryBoss\bar\1.bin\AppIntegrator64.exe ()
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe (AimerSoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ReminderApp] C:\Program Files (x86)\Nova Development\Scrapbook Factory Deluxe 5.0\ReminderApp.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85561533-5071-4310-B8B8-666DC1587394}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/12 09:31:12 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\FileTypeAssistant
[2013/10/12 09:19:42 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/11 20:09:57 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Broderbund Software
[2013/10/11 20:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Broderbund Software
[2013/10/11 20:09:57 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\ApplicationHistory
[2013/10/10 19:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/10 19:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/10/10 19:08:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/10 19:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/10 19:08:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/10/10 19:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/10/10 17:30:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Type Assistant
[2013/10/10 17:23:08 | 000,000,000 | ---D | C] -- C:\Users\Lou\Documents\MY_DVD
[2013/10/10 09:31:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/10/10 09:31:18 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/10/09 15:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/10/09 15:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab
[2013/10/09 15:12:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ClipGrab
[2013/10/09 13:47:40 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Aimersoft
[2013/10/09 13:47:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aimersoft
[2013/10/09 13:47:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Aimersoft
[2013/10/09 13:47:34 | 000,000,000 | ---D | C] -- C:\Users\Lou\Documents\Aimersoft DVD Creator
[2013/10/09 13:47:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aimersoft
[2013/10/03 18:47:43 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\ATI
[2013/10/03 18:47:43 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\ATI
[2013/10/03 18:47:43 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/10/03 18:47:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2013/10/03 18:47:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013/10/03 18:47:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2013/10/03 18:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2013/10/03 18:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2013/10/03 18:46:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013/10/03 18:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/10/03 18:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013/10/03 18:44:06 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013/10/03 18:12:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/10/03 18:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2013/10/03 18:05:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc
[2013/10/03 17:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013/10/03 17:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/10/03 17:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TBIView
[2013/10/03 17:34:15 | 000,374,320 | ---- | C] (TeraByte, Inc.) -- C:\Windows\SysNative\drivers\TBIMount.sys
[2013/10/03 17:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraByte Unlimited
[2013/10/03 17:34:14 | 000,034,424 | ---- | C] (TeraByte, Inc.) -- C:\Windows\SysNative\drivers\phylock.sys
[2013/10/03 17:34:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeraByte Unlimited
[2013/10/03 17:34:14 | 000,000,000 | ---D | C] -- C:\Users\Lou\Documents\My Backups
[2013/10/03 13:49:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DictionaryBoss
[2013/10/03 11:11:30 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\Canon
[2013/10/03 11:10:47 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Scansoft
[2013/10/03 11:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon CanoScan 8800F User Registration
[2013/10/03 11:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Presto! PageManager 7.15
[2013/10/03 11:09:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\NewSoft
[2013/10/03 11:09:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PDFView
[2013/10/03 11:09:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewSoft
[2013/10/03 11:09:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Color
[2013/10/03 11:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2013/10/03 11:08:31 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\ScanSoft
[2013/10/03 11:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSoft OmniPage SE 4
[2013/10/03 11:08:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ScanSoft Shared
[2013/10/03 11:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft
[2013/10/03 11:08:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScanSoft
[2013/10/03 11:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft PhotoStudio 5.5
[2013/10/03 11:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
[2013/10/03 11:07:19 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\PCDLIB32.DLL
[2013/10/03 10:30:30 | 000,000,000 | ---D | C] -- C:\Users\Lou\Documents\Quicken
[2013/10/03 09:58:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
[2013/10/03 09:58:55 | 004,200,024 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf400.dll
[2013/10/03 09:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2012
[2013/10/03 09:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
[2013/10/03 09:58:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quicken
[2013/10/03 09:58:26 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\Intuit
[2013/10/03 09:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2013/10/02 21:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2013/10/02 21:29:07 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\Canneverbe Limited
[2013/10/02 21:29:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2013/10/02 21:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
[2013/10/02 21:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2013/10/02 20:50:25 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Citi-Software
[2013/10/02 20:50:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citi-Software
[2013/10/02 20:37:16 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\Malwarebytes
[2013/10/02 20:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/02 20:37:13 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/10/02 20:37:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/10/02 20:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/02 20:36:55 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Programs
[2013/10/02 20:33:27 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\SUPERAntiSpyware.com
[2013/10/02 20:33:27 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Google
[2013/10/02 20:33:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/10/02 20:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/10/02 20:33:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/10/02 20:33:25 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/10/02 20:08:54 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Macromedia
[2013/10/02 20:08:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/10/02 19:02:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2013/10/02 19:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2013/10/02 19:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon CanoScan 8800F Manual
[2013/10/02 18:59:57 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2013/10/02 18:59:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2013/10/02 18:21:57 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Nova Development
[2013/10/02 18:19:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/10/02 18:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013/10/02 18:19:42 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\Macromedia
