Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

"Rolling screen virus?" [Solved]

Started by PattyB , Nov 07 2013 05:03 PM

  • This topic is locked This topic is locked

#1
PattyB
Posted 07 November 2013 - 05:03 PM

PattyB

    Member

  • Member
  • PipPip
  • 15 posts
I am having problems with a "rolling screen" thing when I am on the internet. It happens in Firefox and in a program I use for my church. In the church program spreadsheet it actually deletes entries I have made. In Mozilla it hides my toolbars. I can hit the space bar and it will stop but then it starts back up again, ditto with a reboot. Please check my log and help me! This has been going on for quite some time. Thanks so much.

OTL logfile created on: 11/7/2013 5:48:45 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pat\Desktop\DeesMalwareFixes
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 42.91% Memory free
7.61 Gb Paging File | 5.06 Gb Available in Paging File | 66.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921.59 Gb Total Space | 807.36 Gb Free Space | 87.61% Space Free | Partition Type: NTFS

Computer Name: PAT-PC | User Name: Pat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/07 18:54:20 | 004,908,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/10/03 21:00:24 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013/10/01 14:34:27 | 002,404,376 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013/10/01 14:34:27 | 001,734,680 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
PRC - [2013/10/01 14:34:26 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
PRC - [2013/09/25 20:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/09 16:19:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pat\Desktop\DeesMalwareFixes\OTL.exe
PRC - [2013/03/27 15:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013/03/05 14:41:44 | 000,418,024 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2012/01/18 01:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/12/19 11:32:02 | 000,519,888 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
PRC - [2011/11/11 13:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/09/06 12:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 12:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/03/03 09:33:48 | 000,591,248 | ---- | M] (Oberon Media ) -- C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/12 21:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
PRC - [2010/05/14 10:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/10 07:09:10 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll
MOD - [2013/10/10 06:56:08 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll
MOD - [2013/10/10 06:55:18 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/10 06:54:56 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll
MOD - [2013/10/10 06:54:39 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/10 06:54:29 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/10/01 14:34:27 | 002,404,376 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2013/10/01 14:34:27 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll
MOD - [2013/10/01 14:34:27 | 000,142,360 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll
MOD - [2013/08/15 08:23:26 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 08:23:03 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 08:22:10 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/11 09:43:41 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013/07/11 09:42:31 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/12/09 20:46:38 | 000,600,868 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2012/01/18 01:43:56 | 000,183,320 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\SharedBin\LvApi11.dll
MOD - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/03/01 22:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/03/01 22:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/03/01 22:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/03/01 22:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/03/01 22:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/01/12 20:57:34 | 000,751,616 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll
MOD - [2011/01/12 20:55:28 | 000,027,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\SDL.dll
MOD - [2009/04/22 16:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/09 18:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 17:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 17:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 17:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 17:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 17:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 17:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 17:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 17:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 17:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/12 13:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 13:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/11/07 05:40:08 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/04 19:08:42 | 000,240,736 | ---- | M] (WildTangent) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/10/08 14:42:23 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/03 21:00:24 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/10/01 14:34:27 | 001,734,680 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe -- (vToolbarUpdater17.0.12)
SRV - [2013/09/25 20:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/14 12:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/27 15:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2012/01/18 01:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/12/19 11:32:02 | 000,519,888 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\Pogo Games\PGMTrusted.exe -- (PGMTrusted)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/10/07 16:15:49 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2010/09/21 13:54:52 | 000,816,536 | ---- | M] (GlavSoft LLC.) [Disabled | Stopped] -- C:\Program Files (x86)\ShowMyPCService\tvnserver.exe -- (tvnserver)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/01 14:34:27 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/09/25 20:07:30 | 000,148,792 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/09/08 21:11:42 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/09/02 09:59:14 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/09/02 09:29:18 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/09/02 09:26:50 | 000,192,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/09/02 09:26:42 | 000,241,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/08/20 21:53:58 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/08/01 15:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/06/18 20:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 01:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 01:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/04 00:38:32 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/10/16 06:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/01/23 14:47:00 | 000,051,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2007/01/23 14:47:00 | 000,048,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {4526267C-F3E5-4EE4-949A-1700C3EADAF2}
IE:64bit: - HKLM\..\SearchScopes\{4526267C-F3E5-4EE4-949A-1700C3EADAF2}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.msn.iplay.com/?o=shp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.msn.ipl...q={searchTerms}
IE - HKCU\..\SearchScopes\{665ED57F-0F60-4B6F-8985-076C39128E05}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-10-01 18:16:41&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.co...id=82061&lng=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://xfinity.comca...d=mtmh09152012"
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:17.0.1.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\30\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Pat\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/01 19:49:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\17.0.1.12 [2013/10/01 14:34:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\PogoDGC\firefox [2011/12/23 17:57:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\components [2013/11/07 05:39:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/01 19:49:04 | 000,000,000 | ---D | M]

[2010/12/03 16:53:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pat\AppData\Roaming\Mozilla\Extensions
[2013/09/27 08:34:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\jmw0oceh.default\extensions
[2012/09/14 12:18:02 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\jmw0oceh.default\extensions\[email protected]
[2012/09/12 14:08:25 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\jmw0oceh.default\extensions\[email protected]
[2013/07/19 18:52:08 | 000,002,402 | ---- | M] () -- C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\jmw0oceh.default\searchplugins\bingp.xml
[2010/12/03 16:49:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/04 14:39:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/29 13:59:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2013/10/01 14:34:46 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\17.0.1.12
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/23 17:53:54 | 000,002,064 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bingober12024822.xml
[2010/11/05 18:43:49 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober44157065.xml
[2010/09/04 15:57:31 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober9374724.xml

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...uage={language}
CHR - homepage: http://start.msn.iplay.com/?o=shp
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: AVG Secure Search = C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.4.0.5_0\
CHR - Extension: Gmail = C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\Pogo Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll File not found
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll (Oberon Media Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\ShowMyPCService\tvnserver.exe (GlavSoft LLC.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Pat\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [SearchEngineProtection] C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe (Oberon Media )
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011/09/21 11:02:59 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C0DCB2F-CEAB-4CB1-A936-6ED6137F2314}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5b4fefbc-3166-11e1-857c-842b2b9d4097}\Shell - "" = AutoRun
O33 - MountPoints2\{5b4fefbc-3166-11e1-857c-842b2b9d4097}\Shell\AutoRun\command - "" = I:\TLBootstrap_WPP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/07 05:39:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7
[2013/11/07 05:22:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2013/11/07 05:21:52 | 078,388,136 | ---- | C] (AVG) -- C:\Users\Pat\Desktop\avg_tuh_stf_all_2014_204_24c28.exe
[2013/11/06 10:16:33 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\HPAppData
[2013/11/01 06:02:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\cache
[2013/10/16 09:04:55 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\{807841A6-CCD1-4EFA-9AD9-2320989847BD}
[2013/10/10 08:40:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/10/10 06:56:58 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\{C80CDB85-2046-41DC-AD0E-8E24961AD599}
[2013/10/09 13:46:15 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\{EDF23C8E-1110-400B-AF8E-4D698A6AD4B0}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/07 17:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/07 17:29:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/07 16:24:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1794187125-1737989070-3659461110-1000UA.job
[2013/11/07 13:29:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/07 13:24:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1794187125-1737989070-3659461110-1000Core.job
[2013/11/07 10:25:19 | 000,002,153 | ---- | M] () -- C:\Users\Pat\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 7.lnk
[2013/11/07 05:21:49 | 078,388,136 | ---- | M] (AVG) -- C:\Users\Pat\Desktop\avg_tuh_stf_all_2014_204_24c28.exe
[2013/11/06 16:41:27 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2013/11/06 16:34:02 | 000,727,398 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/06 16:34:02 | 000,624,614 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/06 16:34:02 | 000,106,732 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/06 07:12:04 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/06 07:12:04 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/06 07:08:27 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/11/06 07:04:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/06 07:04:35 | 3063,242,752 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/01 06:35:52 | 000,001,144 | ---- | M] () -- C:\Users\Pat\Desktop\Merriam Websters Spell Jam (2).lnk
[2013/10/16 06:34:56 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/15 19:12:18 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/10/10 08:40:11 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/10/10 06:52:40 | 000,300,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/01 06:35:52 | 000,001,144 | ---- | C] () -- C:\Users\Pat\Desktop\Merriam Websters Spell Jam (2).lnk
[2013/03/03 18:38:44 | 000,000,288 | ---- | C] () -- C:\Users\Pat\AppData\Roaming\.backup.dm
[2012/08/10 18:23:10 | 000,027,520 | ---- | C] () -- C:\Users\Pat\AppData\Local\dt.dat
[2012/08/01 16:15:35 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012/06/12 16:19:59 | 000,007,605 | ---- | C] () -- C:\Users\Pat\AppData\Local\Resmon.ResmonCfg
[2012/01/25 15:17:14 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2012/01/18 01:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 01:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 01:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/10/03 19:11:03 | 000,000,504 | ---- | C] () -- C:\Program Files (x86)\1003201120110317.bat
[2011/08/14 18:09:43 | 000,000,477 | ---- | C] () -- C:\Program Files (x86)\0814201119094381.bat
[2011/08/14 16:24:00 | 000,000,471 | ---- | C] () -- C:\Program Files (x86)\0814201117240001.bat
[2011/08/08 15:50:43 | 000,000,486 | ---- | C] () -- C:\Program Files (x86)\0808201116504309.bat
[2011/04/01 18:58:52 | 000,000,000 | ---- | C] () -- C:\Users\Pat\AppData\Local\prvlcl.dat
[2010/10/07 16:15:46 | 000,103,784 | ---- | C] () -- C:\Users\Pat\GoToAssistDownloadHelper.exe
[2010/09/15 07:18:12 | 000,020,480 | ---- | C] () -- C:\Users\Pat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/05/11 13:52:44 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\2monkeys
[2012/11/05 15:15:53 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Angler
[2012/12/31 12:06:15 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Artogon
[2013/09/22 17:43:37 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\AVG2014
[2012/04/05 09:14:40 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Big Fish Games
[2013/02/19 14:26:10 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Boomzap
[2012/12/07 13:53:20 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\casualArts
[2012/10/29 14:15:03 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\cerasus.media GmbH
[2012/07/27 08:59:23 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Dropbox
[2011/08/14 15:11:18 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\EleFun Games
[2013/01/16 16:56:55 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\ElementalsTheMagicKey
[2013/02/18 19:29:23 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Flood Light Games
[2013/03/13 18:31:18 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Floodlight Games
[2011/06/03 17:34:58 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\FloodLightGames
[2011/06/05 16:42:56 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\FlyWheelGames
[2011/03/20 13:27:43 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\GameMill
[2013/02/14 18:16:09 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\GamersDigital
[2013/06/05 20:28:17 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Garmin
[2011/05/05 08:29:52 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Gogii
[2011/05/06 10:41:07 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\IrfanView
[2010/09/17 16:28:28 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\iWin
[2011/05/04 15:49:13 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\iWing
[2012/07/30 14:33:27 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Leadertech
[2013/10/15 18:33:29 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\LegacyInteractive
[2012/12/31 11:47:47 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Legends of pirates
[2011/05/21 17:43:50 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Mystery of Mortlake Mansion
[2011/05/27 17:14:50 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\MysteryStudio
[2012/12/31 11:56:21 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Mysteryville2
[2010/09/04 16:18:21 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Namco
[2011/07/29 17:50:35 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Oberon
[2011/10/03 18:03:39 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Oberon Media
[2011/05/06 14:49:55 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Oberonv1003
[2010/09/03 14:58:48 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\OpenOffice.org
[2011/03/04 15:13:38 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\PCDr
[2011/10/28 16:46:37 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\PlayFirst
[2010/11/05 19:05:19 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Pogo Games
[2011/04/21 12:57:39 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Sammsoft
[2011/04/29 15:14:38 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Scholastic
[2013/11/03 20:18:47 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\SoftGrid Client
[2011/06/04 16:19:06 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\SpinTop
[2012/07/30 17:21:29 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\SpinTop Games
[2011/05/17 18:25:16 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\TOMI3
[2010/09/03 15:43:46 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\TP
[2012/09/13 14:53:48 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\TrickySoftware
[2012/10/01 17:16:52 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\TuneUp Software
[2012/05/14 18:24:34 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\WildTangent
[2011/01/20 10:51:06 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Windows Live Writer
[2013/04/09 15:53:50 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\WinPatrol
[2011/06/06 14:25:51 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 273 bytes -> C:\ProgramData\TEMP:9B0F9E15
@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:E89EDC52
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:B894C266
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:703CE963
@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:981884E7
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:27219865
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:813B8EB6
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:93EB7685
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:07348C09
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:ABCD2B94
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:FAC5BCF5
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:62D72D41
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:3167F9BC
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:2A8CD561
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:AD7CAA15
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:815D61C4
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2ADC9FB3
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:81B52FA6
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:40546375
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:AE8D8202
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:49BE0F68
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:18BB305F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:987CE5C8
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:8B2A99C5
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:1BC99E01
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:E35942A2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:840C2B26
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:834DD57E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:ADF4C56B
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5EDE9EDA
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:404C30E3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2B666CB0
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0E361B63
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:EFCCC46E
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:DA5926CF
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:57DC3B52
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:249A49F7
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:DA18FD1D
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:211ED887
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:05113FB9