[2013/10/02 18:19:42 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Adobe
[2013/10/02 18:19:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013/10/02 18:17:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2013/10/02 18:17:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2013/10/02 18:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/10/02 18:16:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/10/02 18:15:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/10/02 18:12:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nova Development
[2013/10/02 18:04:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nova Development
[2013/10/02 18:04:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nova Development
[2013/10/02 18:00:37 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer
[2013/10/02 18:00:36 | 003,715,072 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf300.dll
[2013/10/02 18:00:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Web Publish
[2013/10/02 18:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Print Shop 23.1
[2013/10/02 17:59:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Broderbund
[2013/10/02 17:59:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Print Shop 23.1
[2013/10/02 17:57:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/10/02 17:56:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2013/10/02 17:19:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2013/10/02 16:38:29 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/10/02 15:53:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/10/02 15:53:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/10/02 15:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/10/02 15:52:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013/10/02 15:52:25 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Microsoft Help
[2013/10/02 15:52:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/10/02 15:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013/10/02 15:52:18 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/10/02 15:48:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/10/02 15:45:51 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/10/02 15:43:12 | 000,000,000 | ---D | C] -- C:\Users\Lou\Documents\PrintScreen Files
[2013/10/02 15:43:12 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
[2013/10/02 15:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
[2013/10/02 15:43:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gadwin Systems
[2013/10/02 15:39:07 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/10/02 15:16:11 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\Windows Live Writer
[2013/10/02 15:16:11 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Windows Live Writer
[2013/10/02 15:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013/10/02 15:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013/10/02 15:11:22 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/10/02 15:10:28 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Windows Live
[2013/10/02 15:10:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013/10/02 15:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/10/02 15:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/10/02 14:57:56 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\Avira
[2013/10/02 14:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/10/02 14:57:43 | 000,132,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/10/02 14:57:43 | 000,105,856 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/10/02 14:57:43 | 000,083,160 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013/10/02 14:57:43 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013/10/02 14:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/10/02 14:57:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013/10/02 14:51:12 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/10/02 14:43:09 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\Mozilla
[2013/10/02 14:43:09 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Mozilla
[2013/10/02 14:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/10/02 14:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/10/02 14:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/10/02 14:27:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/10/02 14:27:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/10/02 14:26:22 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\Adobe
[2013/10/02 14:17:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/10/02 14:12:51 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2013/10/02 14:12:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2013/10/02 13:37:29 | 000,471,144 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013/10/02 13:37:25 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/10/02 13:37:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013/10/02 13:32:31 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Diagnostics
[2013/10/02 12:47:06 | 000,000,000 | R--D | C] -- C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/10/02 12:47:06 | 000,000,000 | R--D | C] -- C:\Users\Lou\Searches
[2013/10/02 12:47:06 | 000,000,000 | R--D | C] -- C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/10/02 12:47:06 | 000,000,000 | -H-D | C] -- C:\Users\Lou\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/10/02 12:47:00 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\Identities
[2013/10/02 12:46:59 | 000,000,000 | R--D | C] -- C:\Users\Lou\Contacts
[2013/10/02 12:46:59 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\VirtualStore
[2013/10/02 12:46:57 | 000,000,000 | --SD | C] -- C:\Users\Lou\AppData\Roaming\Microsoft
[2013/10/02 12:46:57 | 000,000,000 | R--D | C] -- C:\Users\Lou\Videos
[2013/10/02 12:46:57 | 000,000,000 | R--D | C] -- C:\Users\Lou\Saved Games
[2013/10/02 12:46:57 | 000,000,000 | R--D | C] -- C:\Users\Lou\Pictures
[2013/10/02 12:46:57 | 000,000,000 | R--D | C] -- C:\Users\Lou\Music
[2013/10/02 12:46:57 | 000,000,000 | R--D | C] -- C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/10/02 12:46:57 | 000,000,000 | R--D | C] -- C:\Users\Lou\Links
[2013/10/02 12:46:57 | 000,000,000 | R--D | C] -- C:\Users\Lou\Favorites
[2013/10/02 12:46:57 | 000,000,000 | R--D | C] -- C:\Users\Lou\Downloads
[2013/10/02 12:46:57 | 000,000,000 | R--D | C] -- C:\Users\Lou\Documents
[2013/10/02 12:46:57 | 000,000,000 | R--D | C] -- C:\Users\Lou\Desktop
[2013/10/02 12:46:57 | 000,000,000 | R--D | C] -- C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\AppData\Local\Temporary Internet Files
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\Templates
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\Start Menu
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\SendTo
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\Recent
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\PrintHood
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\NetHood
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\Documents\My Videos
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\Documents\My Pictures
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\Documents\My Music
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\My Documents
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\Local Settings
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\AppData\Local\History
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\Cookies
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\Application Data
[2013/10/02 12:46:57 | 000,000,000 | -HSD | C] -- C:\Users\Lou\AppData\Local\Application Data
[2013/10/02 12:46:57 | 000,000,000 | -H-D | C] -- C:\Users\Lou\AppData
[2013/10/02 12:46:57 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Temp
[2013/10/02 12:46:57 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Local\Microsoft
[2013/10/02 12:46:57 | 000,000,000 | ---D | C] -- C:\Users\Lou\AppData\Roaming\Media Center Programs
[2013/10/01 11:24:22 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/09/30 11:22:47 | 000,000,000 | ---D | C] -- C:\TEMP
[2013/09/25 16:31:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/25 11:28:53 | 000,000,000 | ---D | C] -- C:\AdwCleaner

========== Files - Modified Within 30 Days ==========

[2013/10/12 09:41:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/12 09:41:35 | 2133,835,775 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/12 09:38:21 | 000,028,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/12 09:38:21 | 000,028,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/12 09:35:17 | 000,795,074 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/12 09:35:17 | 000,670,828 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/12 09:35:17 | 000,125,954 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/12 09:19:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/11 20:16:06 | 000,019,968 | ---- | M] () -- C:\Users\Lou\Documents\dalrc dues.env
[2013/10/10 09:31:18 | 000,002,965 | ---- | M] () -- C:\Users\Lou\Desktop\HiJackThis.lnk
[2013/10/09 15:12:21 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\ClipGrab.lnk
[2013/10/09 14:34:10 | 001,220,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/09 14:33:01 | 000,787,196 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/09 13:47:39 | 000,001,180 | ---- | M] () -- C:\Users\Lou\Desktop\Aimersoft DVD Creator.lnk
[2013/10/07 20:02:19 | 000,001,837 | ---- | M] () -- C:\Users\Lou\Desktop\PrintScreen Files - Shortcut.lnk
[2013/10/06 18:23:19 | 003,238,600 | ---- | M] () -- C:\Users\Lou\Documents\SS in-service 1.sbk
[2013/10/05 20:06:37 | 000,005,632 | ---- | M] () -- C:\Users\Lou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/03 18:05:57 | 000,002,148 | ---- | M] () -- C:\Users\Lou\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2013/10/03 18:05:57 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2013/10/03 17:34:15 | 000,001,390 | ---- | M] () -- C:\Users\Lou\Desktop\Image for Windows.lnk
[2013/10/03 15:03:12 | 000,000,237 | ---- | M] () -- C:\Users\Lou\Desktop\Pronunciatio.URL
[2013/10/03 13:35:19 | 000,000,228 | ---- | M] () -- C:\Users\Lou\Desktop\DeltaNet.URL
[2013/10/03 13:35:16 | 000,000,232 | ---- | M] () -- C:\Users\Lou\Desktop\Delta Credit Union.URL
[2013/10/03 13:26:46 | 000,000,206 | ---- | M] () -- C:\Users\Lou\Desktop\DLTK's Crafts for Kids.URL
[2013/10/03 11:10:08 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Canon CanoScan 8800F User Registration.LNK
[2013/10/03 11:09:46 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Presto! PageManager 7.15.lnk
[2013/10/03 11:09:34 | 000,000,264 | ---- | M] () -- C:\Windows\setup.iss
[2013/10/03 11:08:33 | 000,000,424 | ---- | M] () -- C:\Windows\MAXLINK.INI
[2013/10/03 11:06:40 | 000,002,043 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2013/10/03 11:06:31 | 000,002,099 | ---- | M] () -- C:\Users\Public\Desktop\MP Navigator EX 1.0.lnk
[2013/10/03 11:06:08 | 000,002,347 | ---- | M] () -- C:\Users\Public\Desktop\CanoScan 8800F On-screen Manual.lnk
[2013/10/03 09:58:53 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\Quicken Deluxe 2012.lnk
[2013/10/03 09:58:48 | 000,000,126 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2013/10/02 22:25:59 | 000,000,468 | ---- | M] () -- C:\Users\Lou\Desktop\Photo Stor (D) - Shortcut.lnk
[2013/10/02 21:29:07 | 000,001,945 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2013/10/02 21:20:07 | 000,000,836 | ---- | M] () -- C:\Users\Lou\Desktop\WhoCrashed.lnk
[2013/10/02 20:50:04 | 000,003,059 | ---- | M] () -- C:\Users\Lou\Desktop\PASSWORDSAccess Manager 2.lnk
[2013/10/02 20:37:14 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/02 20:33:26 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/10/02 18:18:06 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 10.lnk
[2013/10/02 18:12:00 | 000,002,769 | ---- | M] () -- C:\Users\Public\Desktop\Scrapbook Factory Deluxe.lnk
[2013/10/02 18:00:32 | 000,002,645 | ---- | M] () -- C:\Users\Public\Desktop\The Print Shop 23.1.lnk
[2013/10/02 18:00:32 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Broderbund.com.lnk
[2013/10/02 18:00:32 | 000,001,942 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk
[2013/10/02 15:53:51 | 000,003,021 | ---- | M] () -- C:\Users\Lou\Desktop\Microsoft Word 2010.lnk
[2013/10/02 15:53:51 | 000,002,951 | ---- | M] () -- C:\Users\Lou\Desktop\Microsoft Excel 2010.lnk
[2013/10/02 15:40:47 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/10/02 15:40:46 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/10/02 15:39:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/10/02 15:23:42 | 000,001,458 | ---- | M] () -- C:\Users\Lou\Desktop\Windows Live Mail.lnk
[2013/10/02 15:02:19 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/10/02 14:43:02 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/10/02 14:25:57 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013/10/02 14:07:27 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/10/02 14:07:27 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/10/02 13:17:30 | 000,001,441 | ---- | M] () -- C:\Users\Lou\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/30 11:01:14 | 000,083,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013/09/30 11:01:13 | 000,132,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/09/30 11:01:13 | 000,105,856 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/09/30 11:01:13 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys

========== Files Created - No Company Name ==========

[2013/10/11 20:16:06 | 000,019,968 | ---- | C] () -- C:\Users\Lou\Documents\dalrc dues.env
[2013/10/10 09:31:18 | 000,002,965 | ---- | C] () -- C:\Users\Lou\Desktop\HiJackThis.lnk
[2013/10/09 15:12:21 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\ClipGrab.lnk
[2013/10/09 13:47:39 | 000,001,180 | ---- | C] () -- C:\Users\Lou\Desktop\Aimersoft DVD Creator.lnk
[2013/10/07 20:02:19 | 000,001,837 | ---- | C] () -- C:\Users\Lou\Desktop\PrintScreen Files - Shortcut.lnk
[2013/10/06 18:11:03 | 003,238,600 | ---- | C] () -- C:\Users\Lou\Documents\SS in-service 1.sbk
[2013/10/05 20:06:34 | 000,005,632 | ---- | C] () -- C:\Users\Lou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/03 18:05:57 | 000,002,148 | ---- | C] () -- C:\Users\Lou\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2013/10/03 18:05:57 | 000,002,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2013/10/03 18:05:57 | 000,002,124 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2013/10/03 17:34:15 | 000,091,224 | ---- | C] () -- C:\Windows\tbicd2hd.exe
[2013/10/03 17:34:15 | 000,001,390 | ---- | C] () -- C:\Users\Lou\Desktop\Image for Windows.lnk
[2013/10/03 15:03:12 | 000,000,237 | ---- | C] () -- C:\Users\Lou\Desktop\Pronunciatio.URL
[2013/10/03 13:35:19 | 000,000,228 | ---- | C] () -- C:\Users\Lou\Desktop\DeltaNet.URL
[2013/10/03 13:35:16 | 000,000,232 | ---- | C] () -- C:\Users\Lou\Desktop\Delta Credit Union.URL
[2013/10/03 13:26:46 | 000,000,206 | ---- | C] () -- C:\Users\Lou\Desktop\DLTK's Crafts for Kids.URL
[2013/10/03 11:09:46 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Presto! PageManager 7.15.lnk
[2013/10/03 11:09:34 | 000,009,606 | ---- | C] () -- C:\Windows\SysNative\NEWSOFT
[2013/10/03 11:09:28 | 000,000,264 | ---- | C] () -- C:\Windows\setup.iss
[2013/10/03 11:09:20 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2013/10/03 11:08:33 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2013/10/03 11:06:40 | 000,002,043 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2013/10/03 11:06:31 | 000,002,099 | ---- | C] () -- C:\Users\Public\Desktop\MP Navigator EX 1.0.lnk
[2013/10/03 09:58:53 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Deluxe 2012.lnk
[2013/10/03 09:58:25 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2013/10/02 22:25:59 | 000,000,468 | ---- | C] () -- C:\Users\Lou\Desktop\Photo Stor (D) - Shortcut.lnk
[2013/10/02 21:29:07 | 000,001,945 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2013/10/02 21:29:07 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2013/10/02 21:20:07 | 000,000,836 | ---- | C] () -- C:\Users\Lou\Desktop\WhoCrashed.lnk
[2013/10/02 20:50:04 | 000,003,059 | ---- | C] () -- C:\Users\Lou\Desktop\PASSWORDSAccess Manager 2.lnk
[2013/10/02 20:50:04 | 000,003,019 | ---- | C] () -- C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Access Manager 2.lnk
[2013/10/02 20:37:14 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/02 20:33:26 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/10/02 20:14:09 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/10/02 20:08:49 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/02 19:04:04 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Canon CanoScan 8800F User Registration.LNK