< End of report >


Once again, thanks!
  • 0

Advertisements

#2
godawgs
Posted 11 November 2013 - 12:40 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello PattyB, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
We apologize for the delay in responding to your request for help. Here at GeeksToGo we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

When OTL runs the first time it creates a file named Extras.txt. It should be in the same directory you ran OTL from. Please post the contents of that file.

VERY IMPORTANT:
Multiple Antivitus Progams Installed

I see that you have more than one antivirus programs installed and running. You should only have one antivirus program installed and running. Antivirus programs run in the background providing continuous protection of your system. It's called Real-Time Protection, or scanning, and it uses system resources as it runs. Two or more antivirus programs running at the same time will use 2 or 3 times the ammount of system resources, or more. Because each program wants control of the system, there will be conflicts caused, including false positives. The end result is actually LESS antivirus protection.

Your log shows that Microsoft Security Essentials and AVG are installed. We need to completely remove one of them. Please let me know which one you want to keep and we will remove the other one.

I also want a fresh OTL scan using different settings, please.


Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
qmgr.dll
services.*
consrv.dll
wshelper.dll
/md5stop
dir "%systemdrive%\*" /S /A:L /C


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console.<--Very Important
  • Click the box beside Include 64bit Scans at the top of the console.
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.


Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know which antivirus program you want to keep.
2. The new OTL.txt log
3. The Extras.txt log
  • 0

#3
PattyB
Posted 11 November 2013 - 05:57 PM

PattyB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thank you for answering & I would like to keep AVG.

OTL.txt log

OTL logfile created on: 11/11/2013 6:31:50 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pat\Desktop\DeesMalwareFixes
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 52.26% Memory free
7.61 Gb Paging File | 5.01 Gb Available in Paging File | 65.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921.59 Gb Total Space | 809.00 Gb Free Space | 87.78% Space Free | Partition Type: NTFS

Computer Name: PAT-PC | User Name: Pat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/10 11:25:36 | 002,420,248 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013/11/10 11:25:36 | 001,734,680 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe
PRC - [2013/11/10 11:25:36 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
PRC - [2013/11/07 05:40:09 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe
PRC - [2013/11/07 05:39:54 | 000,018,544 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugin-container.exe
PRC - [2013/10/08 14:42:22 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
PRC - [2013/10/07 18:54:20 | 004,908,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/10/03 21:00:24 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013/09/25 20:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/09 16:19:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pat\Desktop\DeesMalwareFixes\OTL.exe
PRC - [2013/03/27 15:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013/03/05 14:41:44 | 000,418,024 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2012/01/18 01:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/12/19 11:32:02 | 000,519,888 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
PRC - [2011/11/11 13:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/09/06 12:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 12:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/03/03 09:33:48 | 000,591,248 | ---- | M] (Oberon Media ) -- C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/12 21:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
PRC - [2010/05/14 10:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/10 11:25:37 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\log4cplusU.dll
MOD - [2013/11/10 11:25:37 | 000,142,360 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\SiteSafety.dll
MOD - [2013/11/10 11:25:36 | 002,420,248 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2013/11/07 05:39:55 | 003,368,048 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\mozjs.dll
MOD - [2013/10/10 07:09:10 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll
MOD - [2013/10/10 06:56:08 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll
MOD - [2013/10/10 06:55:18 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/10 06:54:56 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll
MOD - [2013/10/10 06:54:39 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/10 06:54:29 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/10/08 14:42:21 | 016,233,864 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2013/08/15 08:23:26 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 08:23:03 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 08:22:10 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/11 09:43:41 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013/07/11 09:42:31 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/12/09 20:46:38 | 000,600,868 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2012/01/18 01:43:56 | 000,183,320 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\SharedBin\LvApi11.dll
MOD - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/03/01 22:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/03/01 22:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/03/01 22:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/03/01 22:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/03/01 22:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/01/12 20:57:34 | 000,751,616 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll
MOD - [2011/01/12 20:55:28 | 000,027,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\SDL.dll
MOD - [2009/04/22 16:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/09 18:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 17:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 17:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 17:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 17:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 17:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 17:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 17:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 17:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 17:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/12 13:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 13:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/11/10 11:25:36 | 001,734,680 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe -- (vToolbarUpdater17.1.2)
SRV - [2013/11/07 05:40:08 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/04 19:08:42 | 000,240,736 | ---- | M] (WildTangent) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/10/08 14:42:23 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/03 21:00:24 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/09/25 20:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/14 12:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/27 15:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2012/01/18 01:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/12/19 11:32:02 | 000,519,888 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\Pogo Games\PGMTrusted.exe -- (PGMTrusted)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/10/07 16:15:49 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2010/09/21 13:54:52 | 000,816,536 | ---- | M] (GlavSoft LLC.) [Disabled | Stopped] -- C:\Program Files (x86)\ShowMyPCService\tvnserver.exe -- (tvnserver)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/10 11:25:37 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/09/25 20:07:30 | 000,148,792 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/09/08 21:11:42 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/09/02 09:59:14 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/09/02 09:29:18 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/09/02 09:26:50 | 000,192,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/09/02 09:26:42 | 000,241,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/08/20 21:53:58 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/08/01 15:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/06/18 20:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 01:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 01:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/04 00:38:32 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/10/16 06:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/01/23 14:47:00 | 000,051,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2007/01/23 14:47:00 | 000,048,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {4526267C-F3E5-4EE4-949A-1700C3EADAF2}
IE:64bit: - HKLM\..\SearchScopes\{4526267C-F3E5-4EE4-949A-1700C3EADAF2}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.msn.iplay.com/?o=shp
IE - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.msn.ipl...q={searchTerms}
IE - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000\..\SearchScopes\{665ED57F-0F60-4B6F-8985-076C39128E05}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...Box&FORM=IE10SR
IE - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-10-01 18:16:41&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.co...id=82061&lng=en
IE - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://xfinity.comca...d=mtmh09152012"
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:17.1.2.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\30\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Pat\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/01 19:49:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\17.1.2.1 [2013/11/10 11:25:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\PogoDGC\firefox [2011/12/23 17:57:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\components [2013/11/07 05:39:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/01 19:49:04 | 000,000,000 | ---D | M]

[2010/12/03 16:53:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pat\AppData\Roaming\Mozilla\Extensions
[2013/09/27 08:34:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\jmw0oceh.default\extensions
[2012/09/14 12:18:02 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\jmw0oceh.default\extensions\[email protected]
[2012/09/12 14:08:25 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\jmw0oceh.default\extensions\[email protected]
[2013/07/19 18:52:08 | 000,002,402 | ---- | M] () -- C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\jmw0oceh.default\searchplugins\bingp.xml
[2010/12/03 16:49:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/04 14:39:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/29 13:59:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2013/11/10 11:25:59 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\17.1.2.1
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/23 17:53:54 | 000,002,064 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bingober12024822.xml
[2010/11/05 18:43:49 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober44157065.xml
[2010/09/04 15:57:31 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober9374724.xml

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...uage={language}
CHR - homepage: http://start.msn.iplay.com/?o=shp
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: AVG Secure Search = C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.4.0.5_0\
CHR - Extension: Gmail = C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\Pogo Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll File not found
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll (Oberon Media Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\ShowMyPCService\tvnserver.exe (GlavSoft LLC.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000..\Run: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide File not found
O4 - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000..\Run: [Facebook Update] C:\Users\Pat\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000..\Run: [SearchEngineProtection] C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe (Oberon Media )
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011/09/21 11:02:59 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C0DCB2F-CEAB-4CB1-A936-6ED6137F2314}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5b4fefbc-3166-11e1-857c-842b2b9d4097}\Shell - "" = AutoRun
O33 - MountPoints2\{5b4fefbc-3166-11e1-857c-842b2b9d4097}\Shell\AutoRun\command - "" = I:\TLBootstrap_WPP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point


========== Files/Folders - Created Within 30 Days ==========

[2013/11/10 07:27:13 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\Adobe
[2013/11/08 11:01:17 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\Programs
[2013/11/07 05:39:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7
[2013/11/07 05:22:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2013/11/01 06:02:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\cache
[2013/10/16 09:04:55 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\{807841A6-CCD1-4EFA-9AD9-2320989847BD}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/11 18:29:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/11 18:28:52 | 000,001,065 | ---- | M] () -- C:\Users\Pat\Desktop\OTL - Shortcut.lnk
[2013/11/11 17:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/11 16:24:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1794187125-1737989070-3659461110-1000UA.job
[2013/11/11 13:29:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/11 13:24:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1794187125-1737989070-3659461110-1000Core.job
[2013/11/11 11:31:00 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2013/11/11 07:04:55 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/11 07:04:55 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/11 06:57:57 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/11/11 06:57:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/11 06:57:17 | 3063,242,752 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/10 11:25:37 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/11/09 11:34:27 | 000,727,398 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/09 11:34:27 | 000,624,614 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/09 11:34:27 | 000,106,732 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/08 11:03:14 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/07 10:25:19 | 000,002,153 | ---- | M] () -- C:\Users\Pat\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 7.lnk
[2013/11/01 06:35:52 | 000,001,144 | ---- | M] () -- C:\Users\Pat\Desktop\Merriam Websters Spell Jam (2).lnk
[2013/10/16 06:34:56 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/15 19:12:18 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/11 18:28:52 | 000,001,065 | ---- | C] () -- C:\Users\Pat\Desktop\OTL - Shortcut.lnk
[2013/11/01 06:35:52 | 000,001,144 | ---- | C] () -- C:\Users\Pat\Desktop\Merriam Websters Spell Jam (2).lnk
[2013/03/03 18:38:44 | 000,000,288 | ---- | C] () -- C:\Users\Pat\AppData\Roaming\.backup.dm
[2012/08/10 18:23:10 | 000,027,520 | ---- | C] () -- C:\Users\Pat\AppData\Local\dt.dat
[2012/08/01 16:15:35 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012/06/12 16:19:59 | 000,007,605 | ---- | C] () -- C:\Users\Pat\AppData\Local\Resmon.ResmonCfg
[2012/01/25 15:17:14 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2012/01/18 01:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 01:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 01:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/10/03 19:11:03 | 000,000,504 | ---- | C] () -- C:\Program Files (x86)\1003201120110317.bat
[2011/08/14 18:09:43 | 000,000,477 | ---- | C] () -- C:\Program Files (x86)\0814201119094381.bat
[2011/08/14 16:24:00 | 000,000,471 | ---- | C] () -- C:\Program Files (x86)\0814201117240001.bat
[2011/08/08 15:50:43 | 000,000,486 | ---- | C] () -- C:\Program Files (x86)\0808201116504309.bat
[2011/04/01 18:58:52 | 000,000,000 | ---- | C] () -- C:\Users\Pat\AppData\Local\prvlcl.dat
[2010/10/07 16:15:46 | 000,103,784 | ---- | C] () -- C:\Users\Pat\GoToAssistDownloadHelper.exe
[2010/09/15 07:18:12 | 000,020,480 | ---- | C] () -- C:\Users\Pat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/12/26 15:00:28 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\PCDr
[2012/10/13 07:44:39 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2011/12/26 15:00:28 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\PCDr
[2012/10/13 07:44:39 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2011/05/11 13:52:44 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\2monkeys
[2012/11/05 15:15:53 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Angler
[2012/12/31 12:06:15 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Artogon
[2013/09/22 17:43:37 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\AVG2014
[2012/04/05 09:14:40 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Big Fish Games
[2013/02/19 14:26:10 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Boomzap
[2012/12/07 13:53:20 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\casualArts
[2012/10/29 14:15:03 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\cerasus.media GmbH
[2012/07/27 08:59:23 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Dropbox
[2011/08/14 15:11:18 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\EleFun Games
[2013/01/16 16:56:55 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\ElementalsTheMagicKey
[2013/02/18 19:29:23 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Flood Light Games
[2013/03/13 18:31:18 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Floodlight Games
[2011/06/03 17:34:58 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\FloodLightGames
[2011/06/05 16:42:56 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\FlyWheelGames
[2011/03/20 13:27:43 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\GameMill
[2013/02/14 18:16:09 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\GamersDigital
[2013/06/05 20:28:17 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Garmin
[2011/05/05 08:29:52 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Gogii
[2011/05/06 10:41:07 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\IrfanView
[2010/09/17 16:28:28 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\iWin
[2011/05/04 15:49:13 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\iWing
[2012/07/30 14:33:27 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Leadertech
[2013/10/15 18:33:29 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\LegacyInteractive
[2012/12/31 11:47:47 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Legends of pirates
[2011/05/21 17:43:50 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Mystery of Mortlake Mansion
[2011/05/27 17:14:50 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\MysteryStudio
[2012/12/31 11:56:21 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Mysteryville2
[2010/09/04 16:18:21 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Namco
[2011/07/29 17:50:35 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Oberon
[2011/10/03 18:03:39 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Oberon Media
[2011/05/06 14:49:55 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Oberonv1003
[2010/09/03 14:58:48 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\OpenOffice.org
[2011/03/04 15:13:38 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\PCDr
[2011/10/28 16:46:37 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\PlayFirst
[2010/11/05 19:05:19 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Pogo Games
[2011/04/21 12:57:39 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Sammsoft
[2011/04/29 15:14:38 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Scholastic
[2013/11/10 19:43:55 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\SoftGrid Client
[2011/06/04 16:19:06 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\SpinTop
[2012/07/30 17:21:29 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\SpinTop Games
[2011/05/17 18:25:16 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\TOMI3
[2010/09/03 15:43:46 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\TP
[2012/09/13 14:53:48 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\TrickySoftware
[2012/10/01 17:16:52 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\TuneUp Software
[2012/05/14 18:24:34 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\WildTangent
[2011/01/20 10:51:06 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Windows Live Writer
[2013/04/09 15:53:50 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\WinPatrol
[2011/06/06 14:25:51 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 20:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 00:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 20:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 08:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 08:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 01:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 17:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 00:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 23:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 08:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 08:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 07:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 01:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 20:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 20:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 20:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 08:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2013/08/12 13:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/08/12 13:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/13 20:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 20:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 20:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 20:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 12:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 06:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 01:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 01:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 20:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 08:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 08:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 08:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 01:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 08:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 08:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 07:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 08:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 08:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 07:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 00:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 08:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 08:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 08:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 08:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 08:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 08:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 08:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 08:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 07:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 17:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 08:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 08:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

< MD5 for: QMGR.DLL >
[2010/11/20 08:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 08:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009/07/13 20:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: SERVICES >
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/09/23 19:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/05/11 05:37:26 | 000,558,990 | ---- | M] () MD5=FE8FB005031C2574E990DAC1F9F5ACF8 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.DB >
[2010/04/03 14:09:46 | 000,004,096 | ---- | M] () MD5=8816720304338BEF55D58D26F4BC1AE4 -- C:\ChurchPro\BackupAll.11.5.13\SERVICES.DB
[2010/04/03 14:09:46 | 000,004,096 | ---- | M] () MD5=8816720304338BEF55D58D26F4BC1AE4 -- C:\ChurchPro\BackupAll.6.4.13\SERVICES.DB
[2010/04/03 14:09:46 | 000,004,096 | ---- | M] () MD5=8816720304338BEF55D58D26F4BC1AE4 -- C:\ChurchPro\BackupAll.9.30.13\SERVICES.DB
[2010/04/03 14:09:46 | 000,004,096 | ---- | M] () MD5=8816720304338BEF55D58D26F4BC1AE4 -- C:\ChurchPro\BackupAll.9.4.13\SERVICES.DB
[2010/04/03 14:09:46 | 000,004,096 | ---- | M] () MD5=8816720304338BEF55D58D26F4BC1AE4 -- C:\ChurchPro\ChurchPro2011Missions.12.20.11\SERVICES.DB
[2010/04/03 14:09:46 | 000,004,096 | ---- | M] () MD5=8816720304338BEF55D58D26F4BC1AE4 -- C:\ChurchPro\ChurchPro2011Missions\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.1.16.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.1.18.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.1.2.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.1.25.13 - Copy\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.1.8.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.1.9.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.10.1.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.10.10.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.10.16.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.10.2.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.10.23.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.10.29.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.10.30.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.10.5.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.10.6.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.10.9.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.11.14.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.11.20.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.11.28.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.11.6.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.11.6.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.11.9.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.12.11.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.12.18.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.12.27.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.12.4.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.12.5.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.2.13.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.2.14.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.2.15.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.2.17.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.2.20.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.2.21.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.2.24.11\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.2.27.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.2.29.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.2.5.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.2.7.11\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.3.1.11\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.3.13.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.3.14.11\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.3.19.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.3.20.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.3.21.11\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.3.26.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.3.27.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.3.29.11\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.3.30.11\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.3.6.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.3.6.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.3.8.11\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.4.10.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.4.10.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.4.12.11\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.4.17.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.4.17.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.4.23.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.4.24.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.4.29.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.4.3.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.4.3.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.5.1.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.5.15.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.5.23.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.5.25.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.5.29.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.5.29.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.5.5.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.5.8.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.6.11.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.6.12.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.6.19.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.6.21.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.6.25.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.6.29.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.6.30.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.6.6.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.7.12.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.7.16.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.7.17.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.7.23.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.7.26.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.7.28.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.7.30.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.7.4.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.7.9.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.8.1.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.8.14.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.8.16.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.8.22.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.8.23.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.8.27.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.8.29.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.8.6.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.8.7.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.9.10.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.9.12.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.9.18.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.9.18.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.9.24.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.9.5.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\BackupAll.9.6.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\ChurchPro2010 - Copy\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\ChurchPro2010.10.19.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\ChurchPro2010.10.5.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\ChurchPro2010.11.14.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\ChurchPro2010.11.5.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\ChurchPro2010.11.8.11\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\ChurchPro2010.2.1.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\ChurchPro2010.2.14.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\ChurchPro2010.2.4.13\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\ChurchPro2010.6.12.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\ChurchPro2010.9.18.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\ChurchPro2010.9.6.12\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\ChurchPro2010.org\SERVICES.DB
[2010/10/12 13:44:56 | 000,004,096 | ---- | M] () MD5=D52355459771F820574FC045BD91D4F2 -- C:\ChurchPro\ChurchPro2010\SERVICES.DB

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.HTML >
[2013/01/04 14:50:38 | 000,006,329 | ---- | M] () MD5=CBF97253DD695DF0C1591D1357E15043 -- C:\Program Files (x86)\BillP Studios\WinPatrol\services.html

< MD5 for: SERVICES.LNK >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PNG >
[2013/05/03 01:21:28 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files\My Dell\images\icons\png\24_24\services.png

< MD5 for: SERVICES.PTXML >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.RDB >
[2010/05/20 23:34:38 | 000,262,144 | ---- | M] () MD5=00D8C85E07B0D69A27816B54E56EF85B -- C:\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb
[2010/05/20 23:28:42 | 005,505,024 | ---- | M] () MD5=20999743CA8D1F7132B0BFCE952F2295 -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WSHELPER.DLL >
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 20:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/13 20:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is 20FE-7324
Directory of C:\
07/14/2009 12:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 12:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 12:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 12:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 12:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 12:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 12:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 12:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Pat
09/03/2010 01:25 PM <JUNCTION> Application Data [C:\Users\Pat\AppData\Roaming]
09/03/2010 01:25 PM <JUNCTION> Cookies [C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Cookies]
09/03/2010 01:25 PM <JUNCTION> Local Settings [C:\Users\Pat\AppData\Local]
09/03/2010 01:25 PM <JUNCTION> My Documents [C:\Users\Pat\Documents]
09/03/2010 01:25 PM <JUNCTION> NetHood [C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/03/2010 01:25 PM <JUNCTION> PrintHood [C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/03/2010 01:25 PM <JUNCTION> Recent [C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Recent]
09/03/2010 01:25 PM <JUNCTION> SendTo [C:\Users\Pat\AppData\Roaming\Microsoft\Windows\SendTo]
09/03/2010 01:25 PM <JUNCTION> Start Menu [C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu]
09/03/2010 01:25 PM <JUNCTION> Templates [C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Pat\AppData\Local
09/03/2010 01:25 PM <JUNCTION> Application Data [C:\Users\Pat\AppData\Local]
09/03/2010 01:25 PM <JUNCTION> History [C:\Users\Pat\AppData\Local\Microsoft\Windows\History]
09/03/2010 01:25 PM <JUNCTION> Temporary Internet Files [C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Pat\Documents
09/03/2010 01:25 PM <JUNCTION> My Music [C:\Users\Pat\Music]
09/03/2010 01:25 PM <JUNCTION> My Pictures [C:\Users\Pat\Pictures]
09/03/2010 01:25 PM <JUNCTION> My Videos [C:\Users\Pat\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
47 Dir(s) 868,530,450,432 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 273 bytes -> C:\ProgramData\TEMP:9B0F9E15
@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:E89EDC52
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:B894C266
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:703CE963
@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:981884E7
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:27219865
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:813B8EB6
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:93EB7685
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:07348C09
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:ABCD2B94
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:FAC5BCF5
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:62D72D41
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:3167F9BC
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:2A8CD561
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:AD7CAA15
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:815D61C4
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2ADC9FB3
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:81B52FA6
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:40546375
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:AE8D8202
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:49BE0F68
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:18BB305F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:987CE5C8
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:8B2A99C5
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:1BC99E01
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:E35942A2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:840C2B26
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:834DD57E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:ADF4C56B
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5EDE9EDA
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:404C30E3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2B666CB0
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0E361B63
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:EFCCC46E
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:DA5926CF
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:57DC3B52
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:249A49F7
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:DA18FD1D
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:211ED887
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:05113FB9

< End of report >


Extras.txt log

I asked for help with this months ago & I was never answered. I first ran OTL in April 2013 & my extras log is from April. Do you still want a copy?
  • 0

#4
godawgs
Posted 12 November 2013 - 12:16 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the updated OTL log. I need a newer Extras.txt log. Let's remove MSE from the system and then get a fresh Extras.txt log.