[2013/10/02 19:00:12 | 000,002,347 | ---- | C] () -- C:\Users\Public\Desktop\CanoScan 8800F On-screen Manual.lnk
[2013/10/02 18:19:51 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2013/10/02 18:18:06 | 000,001,912 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 10.lnk
[2013/10/02 18:18:06 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 10.lnk
[2013/10/02 18:12:00 | 000,002,769 | ---- | C] () -- C:\Users\Public\Desktop\Scrapbook Factory Deluxe.lnk
[2013/10/02 18:00:32 | 000,002,645 | ---- | C] () -- C:\Users\Public\Desktop\The Print Shop 23.1.lnk
[2013/10/02 18:00:32 | 000,001,948 | ---- | C] () -- C:\Users\Public\Desktop\Broderbund.com.lnk
[2013/10/02 18:00:32 | 000,001,942 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk
[2013/10/02 17:56:51 | 000,787,196 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/02 15:53:51 | 000,003,021 | ---- | C] () -- C:\Users\Lou\Desktop\Microsoft Word 2010.lnk
[2013/10/02 15:53:51 | 000,002,951 | ---- | C] () -- C:\Users\Lou\Desktop\Microsoft Excel 2010.lnk
[2013/10/02 15:40:43 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/10/02 15:40:42 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/10/02 15:39:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/10/02 15:23:42 | 000,001,458 | ---- | C] () -- C:\Users\Lou\Desktop\Windows Live Mail.lnk
[2013/10/02 15:19:31 | 2133,835,775 | -HS- | C] () -- C:\hiberfil.sys
[2013/10/02 15:13:24 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013/10/02 15:02:19 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/10/02 14:43:02 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/10/02 14:43:02 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/10/02 14:25:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/10/02 14:11:06 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/10/02 14:07:27 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/10/02 14:07:27 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/10/02 13:58:57 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/10/02 13:37:29 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2013/10/02 13:17:30 | 000,001,441 | ---- | C] () -- C:\Users\Lou\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/10/02 12:47:07 | 000,001,417 | ---- | C] () -- C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/10/02 12:46:57 | 000,000,290 | ---- | C] () -- C:\Users\Lou\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/10/02 12:46:57 | 000,000,272 | ---- | C] () -- C:\Users\Lou\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/08/30 19:53:48 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/08/30 19:47:50 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/08/30 19:47:50 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/08/30 19:04:52 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/08/30 19:04:52 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/02 21:29:07 | 000,000,000 | ---D | M] -- C:\Users\Lou\AppData\Roaming\Canneverbe Limited
[2013/10/03 11:15:29 | 000,000,000 | ---D | M] -- C:\Users\Lou\AppData\Roaming\Canon
[2013/10/03 11:08:31 | 000,000,000 | ---D | M] -- C:\Users\Lou\AppData\Roaming\ScanSoft
[2013/10/02 17:28:24 | 000,000,000 | ---D | M] -- C:\Users\Lou\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:CF08C48A