Windows Sidebar Advice

Your log shows Windows sidebar running. I recommend that you disable the sidebar.

Microsoft has discovered a security vulnerability in Windows Sidebar and Gadgets. If you are not aware of this, Windows Sidebar(gadgets) has the potential to compromise the security of a machine it is running on as mentioned here. So it would be best to disable this feature.

Download the Disable Windows Sidebar and Gadgets Fix-it on this page to your desktop.

Once downloaded, double-click on MicrosoftFixit50906.msi >> follow the prompts >> reboot your machine if not advised to do so.


Step-1.

Uninstall MSE

  • Please click the Microsoft Security Essentials icon in the system tray and click Open.
  • Click the Settings tab.
  • In the left column of the Settinge tab, click Real-time protection.
  • Uncheck the box beside Turn on real-time protection (recommended)
  • Click Save Changes and close Microsoft Security Essentials.

    Next:
  • Click the Start Orb and click Control Panel
  • Under the Programs or Programs and Features section click Uninstall a program. The list of installed programs will populate.
  • Find the Microsoft Security Essentials[/b] program. Right click it and click Uninstall.
  • Re-boot the computer.


Step-2.

We are gonna change the settings in OTL so it will produce a current Extras.txt. There will also be an abbreviated OTL.txt log but I don't need that,

Posted Image OTL Scan

Please re-open Posted Image on the desktop. To do that:
  • Vista /7 users: right click the icon and click Run as Administrator.
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • At the top of the console click the greyed out None button<---Very Important
  • Make sure the Output box at the top is set to Standard Output.
  • In the Extra Registry section click the circle beside Use Safelist.<---Very Important
  • Click the box beside LOP Check and Purity Check
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open two notepad windows, OTL.Txt will open on the desktop and Extras.Txt will be minimized on the taskbar. These are saved in the same location as OTL. Close the OTL.txt file as we don't need it.
  • Please copy the contents of the Extras.txt log and paste it into your reply.

Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know how the uninstall went.
2. The Extras.txt log
  • 0

#5
PattyB
Posted 12 November 2013 - 01:46 PM

PattyB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I couldn't find the MSE Security icon in the system tray. But I did remove it from the program list in the control panel.

Extras.txt log

OTL Extras logfile created on: 11/12/2013 2:32:45 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pat\Desktop\DeesMalwareFixes
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 53.24% Memory free
7.61 Gb Paging File | 5.29 Gb Available in Paging File | 69.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921.59 Gb Total Space | 808.91 Gb Free Space | 87.77% Space Free | Partition Type: NTFS

Computer Name: PAT-PC | User Name: Pat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Users\Pat\My Backup Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Users\Pat\My Backup Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001592BF-DD59-4623-9D57-6B938CA4BBCE}" = lport=138 | protocol=17 | dir=in | app=system |
"{0CB0B871-C9C5-49F9-AB51-4F1BE827B23A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{21A9D278-4A4C-45F2-997C-01907AEC53FE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{23AA9482-88F8-41B3-94EF-D9801904D41D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{24820361-652E-4214-A478-350423F8CA61}" = lport=137 | protocol=17 | dir=in | app=system |
"{2A5E1823-A8BC-4875-B0D5-4040A4538AF5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{548F499D-B79F-40E7-911E-7FBD40A6A42F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59D9A497-DD65-43B9-A394-F0E62FD3F2C7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5C28DABC-C705-4198-9101-8CB42B55CE3A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6011C2A1-C125-47EB-8BDE-FF5E2ED7789B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{697B03F3-17C4-45E0-B750-84A86D87E067}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6C4C9F34-2BC3-408A-8992-386FE7A82D70}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6D5D7B63-CF8E-4527-9F27-D7EA5B3623D5}" = lport=139 | protocol=6 | dir=in | app=system |
"{6FD7F97B-F4C5-48C3-AA7E-2BFFBB9E3928}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7856F241-30AD-4D2F-A7A6-94988C048866}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7D8C0A08-D54A-454C-96D3-E12FAF2BB6E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7EB23F50-C19A-436A-9B8C-92207AD2FB6B}" = lport=445 | protocol=6 | dir=in | app=system |
"{80FC7A19-1987-40C4-AF8D-660FF3758B40}" = lport=10243 | protocol=6 | dir=in | app=system |
"{84AB5B05-0640-489F-96DA-5AECFD86ADE7}" = rport=138 | protocol=17 | dir=out | app=system |
"{8786D0C3-1519-419D-8321-AFC061D2870B}" = rport=139 | protocol=6 | dir=out | app=system |
"{8B06FE69-D18C-43EC-BA38-21F308712666}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8CDE3C62-08CF-4121-AAD6-C169B0C58A84}" = rport=137 | protocol=17 | dir=out | app=system |
"{9AD6A1E2-BEBD-4CD1-99ED-BA1053273138}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A44BD0C2-0162-49EC-9D6F-5E847D117496}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A68A9192-21E2-45ED-ABAD-7F88F0E23846}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A81E951E-C61A-4B4A-9C1D-AA9A4DA0A602}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{ADCE2C75-21EE-4BA0-B23A-6D37F33BCF1A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF36C3D2-868E-435E-BFE2-B2EB66F04E33}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C9DDC60B-0A9D-48C3-9964-93BB2AAF5124}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D1CE5C5A-E1A9-4D77-B8CC-A71BF76764CC}" = rport=445 | protocol=6 | dir=out | app=system |
"{DF5922E3-92C4-491F-A4C6-FD214DBF709F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DFC3BB06-2D80-4D94-AA85-01E09CB0DC5C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F93DAE4C-F8AA-458F-9BB7-4377817ABF8F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FA856F34-55F8-4CE2-A367-C2ECA8ECFE45}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FD9D39B9-1854-4B46-89EB-DAE72ABC79F0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C4C924-9864-4174-875B-C19624762D02}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{0913F304-8080-4F18-8CC7-10E028B059BF}" = protocol=6 | dir=in | app=c:\users\pat\appdata\local\temp\7zs4876\hpdiagnosticcoreui.exe |
"{0A4A1920-94EF-4FA1-BA64-6E433F05FD0B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{0B342AB8-FF57-424E-935F-33EAC2B6B407}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0BEA7DFC-8BFB-4992-B2F6-CF8BD672578E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0C00919A-1E71-4B6C-85D8-BB57DB79B852}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1241AAB5-8464-430B-9399-6EB2F0A5DB3F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{13770501-611F-4672-9D75-B2DE119AB6A4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{15A1CA3B-8345-49A6-9781-E6F175EBFC7C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{16EB0E02-38DB-4CD0-B942-6CF584B3BEB3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{1FB0A5EB-F4B5-49C3-8D6A-AFE935EDEC83}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{213523D2-B3AC-4880-9F80-2CFB41019EDC}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{21D0E3E6-420D-4D9A-9A57-FCF32FC2524E}" = protocol=58 | dir=out | [email protected],-503 |
"{227164E5-7ADF-4F7E-AF4E-FD75F1B6960B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{22BA9372-2B28-43BF-AC19-208AB22C1B2F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{25E93D3C-2B64-4ED0-BEF2-58C0134F7953}" = protocol=6 | dir=in | app=c:\program files (x86)\pogo games\pogodgc.exe |
"{26B99985-B638-4FCB-9BC1-FA3049EE589F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{27E47244-B55E-46E0-B667-18350B88D683}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{2DAD2A99-AE0C-4073-8DBF-6A88B394029A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{32B59051-4215-435C-8E98-B28F3709594F}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{36DFE0F8-EBA7-46C0-ACE3-0880D0C8D860}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{36EFFCE7-B5EF-4943-81FC-0777F4112668}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{394A0DA2-5D20-4260-9F1C-6019298769BA}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{3BF7597D-8ADB-47AB-9244-3D4A69793BCA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{41365266-0D15-4E66-AFFA-77EFAB64B9EA}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{4386254A-24E5-411C-A183-B43109369414}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{484EE12A-9F92-4404-BBBF-2E217EA8ACB0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{50638617-5680-4F44-AEF8-C1E0BF48B4D7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{508C1102-5E67-4B78-8C8A-A6C180309761}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{512DD758-14FB-45B9-9C91-74D3BCC99A05}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{5987C30D-4A8C-4F00-B333-40C97EED66BA}" = protocol=58 | dir=out | [email protected],-28546 |
"{5A5B2000-BC93-4A95-AA9B-C8489CE8E462}" = protocol=17 | dir=in | app=c:\users\pat\appdata\local\temp\7zs4876\hpdiagnosticcoreui.exe |
"{5C5B5262-A89F-442D-A90D-3ED811CB75E6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5C9C38A1-BE59-4FFC-818C-95AE4D545C7A}" = protocol=6 | dir=in | app=c:\users\pat\appdata\roaming\dropbox\bin\dropbox.exe |
"{5F66F472-9DF0-46D4-A333-5B902A5A83E0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{6299F037-B9E5-4AC5-A88A-7385A7725409}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{631BBABA-DE84-40D7-8F95-15335BAC31A6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{69FA5BF1-8DCA-42E4-8066-B77BA94EEB9A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{6B14A9BF-62FD-4E9A-9B57-842BFAFD363B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{6B1D658D-C13A-4994-BF16-CCF8E7633DB5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{6DC7D0CD-0166-4E04-8107-321FAD378912}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6F216E03-9E5D-435C-973D-558986891041}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{7378FD00-0C9E-4908-B497-5B0A151BF972}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{74D54BCC-D16E-4780-B275-F0100F5F8AF4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7783AB86-DF46-49DA-B2ED-2E06D7DCFE9A}" = protocol=58 | dir=in | [email protected],-28545 |
"{79BD3DA0-9677-4907-AA96-21D21AD95B46}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{7AD1F2D9-8F85-4DBA-BEF8-6E00B3671857}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{7D181F61-025C-4BC0-904C-38F85260BDBC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{7D6FE8E3-E8B6-4177-A399-C9A6476EB14B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{8143CB40-DD19-443B-989A-322B6DF84665}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{827F13B8-DB6F-4DD2-9088-C81C7F3BF7B6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{82898495-1B99-43CB-A37B-56479E34EC44}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8BD5DDC4-C7DB-4B86-A37B-BFA0A74C86E1}" = protocol=17 | dir=in | app=c:\users\pat\appdata\roaming\dropbox\bin\dropbox.exe |
"{8E9B155D-0A34-4A67-9986-0008E7AD22CB}" = protocol=1 | dir=in | [email protected],-28543 |
"{906B2ABA-9DEC-48FC-A793-8904A4A110BB}" = protocol=6 | dir=in | app=c:\program files (x86)\pogo games\webupdater.exe |
"{934E5453-CE19-4D21-9975-4EE7396BEBDA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{949D00FD-0B9E-4B30-99A6-8D40B0B9FA8A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{94B7B758-C504-4613-A5DA-99EB0F225DDB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{95765EA8-F5EE-4EDB-BCF6-EB6B1C299503}" = protocol=17 | dir=in | app=c:\program files (x86)\pogo games\webupdater.exe |
"{972144D2-7365-421B-B83A-4B5AAB1FC53E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9950D62A-6742-42BE-8E9B-77B87F350342}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9D0EDBE7-2A75-4CC8-A07E-68F6966D311C}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{9EA7853D-9436-4587-8BD2-9967E6C81BFC}" = protocol=58 | dir=in | app=system |
"{A06B8500-03C0-4E77-AB7B-3F8FCA3691C3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A0E8AABA-9FAF-42EF-9149-9C25F87EAD25}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A3EBC15D-3765-4E80-8AD4-8251E516943A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A6ADFC6B-7E4D-4D28-A4AE-156CD0FCC992}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{A6D93966-FA90-435D-830C-FAD4524372CA}" = dir=in | app=c:\users\pat\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{A9D92809-57F0-4D3E-B4FB-8C089C884DD8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AD1CE987-6AAA-4AEA-A3A4-54B55BA9F399}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{AE7C6E64-F403-4AD5-98B3-6F91F6AE675E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B1E27E1E-1154-4B01-97B9-8CCE1B8118BD}" = protocol=6 | dir=out | app=system |
"{B4D7DDDB-B730-4227-823D-FE21688E631C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{B70A2424-9004-4CC9-B61F-B6B663538966}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{B72B8A4E-CFD7-40E7-82CC-E8CDA223E5A2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{B94EEBBF-3E35-45FC-9A96-C43648CEEA63}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{C0865749-851B-41E6-86D0-8BE3BAD06595}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{C26B2899-03EA-4586-AA13-7DBAB0DADDCE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C46169AA-51E7-4AA6-9452-A841190CF1D1}" = protocol=1 | dir=out | [email protected],-28544 |
"{C8EC91CA-BD7D-440E-9140-FD3388F024B6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CD4B98E5-DA5D-456C-9FA4-7FAC51FFD024}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{D49E07DF-4878-4742-8575-BD1BABA4C02D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D5CAAB37-63C8-415B-8690-58E3785B165C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D7D23B1F-1795-4562-8160-923631E6CCF9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D7D64473-EA52-4606-A546-FE4B06240377}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{D84E84DB-2B60-4337-A82F-34FE1277C395}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{DDB19564-08E8-4A1B-B4C3-29F5334CDBF8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{DEC745F4-0ED0-4548-8C3A-BC313039F237}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{E0218DA7-2D60-4C23-B842-36606B9380F6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{E96F1800-FFE4-4272-8844-75FBFB9F33C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EBDA04CD-2BC0-4562-AEC3-9AF6B5F0D908}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F3B9682F-B695-4138-B67A-BC53FB50DC32}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{F3F8EDB7-5514-46AC-9578-5FA02E481A6A}" = protocol=17 | dir=in | app=c:\program files (x86)\pogo games\pogodgc.exe |
"{F79CA568-71E9-48F7-AACD-8D47D189B257}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{F9572FC6-4E8D-4C47-B024-AD45EED4681C}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{FA7992D6-C381-4203-8090-1626543640F8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{FBEB920D-1AE6-4624-ABAC-7FB0C63E9D03}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{29591E65-FD05-461C-A768-2D9064E5AB7D}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{3C31A5F9-A144-4FD8-BBC4-264DB6E3BB5F}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{D34C2F26-EDAE-4FA1-A540-E136720F23E6}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{27A41E79-402D-480B-9220-895833D5BA20}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{5295FE87-56EB-4A40-B3F1-8BE6316B093C}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{5599D177-EC1B-4DFB-92A0-3BA3BF5496A9}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D005A51-8EA5-42F8-B37B-FD30FEEF0D04}" = AVG 2014
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java™ 6 Update 20 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}" = WinPatrol
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
"{DF1A8490-3CD2-4878-92BE-F746D7CCACC1}" = AVG 2014
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"AVG" = AVG 2014
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PC-Doctor for Windows" = My Dell