< End of report >

[WilliamP]

System seems to be fine. I plan to keep Avira. Just paid for another year.

[pystryker]

System seems to be fine. I plan to keep Avira. Just paid for another year.

No worries Thank you for the logs, things are looking good. Let's run a couple sweeps for remnants.

Please disable your anti-virus programs for the during of the scans. Please follow the instructions below:

Step 1: MBAM Scan

I see you have Malwarebytes' Anti-Malware installed.

• Please open the program.
• Click on the Update tab then click Check for Updates
  
  
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, check the following settings:
  
  • On the Settings tab, Scanner Settings, leave the default boxes checked but change the drop-down boxes to Show in results list and check for removal.
  
  
  
• On the Scanner tab, check Perform quick scan.
  
  
  
• When the scan is complete, click OK, then Show Results to view the results.
  
  
  
• Make sure that everything is checked, and click Remove Selected.
  
  
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and Paste the entire report in your next reply.

Step 2: ESET Online Scan


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->

• Select the option YES, I accept the Terms of Use then click on Start
  
• When prompted allow the Add-On/Active X to install.
  
• Make sure that the option Remove found threats is NOT checked.
  
• Make sure that the option Scan archives is checked.
  
• Now click on Advanced Settings and select the following:
• Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology
  
• Now click on Start
  
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  
• When completed the Online Scan will begin automatically. The scan may take several hours.
  
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  
• Now click on Finish
  
• Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  
• Copy and paste that log as a reply to this topic.

Things I need to see in your next post:

• MBAM Log
  
• ESET Log

[WilliamP]

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.12.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Lou :: LOU-PC [administrator]

Protection: Enabled

10/12/2013 4:49:31 PM
mbam-log-2013-10-12 (16-49-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197013
Time elapsed: 1 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[WilliamP]

Eset log:\AdwCleaner\Quarantine\C\Users\Bill's\AppData\Local\DownloadGuide\strongvault.exe.vir MSIL/Adware.StrongVault.A application
C:\AdwCleaner\Quarantine\C\Users\Bill's\AppData\Local\DownloadGuide\visualbee.exe.vir Win32/DownWare.I application
C:\Program Files\Uninstaller\Uninstall.exe a variant of MSIL/DomaIQ.A application
C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Program Files (x86)\DictionaryBoss\bar\1.bin\AppIntegrator64.exe Win64/Toolbar.MyWebSearch.A application
C:\Program Files (x86)\DictionaryBoss\bar\1.bin\AppIntegratorStub64.dll Win64/Toolbar.MyWebSearch.A application
C:\Program Files (x86)\DictionaryBoss\bar\1.bin\Hpg64.dll Win64/Toolbar.MyWebSearch.A application
C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4brmon.exe Win32/Toolbar.MyWebSearch.W application
C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js Win32/Conduit.SearchProtect.A application

[WilliamP]

This is troubling. I had been getting a pop up from the lower right Task Bar saying that I had an old version of Adobe Air and needed to update it. ( Click Here). I checked and the pop up was correct. Well I made the mistake of clicking on it. I did get the new Adobe Air but I got a lot more. I think that I managed to get rid it all. But how did I get that pop up in the first place???