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{05B50E2F-B8F9-4624-993D-03FBE7824031}" = Mysteryville 2
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CC04407-93DB-438C-B99F-FA1BF2D50472}" = Ancient Mysteries
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}" = Multimedia Card Reader
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 22
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2BC38BA9-4A8E-4E85-B1F5-42570B3A761C}" = ChurchPro 2010
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41E74C95-D1E6-4D4F-8606-C0C2D7BFA869}" = Herod's Lost Tomb
"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.9
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65135558-F1AE-4B9B-8C0B-180730ACA261}" = Garmin Express
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110547247}" = Poppit To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116436960}" = Word Whomp( TM) Underground
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117933957}" = Amazing Adventures - The Carribean Secret
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118106997}" = Murder She Wrote
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118274990}" = Nora Roberts - Vision In White
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118278727}" = Nora Roberts - Vision In White
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119447777}" = Ancient Spirits - Columbus’ Legacy
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119698620}" = Mystery of Mortlake Mansion
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-120001307}" = Crossworlds - The Flying City
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-120013790}" = The Treasures of Mystery Island - The Ghost Ship
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005133}" = Antique Road Trip 2 - Homecoming
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{876AB032-B2A4-41FF-AF87-DBC78454C1B0}" = Garmin Update Service
"{88C77575-0C42-4DA0-861E-9AC38241A120}" = Pirateville
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{91D3AD6F-09CD-4695-9FA3-8FB15429BE97}" = D110
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93765DFA-8A67-41FB-9FC0-B12341CA65F3}" = Elevated Installer
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B627AED8-3E24-42E0-8682-144CDA85D11B}" = DogTown and Contraband Mystery
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C233BCC3-29C4-49C0-B955-0A94509FC4FC}" = Garmin Express Tray
"{C2658D01-DC92-43AB-AD6B-04852B89F3A6}" = Paradox Runtime
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}" = Garmin Express
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F06365EC-061E-48C3-B761-E1816658D618}" = 3DVIA player 5.0.0.20
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0C8BC0A-B0E7-4F39-848C-C5B06021B702}" = Hidden Mysteries - White House
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Antique Road Trip USA" = Antique Road Trip USA
"AVG Secure Search" = AVG Security Toolbar
"Caribbean Explorer_is1" = Caribbean Explorer 1.0.0.9
"Cate West - The Velvet Keys" = Cate West - The Velvet Keys
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Family Feud Battle of the Sexes_is1" = Family Feud Battle of the Sexes
"GamesBar" = GamesBar 2.0.1.82
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist Corporate
"Hawaiian Explorer Pearl Harbor_is1" = Hawaiian Explorer Pearl Harbor 1.0.0.30
"Hidden Expedition Titanic" = Hidden Expedition Titanic (remove only)
"Hide and Secret 2" = Hide and Secret 2
"Hoyle Casino 5" = Hoyle Casino 5
"Hoyle Solitaire & Mah Jong Tiles" = Hoyle Solitaire & Mah Jong Tiles
"HP Photo Creations" = HP Photo Creations
"InstallShield_{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}" = Multimedia Card Reader
"IrfanView" = IrfanView (remove only)
"Logitech Vid" = Logitech Vid HD
"Lost Secrets Bermuda Triangle" = Lost Secrets Bermuda Triangle
"Mah Jong Medley_is1" = Mah Jong Medley
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Merriam Websters Spell Jam_is1" = Merriam Websters Spell Jam
"Mortimer Beckett and the Secrets of Spooky Manor" = Mortimer Beckett and the Secrets of Spooky Manor
"Mozilla Firefox 25.0 (x86 en-US)" = Mozilla Firefox 25.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mystery Case Files - Huntsville" = Mystery Case Files - Huntsville (remove only)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Picasa 3" = Picasa 3
"PogoDGC" = Pogo Games (remove only)
"Private Eye1.0" = Private Eye
"Real Crimes - Jack the Ripper_is1" = Real Crimes - Jack the Ripper
"Save Our Spirit" = Save Our Spirit
"SCRABBLE Blast_is1" = SCRABBLE Blast
"Special Enquiry Detail" = Special Enquiry Detail
"Spirit Of Wandering_is1" = Spirit Of Wandering
"The Lost Cases of 221B Baker St" = The Lost Cases of 221B Baker St
"Wild West Quest" = Wild West Quest
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0d2c5ce4-8867-49e0-bcfb-4de7c235bdda" = Big City Adventure Tokyo
"WTA-b82a2e2e-73c9-4c52-81fb-fa8e5e118d79" = Barn Yarn Collector's Edition

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Mystery in London" = Mystery in London (remove only)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/2/2012 5:21:36 PM | Computer Name = Pat-PC | Source = SignInAssistant | ID = 0
Description =

Error - 4/2/2012 5:25:21 PM | Computer Name = Pat-PC | Source = SignInAssistant | ID = 0
Description =

Error - 4/2/2012 5:27:02 PM | Computer Name = Pat-PC | Source = SignInAssistant | ID = 0
Description =

Error - 4/2/2012 5:27:37 PM | Computer Name = Pat-PC | Source = SignInAssistant | ID = 0
Description =

Error - 4/2/2012 5:29:34 PM | Computer Name = Pat-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WLXPhotoGallery.exe, version: 15.4.3508.1109,
time stamp: 0x4cda70dd Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x2d938269 Faulting process id:
0x103c Faulting application start time: 0x01cd11176cb96371 Faulting application path:
C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe Faulting module
path: unknown Report Id: f08b7b64-7d0a-11e1-88c5-842b2b9d4097

Error - 4/2/2012 5:29:52 PM | Computer Name = Pat-PC | Source = SignInAssistant | ID = 0
Description =

[ Dell Events ]
Error - 9/21/2011 3:54:53 PM | Computer Name = Pat-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/22/2011 7:46:28 AM | Computer Name = Pat-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/22/2011 7:46:28 AM | Computer Name = Pat-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/23/2011 8:21:12 AM | Computer Name = Pat-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/23/2011 8:21:12 AM | Computer Name = Pat-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/23/2011 4:57:05 PM | Computer Name = Pat-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/23/2011 4:57:05 PM | Computer Name = Pat-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/24/2011 9:44:05 AM | Computer Name = Pat-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/24/2011 9:44:05 AM | Computer Name = Pat-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/25/2011 7:11:48 AM | Computer Name = Pat-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 11/9/2013 12:33:10 PM | Computer Name = Pat-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR6.

Error - 11/9/2013 12:33:10 PM | Computer Name = Pat-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR6.

Error - 11/9/2013 12:33:11 PM | Computer Name = Pat-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR6.

Error - 11/10/2013 8:25:51 AM | Computer Name = Pat-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 11/10/2013 8:26:21 AM | Computer Name = Pat-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 11/11/2013 7:58:25 AM | Computer Name = Pat-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 11/11/2013 7:58:55 AM | Computer Name = Pat-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 11/12/2013 8:00:45 AM | Computer Name = Pat-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 11/12/2013 3:29:36 PM | Computer Name = Pat-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 11/12/2013 3:30:06 PM | Computer Name = Pat-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.


< End of report >
  • 0

#6
godawgs
Posted 13 November 2013 - 12:56 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the log. Lets see what we can do.

Disable WinPatrol

Before we start we need to disable WinPatrol so that it won't interfere wit the fixes. We will re-enable it once we are finished with the clean up.

  • Open the WinPatrol program.
  • Click on the Options tab.
  • You should see a check box at the bottom of the GUI that says, Automatically run WinPatrol when computer starts
  • Un-click the box in front of this message and then re-start Windows
Posted Image


Windows Sidebar Advice

Your log shows Windows sidebar running. I recommend that you disable the sidebar.

Microsoft has discovered a security vulnerability in Windows Sidebar and Gadgets. If you are not aware of this, Windows Sidebar(gadgets) has the potential to compromise the security of a machine it is running on as mentioned here. So it would be best to disable this feature.

Download the Disable Windows Sidebar and Gadgets Fix-it on this page to your desktop.

Once downloaded, double-click on MicrosoftFixit50906.msi >> follow the prompts >> reboot your machine if not advised to do so.


Step-1.

Program Removals

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

AVG Security Toolbar
Coupon Printer for Windows
GamesBar 2.0.1.82

3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
PRC - [2011/03/03 09:33:48 | 000,591,248 | ---- | M] (Oberon Media ) -- C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.co...id=82061&lng=en
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:17.0.1.12
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\17.0.1.12 [2013/10/01 14:34:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\PogoDGC\firefox [2011/12/23 17:57:44 | 000,000,000 | ---D | M]
[2013/10/01 14:34:46 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\17.0.1.12
[2012/09/14 12:18:02 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\jmw0oceh.default\extensions\[email protected]
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000..\Run: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide File not found
O4 - HKU\S-1-5-21-1794187125-1737989070-3659461110-1000..\Run: [SearchEngineProtection] C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe (Oberon Media )
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll (AVG Secure Search)
O33 - MountPoints2\{5b4fefbc-3166-11e1-857c-842b2b9d4097}\Shell - "" = AutoRun
O33 - MountPoints2\{5b4fefbc-3166-11e1-857c-842b2b9d4097}\Shell\AutoRun\command - "" = I:\TLBootstrap_WPP.exe
[2011/07/29 17:50:35 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Oberon
[2011/10/03 18:03:39 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Oberon Media
[2011/05/06 14:49:55 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Oberonv1003

:FILES
ipcomfig /c flushdns /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state ON /c
C:\Program Files (x86)\GamesBar

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image button. Post the log it produces in your next reply.


Step-3.

Disable/Uninstall Chrome Plug-ins

  • Open the Chrome browser.
  • In the Address bar or Omni bar, type the following:

    chrome://plugins
  • On the Plug-ins page, find the Oberon com adapter plug-in. There should be an option to Disable or Uninstall the plug-in. If the Uninstall option is available, choose it. Otherwise Disable the plug-in.

IF you can't find the plug-in that way:

  • Click the tools menu icon on the browser toolbar.

    Posted Image
  • Click Settings
  • Click Show advanced settings
  • In the Privacy section, click the Content Settings button.
  • Click Plug-ins
  • Click Disable individual plug-ins
  • Find the plug-in listed above and Disable it.

Step-4.

Virustotal File Upload:

To use Virustotal go Here
Posted Image
  • Click the Choose File button in the middle of the screen. This will open a File Upload window.
  • On the File Upload window, in the File name box, type, or copy and paste the following and click Open:
    NOTE.. Only one file per scan

    C:\Program Files (x86)\0814201119094381.bat
    C:\Program Files (x86)\0814201117240001.bat
    C:\Program Files (x86)\0808201116504309.bat    .
  • This will put the file in the box on the Virustotal page.
  • Click the Scan it! button.
  • IF you get a message that the file has already been analyzed click the Reanalyze button and the file will be scanned.
  • Please be patient while the file is scanned. It may take several minutes.
  • Once the scan results appear, please copy and paste the Virustotal link(s) (URL) in your next reply
  • Repeat 1 thru 7 for each file listed.

Step-5.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.
Or the Authors French site here.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • Right click the AdwCleaner icon Posted Image on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

    Posted Image
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Step-6.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know how the uninstalls went.
2. The URL links to the VirusTotal scans
3. The OTL fixes log
4. The new OTL.txt log
5. The AdwCleaner[R0].txt log
  • 0

#7
PattyB
Posted 13 November 2013 - 02:30 PM

PattyB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hello again!

First, the uninstalls went well except there was NO oberon plugin in Chrome. I should tell you that I NEVER use Chrome, but there was no plugin listed in Chrome.

Virustotal Scans:

https://www.virustot...sis/1384373866/
https://www.virustot...sis/1384374128/
https://www.virustot...sis/1384374227/

OTL Fix Log: When I ran this it kept giving me an error saying Device\Harddick1\DR1 couldn't be found. I hit retry, nothing, then continue 2X, then retry again and it went through. I didn't know if that made a difference, but I finally got a log.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named SearchEngineProtection.exe was found!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-21-1794187125-1737989070-3659461110-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_USERS\S-1-5-21-1794187125-1737989070-3659461110-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ not found.
Prefs.js: avg%40toolbar:17.0.1.12 removed from extensions.enabledAddons
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin\ not found.
File C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@oberon-media.com/ONCAdapter\ deleted successfully.
C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar not found.
File C:\ProgramData\AVG Secure Search\FireFoxExt\17.0.1.12 not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98e34367-8df7-42b4-837b-20b892ff0849}\ not found.
C:\ProgramData\PogoDGC\firefox\chrome folder moved successfully.
C:\ProgramData\PogoDGC\firefox folder moved successfully.
Folder C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\17.0.1.12\ not found.
C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\jmw0oceh.default\extensions\[email protected]\components folder moved successfully.
C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\jmw0oceh.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\jmw0oceh.default\extensions\[email protected] folder moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6F282B65-56BF-4BD1-A8B2-A4449A05863D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}\ not found.
File C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-1794187125-1737989070-3659461110-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-1794187125-1737989070-3659461110-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-1794187125-1737989070-3659461110-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-1794187125-1737989070-3659461110-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1794187125-1737989070-3659461110-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ComcastAntispyClient deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1794187125-1737989070-3659461110-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SearchEngineProtection not found.
File C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
File C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ not found.
File C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b4fefbc-3166-11e1-857c-842b2b9d4097}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5b4fefbc-3166-11e1-857c-842b2b9d4097}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b4fefbc-3166-11e1-857c-842b2b9d4097}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5b4fefbc-3166-11e1-857c-842b2b9d4097}\ not found.
File I:\TLBootstrap_WPP.exe not found.
C:\Users\Pat\AppData\Roaming\Oberon\JewelQuestMysteries_StandardEdition folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon\JewelQuestMysteries_PremiumEdition folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media\110184400\11996780 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media\110184400\119933763 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media\110184400\11882993 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media\110184400\116436960 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media\110184400\110547247 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media\110184400 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media\11008813\510005544 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media\11008813\510005257 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media\11008813\510005170 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media\11008813\510005133 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media\11008813\510005106 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media\11008813\120013790 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media\11008813\120006190 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media\11008813\120001307 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media\11008813\119803590 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media\11008813\119698620 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media\11008813\119447777 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media\11008813\119074567 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media\11008813\118278727 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media\11008813\118106997 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media\11008813\118023300 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media\11008813\117933957 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media\11008813\117020110 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media\11008813\116505387 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media\11008813\11522637 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media\11008813\113832110 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media\11008813\113666647 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media\11008813\113149420 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media\11008813\111412653 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media\11008813\110125217 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media\11008813 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberon Media folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberonv1003\Amazing Adventures 3 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Oberonv1003 folder moved successfully.
========== FILES ==========
< ipcomfig /c flushdns /c >
C:\Users\Pat\Desktop\DeesMalwareFixes\cmd.bat deleted successfully.
C:\Users\Pat\Desktop\DeesMalwareFixes\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Pat\Desktop\DeesMalwareFixes\cmd.bat deleted successfully.
C:\Users\Pat\Desktop\DeesMalwareFixes\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state ON /c >
Ok.
C:\Users\Pat\Desktop\DeesMalwareFixes\cmd.bat deleted successfully.
C:\Users\Pat\Desktop\DeesMalwareFixes\cmd.txt deleted successfully.
File\Folder C:\Program Files (x86)\GamesBar not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 632482 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Pat
->Temp folder emptied: 102270692 bytes
->Temporary Internet Files folder emptied: 85196459 bytes
->Java cache emptied: 108493236 bytes
->FireFox cache emptied: 434769501 bytes
->Google Chrome cache emptied: 283253199 bytes
->Flash cache emptied: 17379532 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 495 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1224911520 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42379198 bytes
RecycleBin emptied: 78388460 bytes

Total Files Cleaned = 2,268.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11132013_142625

Files\Folders moved on Reboot...
C:\Users\Pat\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Users\Pat\AppData\Local\Mozilla\Firefox\Profiles\jmw0oceh.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Pat\AppData\Local\Mozilla\Firefox\Profiles\jmw0oceh.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Pat\AppData\Local\Mozilla\Firefox\Profiles\jmw0oceh.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Pat\AppData\Local\Mozilla\Firefox\Profiles\jmw0oceh.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Pat\AppData\Local\Mozilla\Firefox\Profiles\jmw0oceh.default\_CACHE_CLEAN_ moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


OTL Log

OTL logfile created on: 11/13/2013 2:37:19 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pat\Desktop\DeesMalwareFixes
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 60.92% Memory free
7.61 Gb Paging File | 5.54 Gb Available in Paging File | 72.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921.59 Gb Total Space | 810.00 Gb Free Space | 87.89% Space Free | Partition Type: NTFS

Computer Name: PAT-PC | User Name: Pat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/07 18:54:20 | 004,908,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/10/03 21:00:24 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013/09/25 20:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/09 16:19:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pat\Desktop\DeesMalwareFixes\OTL.exe
PRC - [2013/03/27 15:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2012/01/18 01:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/12/19 11:32:02 | 000,519,888 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
PRC - [2011/11/11 13:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/09/06 12:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 12:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/12 21:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Vid HD\Vid.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/10 07:09:10 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll
MOD - [2013/10/10 06:56:08 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll
MOD - [2013/10/10 06:55:18 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/10 06:54:56 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll
MOD - [2013/10/10 06:54:39 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/10 06:54:29 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/08/15 08:23:26 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 08:23:03 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 08:22:10 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/11 09:43:41 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013/07/11 09:42:31 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/01/18 01:43:56 | 000,183,320 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\SharedBin\LvApi11.dll
MOD - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/03/01 22:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/03/01 22:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/03/01 22:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/03/01 22:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/03/01 22:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/01/12 20:57:34 | 000,751,616 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll
MOD - [2011/01/12 20:55:28 | 000,027,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\SDL.dll
MOD - [2009/04/22 16:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/09 18:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 17:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 17:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 17:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 17:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 17:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 17:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 17:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 17:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 17:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/11/07 05:40:08 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/04 19:08:42 | 000,240,736 | ---- | M] (WildTangent) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/10/08 14:42:23 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/03 21:00:24 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/09/25 20:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/14 12:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/27 15:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2012/01/18 01:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/12/19 11:32:02 | 000,519,888 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\Pogo Games\PGMTrusted.exe -- (PGMTrusted)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/10/07 16:15:49 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2010/09/21 13:54:52 | 000,816,536 | ---- | M] (GlavSoft LLC.) [Disabled | Stopped] -- C:\Program Files (x86)\ShowMyPCService\tvnserver.exe -- (tvnserver)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/25 20:07:30 | 000,148,792 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/09/08 21:11:42 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/09/02 09:59:14 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/09/02 09:29:18 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/09/02 09:26:50 | 000,192,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/09/02 09:26:42 | 000,241,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/08/20 21:53:58 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/08/01 15:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 01:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 01:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/04 00:38:32 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/10/16 06:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/01/23 14:47:00 | 000,051,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2007/01/23 14:47:00 | 000,048,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {4526267C-F3E5-4EE4-949A-1700C3EADAF2}
IE:64bit: - HKLM\..\SearchScopes\{4526267C-F3E5-4EE4-949A-1700C3EADAF2}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.msn.iplay.com/?o=shp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.msn.ipl...q={searchTerms}
IE - HKCU\..\SearchScopes\{665ED57F-0F60-4B6F-8985-076C39128E05}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://xfinity.comca...d=mtmh09152012"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\30\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Pat\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/01 19:49:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\components [2013/11/07 05:39:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/01 19:49:04 | 000,000,000 | ---D | M]

[2010/12/03 16:53:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pat\AppData\Roaming\Mozilla\Extensions
[2013/11/13 14:27:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\jmw0oceh.default\extensions
[2012/09/12 14:08:25 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\jmw0oceh.default\extensions\[email protected]
[2013/07/19 18:52:08 | 000,002,402 | ---- | M] () -- C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\jmw0oceh.default\searchplugins\bingp.xml
[2010/12/03 16:49:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/04 14:39:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/29 13:59:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/23 17:53:54 | 000,002,064 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bingober12024822.xml
[2010/11/05 18:43:49 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober44157065.xml
[2010/09/04 15:57:31 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober9374724.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: No name found = C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.4.0.5_0\
CHR - Extension: No name found = C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\Pogo Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\ShowMyPCService\tvnserver.exe (GlavSoft LLC.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Pat\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011/09/21 11:02:59 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx (SpinTop DRM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C0DCB2F-CEAB-4CB1-A936-6ED6137F2314}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/13 14:26:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/10 07:27:13 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\Adobe
[2013/11/08 11:01:17 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\Programs
[2013/11/07 05:39:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7
[2013/11/07 05:22:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2013/11/01 06:02:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\cache
[2013/10/16 09:04:55 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\{807841A6-CCD1-4EFA-9AD9-2320989847BD}

========== Files - Modified Within 30 Days ==========

[2013/11/13 14:41:04 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/13 14:41:04 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/13 14:33:59 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/13 14:33:59 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/11/13 14:33:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/13 14:33:41 | 3063,242,752 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/13 14:29:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/13 13:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/13 13:24:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1794187125-1737989070-3659461110-1000UA.job
[2013/11/13 13:24:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1794187125-1737989070-3659461110-1000Core.job
[2013/11/13 11:50:38 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2013/11/13 10:53:30 | 000,727,398 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/13 10:53:30 | 000,624,614 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/13 10:53:30 | 000,106,732 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/12 17:49:37 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/12 14:26:57 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/12 14:10:39 | 000,984,576 | ---- | M] () -- C:\Users\Pat\Desktop\MicrosoftFixit50906.msi
[2013/11/11 18:28:52 | 000,001,065 | ---- | M] () -- C:\Users\Pat\Desktop\OTL - Shortcut.lnk
[2013/11/08 11:03:14 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/07 10:25:19 | 000,002,153 | ---- | M] () -- C:\Users\Pat\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 7.lnk
[2013/11/01 06:35:52 | 000,001,144 | ---- | M] () -- C:\Users\Pat\Desktop\Merriam Websters Spell Jam (2).lnk

========== Files Created - No Company Name ==========

[2013/11/12 14:10:36 | 000,984,576 | ---- | C] () -- C:\Users\Pat\Desktop\MicrosoftFixit50906.msi
[2013/11/11 18:28:52 | 000,001,065 | ---- | C] () -- C:\Users\Pat\Desktop\OTL - Shortcut.lnk
[2013/11/01 06:35:52 | 000,001,144 | ---- | C] () -- C:\Users\Pat\Desktop\Merriam Websters Spell Jam (2).lnk
[2013/03/03 18:38:44 | 000,000,288 | ---- | C] () -- C:\Users\Pat\AppData\Roaming\.backup.dm
[2012/08/10 18:23:10 | 000,027,520 | ---- | C] () -- C:\Users\Pat\AppData\Local\dt.dat
[2012/08/01 16:15:35 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012/06/12 16:19:59 | 000,007,605 | ---- | C] () -- C:\Users\Pat\AppData\Local\Resmon.ResmonCfg
[2012/01/25 15:17:14 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2012/01/18 01:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 01:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 01:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/10/03 19:11:03 | 000,000,504 | ---- | C] () -- C:\Program Files (x86)\1003201120110317.bat
[2011/08/14 18:09:43 | 000,000,477 | ---- | C] () -- C:\Program Files (x86)\0814201119094381.bat
[2011/08/14 16:24:00 | 000,000,471 | ---- | C] () -- C:\Program Files (x86)\0814201117240001.bat
[2011/08/08 15:50:43 | 000,000,486 | ---- | C] () -- C:\Program Files (x86)\0808201116504309.bat
[2011/04/01 18:58:52 | 000,000,000 | ---- | C] () -- C:\Users\Pat\AppData\Local\prvlcl.dat
[2010/10/07 16:15:46 | 000,103,784 | ---- | C] () -- C:\Users\Pat\GoToAssistDownloadHelper.exe
[2010/09/15 07:18:12 | 000,020,480 | ---- | C] () -- C:\Users\Pat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/05/11 13:52:44 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\2monkeys
[2012/11/05 15:15:53 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Angler
[2012/12/31 12:06:15 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Artogon
[2013/09/22 17:43:37 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\AVG2014
[2012/04/05 09:14:40 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Big Fish Games
[2013/02/19 14:26:10 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Boomzap
[2012/12/07 13:53:20 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\casualArts
[2012/10/29 14:15:03 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\cerasus.media GmbH
[2012/07/27 08:59:23 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Dropbox
[2011/08/14 15:11:18 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\EleFun Games
[2013/01/16 16:56:55 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\ElementalsTheMagicKey
[2013/02/18 19:29:23 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Flood Light Games
[2013/03/13 18:31:18 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Floodlight Games
[2011/06/03 17:34:58 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\FloodLightGames
[2011/06/05 16:42:56 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\FlyWheelGames
[2011/03/20 13:27:43 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\GameMill
[2013/02/14 18:16:09 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\GamersDigital
[2013/06/05 20:28:17 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Garmin
[2011/05/05 08:29:52 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Gogii
[2011/05/06 10:41:07 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\IrfanView
[2010/09/17 16:28:28 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\iWin
[2011/05/04 15:49:13 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\iWing
[2012/07/30 14:33:27 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Leadertech
[2013/10/15 18:33:29 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\LegacyInteractive
[2012/12/31 11:47:47 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Legends of pirates
[2011/05/21 17:43:50 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Mystery of Mortlake Mansion
[2011/05/27 17:14:50 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\MysteryStudio
[2012/12/31 11:56:21 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Mysteryville2
[2010/09/04 16:18:21 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Namco
[2010/09/03 14:58:48 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\OpenOffice.org
[2011/03/04 15:13:38 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\PCDr
[2011/10/28 16:46:37 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\PlayFirst
[2010/11/05 19:05:19 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Pogo Games
[2011/04/21 12:57:39 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Sammsoft
[2011/04/29 15:14:38 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Scholastic
[2013/11/10 19:43:55 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\SoftGrid Client
[2011/06/04 16:19:06 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\SpinTop
[2012/07/30 17:21:29 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\SpinTop Games
[2011/05/17 18:25:16 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\TOMI3
[2010/09/03 15:43:46 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\TP
[2012/09/13 14:53:48 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\TrickySoftware
[2012/10/01 17:16:52 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\TuneUp Software
[2012/05/14 18:24:34 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\WildTangent
[2011/01/20 10:51:06 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Windows Live Writer
[2013/04/09 15:53:50 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\WinPatrol
[2011/06/06 14:25:51 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 273 bytes -> C:\ProgramData\TEMP:9B0F9E15
@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:E89EDC52
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:B894C266
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:703CE963
@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:981884E7
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:27219865
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:813B8EB6
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:93EB7685
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:07348C09
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:ABCD2B94
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:FAC5BCF5
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:62D72D41
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:3167F9BC
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:2A8CD561
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:AD7CAA15
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:815D61C4
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2ADC9FB3
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:81B52FA6
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:40546375
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:AE8D8202
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:49BE0F68
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:18BB305F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:987CE5C8
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:8B2A99C5
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:1BC99E01
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:E35942A2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:840C2B26
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:834DD57E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:ADF4C56B
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5EDE9EDA
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:404C30E3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2B666CB0
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0E361B63
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:EFCCC46E
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:DA5926CF
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:57DC3B52
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:249A49F7
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:DA18FD1D
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:211ED887
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:05113FB9

< End of report >


AdwCleaner Log:

# AdwCleaner v3.012 - Report created 13/11/2013 at 15:11:32
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Pat - PAT-PC
# Running from : C:\Users\Pat\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\jmw0oceh.default\invalidprefs.js
File Found : C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\jmw0oceh.default\searchplugins\bingp.xml
Folder Found : C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found C:\Program Files (x86)\xfin_portal
Folder Found C:\ProgramData\AVG Security Toolbar
Folder Found C:\ProgramData\Trymedia
Folder Found C:\Users\Pat\AppData\Local\AVG Security Toolbar
Folder Found C:\Users\Pat\AppData\Local\PackageAware
Folder Found C:\Users\Pat\AppData\LocalLow\AVG Security Toolbar
Folder Found C:\Users\Pat\AppData\LocalLow\comcasttb
Folder Found C:\Users\Pat\AppData\Roaming\iWin

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Found : HKCU\Software\AppDataLow\Software\xfin_portal
Key Found : HKCU\Software\AVG Security Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A93C934-025B-4C3A-B38E-9654A7003239}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\AVG Security Toolbar
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\jmw0oceh.default\prefs.js ]

Line Found : user_pref("extensions.gamesbar.msnus.config.partner_logo", "iVBORw0KGgoAAAANSUhEUgAAAF8AAAAYCAYAAACcESEhAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90[...]
Line Found : user_pref("ibxcomtb.defs", "<buttons><button id=\"Sheet_Music_Lyrics\" position=\"100\" default=\"3\" type=\"dropdown\" ver=\"1.0.0.0\">\n <caption>Sheet Music and Lyrics</caption>\n <hint>Sheet Mus[...]

-\\ Google Chrome v31.0.1650.48

[ File : C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6939 octets] - [13/11/2013 15:11:32]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6999 octets] ##########

Thanks again. Have a nice evening!

Edited by PattyB, 13 November 2013 - 02:33 PM.

  • 0

#8
godawgs
Posted 13 November 2013 - 11:39 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
You are welcome.

OTL Fix Log: When I ran this it kept giving me an error saying Device\Harddick1\DR1 couldn't be found.

The Extras.txt log showed this. I have seen this caused by the malware files...and I have also seen it caused by problems with the hard disk. We are gonna run the AdwCleaner again and another junkware program and then we will check out the hard drive.

I meant to ask you if you disabled the UAC (User Account Control) on purpose.


Step-1.

Re-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner
  • Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Step-2.

Scan with JRT:

Posted Image Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Right click the JRT icon Posted Image and click Run as Administrator to run the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
NOTE: Reboot the machine and ensure that all security software is now enabled.


Step-3.

Check Hard Disk For Errors:

Please copy everything in the code box below into notepad. To do this highlight all text, then right click and click Copy.

@Echo Off
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
del %0

  • Next, open Notepad, or click Start->Run and in the Open: box type notepad.exe and click OK.
  • Right click in the notepad window and click Paste, or put the cursor inside the notepad window and press the Ctrl-V keys to paste the text into notepad.
  • On the File menu, click Save
  • On the Save AS window that comes up, do the following:
    • On the left side, click the Desktop Icon. This will put "Desktop" in the Save In: box at the top.
    • At the bottom in the File Name: box type testhd.bat
    • In the Save as type: box, click the down arrow and click All Files(*.*)
    • Click Save
    This will put a new file on the Desktop named testhd.bat
    The file icon will look like this:
    Posted Image

    Close all open windows and any open Browsers.
  • Right click the testhd.bat file on the desktop and click Run As Admininstrator then OK any UAC prompts to run the file. A command window will open briefly, then close. This is quite normal.
  • When the command window has closed there will be a new file on the desktop named checkhd.txt
  • Copy and paste the contents of the checkhd.txt file in your next reply.

Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my question about the UAC
2.The AdwCleaner[S0].txt log
3. The JRT.txt log
4. The checkhd.txt log
5. How is the computer running now?
  • 0

#9
PattyB
Posted 14 November 2013 - 02:45 PM

PattyB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi there

As far as I know, no one has turned off my UAC.

ADW cleaner log# AdwCleaner v3.012 - Report created 14/11/2013 at 14:52:46
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Pat - PAT-PC
# Running from : C:\Users\Pat\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files (x86)\xfin_portal
Folder Deleted : C:\Users\Pat\AppData\Local\AVG Security Toolbar
Folder Deleted : C:\Users\Pat\AppData\Local\PackageAware
Folder Deleted : C:\Users\Pat\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Pat\AppData\LocalLow\comcasttb
Folder Deleted : C:\Users\Pat\AppData\Roaming\iWin
Folder Deleted : C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\jmw0oceh.default\invalidprefs.js
File Deleted : C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\jmw0oceh.default\searchplugins\bingp.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A93C934-025B-4C3A-B38E-9654A7003239}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\jmw0oceh.default\prefs.js ]

Line Deleted : user_pref("extensions.gamesbar.msnus.config.partner_logo", "iVBORw0KGgoAAAANSUhEUgAAAF8AAAAYCAYAAACcESEhAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90[...]
Line Deleted : user_pref("ibxcomtb.defs", "<buttons><button id=\"Sheet_Music_Lyrics\" position=\"100\" default=\"3\" type=\"dropdown\" ver=\"1.0.0.0\">\n <caption>Sheet Music and Lyrics</caption>\n <hint>Sheet Mus[...]

-\\ Google Chrome v31.0.1650.48

[ File : C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7127 octets] - [13/11/2013 15:11:32]
AdwCleaner[R1].txt - [7187 octets] - [14/11/2013 14:50:20]
AdwCleaner[S0].txt - [7115 octets] - [14/11/2013 14:52:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7175 octets] ##########


JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Pat on Thu 11/14/2013 at 15:03:53.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\Users\Pat\AppData\Roaming\big fish games"
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{005BD8C8-9A3C-4ABD-ADE7-8DD26FCD4CF4}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{00632774-C5AA-411D-B129-D381DAB31DDF}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{006FFA32-D1E2-48DD-A5EE-836A065E46A4}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{00933196-DC48-4834-B6F9-C566C9B23225}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{03A93588-FACC-40E9-9F70-52E98117EAE5}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{041EF9CF-B0CF-43B9-ABFE-764981E1A952}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{04CE6B4C-919F-4C64-AF9A-85C505B71DDE}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{05E0FE6F-0DDC-4C0E-B3AE-D24774D4A2EA}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{060EA6B5-CB80-4A9C-85ED-79BA375070CC}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{078F4B68-2F6E-4093-B2CB-BBF4355F7D6E}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{0922700F-AB10-4C8B-B177-DC648A051C22}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{0D84936E-EA25-4DF8-A09D-149D14D88038}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{0DD73827-389F-431C-BF5A-F802E12BE13B}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{0E6CE51B-0D87-43A3-9AE9-1A0C9FBC7CD6}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{0EC9E40A-2D6E-46BC-B0EC-BB5870317BE3}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{0ECF9693-C71E-4B26-8533-0603076EB0C3}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{0F26CD1E-4E46-411F-9591-DCC6980A01CD}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{0F45B9F1-7FD7-4906-B0F9-1B2AB56C7171}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{0F8EF782-12B1-4B49-8907-9CC2BBD1DC64}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{10534D7F-74CC-4252-8361-D0C6470A9B9B}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{11EA099C-B5FA-45FD-B4D8-6705F7DF115D}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{13FAAEC0-2C00-467C-839C-793E521F1A7A}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{162AEDA5-F855-43AF-AC92-3652A6CA1A61}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{1745E442-62DD-46D7-B8C7-1F25419B9376}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{19A17749-2727-4F5B-B669-988A11957C2B}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{19C60D5D-C98C-4176-AFC1-2F98667FB568}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{1A0ABBD3-A889-4CAF-81EB-70C1D8BD480F}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{1D65329A-A4BA-4F77-920C-AA2BA8DF2D9E}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{1D8C4AF2-DF5C-41FD-B9F0-59E3447E73A2}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{1EE805DC-3472-473A-B598-E22ED8F60E37}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{1EFF8869-5116-4B18-8209-8560C182A32E}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{1FD655C0-2A1F-45AE-97DA-632D343440BE}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{219D6BD2-6AB9-4462-A363-B7660FC8096B}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{24189FC2-85E3-45F7-A430-1560BA64AAAA}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{24733823-A481-42E9-AAA7-C679108A6610}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{26851B47-7DBD-4E43-9D62-BA2CFAD0ACF7}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{26F724C7-D46E-4C68-AF87-4F86D29CDAC4}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{27857136-4220-4AEF-AFB5-198B939EBC77}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{2984E08A-97D8-4B2B-9E22-C1E1959DAE18}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{29BC14E5-39EC-4737-AB45-7A56EDEE5AF6}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{2B75B2FD-71E3-4BF7-B433-0B455B376EDE}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{2CB25265-664F-4C08-8E71-FE2D2EEDC60F}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{2DCD4F35-3890-49E5-AB91-F2F68588FE10}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{2ED0020F-DFC7-4EDF-BE4B-612B705F9E5B}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{32689BF6-2152-4BCB-BD30-5774A26FB6BF}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{346E9274-2934-44E3-B81F-FA9CEA16326E}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{35B19694-DCE4-4D27-9D73-C3665510827D}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{35C3DBA0-1DDC-4B38-8851-9230BFEAF7A0}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{3804186D-32C5-4AC9-BC71-B3527437D7FE}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{3813E370-477D-422D-9086-8F8D5D1C49AE}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{39CA8EB0-5C2C-4496-AB37-915697B499DA}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{3AC132C6-057A-4A58-A5DE-640D7AB277E2}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{3C799FC6-5F2C-435A-B108-6DB40F07E2BD}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{3CF64E5D-039B-4358-B192-A6DD8068F910}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{425CF193-2CBA-43C8-B335-5E780093F87A}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{46EF46B2-7B61-447B-A15F-508BD41E6323}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{479024C0-5AEB-445A-9937-E7B26EF6DE58}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{49A2D7B1-DFA4-4162-B407-8BA7B6107E6D}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{4A558535-6C1D-48ED-8395-67CDDF9A94AF}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{4C4A45A5-1BFD-46F2-81DA-C60394DB9B0B}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{4CA19AE5-3EA8-4DD8-9582-BEBB28914566}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{4EDCD333-1CA1-453D-A0FD-A60F9C00D5D0}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{4F63058E-26CB-4582-8B77-B19E967591F3}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{4FF53128-5519-46DA-A4E2-94190A87CD50}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{5172CA25-1433-45DA-A80B-24030369D6CA}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{51C2384F-DF28-4334-B58C-4E72191194CC}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{52C01129-E2D9-493E-9E98-2697C47A5EB2}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{538177F1-A968-4E57-83E7-81492A8E02CB}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{59C00C6D-8B2E-4820-86D8-C93FE710F606}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{5D7C06A6-19B7-4F6A-A7A3-08B476456577}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{5DFE3BEF-4959-4243-8C08-12CB19C178AB}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{63BB7038-8B38-45D2-9CEB-269658FCB668}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{63DE9CBD-6B9B-4822-898E-6C6C62EDDD00}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{64623C2C-F72F-4637-9E2B-39B98EB56F0D}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{648D652A-519E-4191-8C9A-C06AF4FBB956}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{658062CA-25C6-44D6-B608-C20518772587}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{6718AFD4-6104-4A8B-B7B8-DC5142CDF3D1}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{69E61BFA-CE4A-49EC-9C4D-5512399D559D}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{6A755186-EF73-4471-8E7A-D0ACB7840335}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{6B66F939-8A4D-4931-9D91-B8B21C7257D6}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{6C208E5E-7484-4FEC-A89E-AF0145C86461}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{701D4C90-9C57-43B6-8AF8-20631F4F2A5E}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{72976346-B223-49C3-96AE-97605CCD79AE}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{74814F7F-3718-4082-8230-4C1DB7D909CC}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{77851EA6-1E93-4F35-9766-51216E407791}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{7823DB75-23F8-49C8-8118-890A836B059C}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{78E9DA55-B3EC-4F89-820D-6C34F2B38896}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{79DAFD7F-C1DE-4DAD-B466-1F50AD3372E5}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{79FB2A5E-D196-47BC-B6C8-A2E0619F8C2C}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{7A2DD7F1-2BEF-4046-B7EF-3A390EC2342B}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{7A7A3E60-A555-4515-80CF-DC383286155B}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{7AAA9402-6B24-4B20-B98E-8C0F1D8D67CE}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{7ABF8C49-F372-4DFE-931D-1DB16DE86740}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{7B12C5A1-CC3B-4C24-81EF-9B0B11C435D8}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{7B500327-98CE-4A96-A620-E69D4BC59B25}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{7D8BA4B8-23F6-4A81-9A5D-AB33F13BD8F6}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{7DCBCCD8-B625-4B3D-8079-7300B381306A}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{807841A6-CCD1-4EFA-9AD9-2320989847BD}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{83CE95A8-C5F3-4DA0-BE38-1425A8CB7C58}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{8446404E-CE95-4AAC-8120-05C86BC2447E}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{84FB6D69-196B-4EB9-9998-92BC06A31B3F}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{85A2B5AE-8AD7-43BA-9FC9-04B8B634EBB8}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{86215388-A996-4D06-940E-FE30D9FDAB61}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{86E47029-FB2A-49B4-84D5-12BDF9A2A9E0}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{8756161E-E0A6-42E6-AA05-82409DF7A3EA}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{8763E0FD-8EAD-4BC2-8631-E84C820D42E8}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{877343EB-7C7C-4B11-9C45-C2DAD3188D7C}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{87F238E4-4A00-4E8C-9186-98EC093B77B9}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{8B16CD1A-13EB-4E76-A1CD-92C61DAA4890}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{8C26F6AA-2B2D-41EE-A9AD-6A3B09D43E38}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{8C73AF40-7649-4FC0-B95C-87559C530779}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{8C9E8348-17A4-4DD3-A133-7EC44214B85C}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{8CDF9E2B-478A-4012-B69D-E3C86AEFD8E0}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{8D4C91B2-EA91-47B1-A944-9ABE29FFD7CF}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{8DAB36B9-EEE9-47B4-85F7-68179145883F}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{8ED60993-04DE-4C59-89BF-0F5398944700}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{8EFB4DD6-56B6-4F20-BC37-28BFE93E2EEF}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{8F0CCC61-1BD8-407D-A140-F8525EF5D858}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{952BBCE2-EE29-41F7-AF60-518D6161CD72}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{9854697A-6A0B-4DC7-93F4-9E0C3E2E6A0E}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{99F53BBF-CB25-4E01-8933-B89AD389940F}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{9A850BC2-78AC-4FBB-9504-B0F92062B2CB}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{9AD24EC1-BE3C-4583-ABA2-71AA3541C989}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{9B5076C4-7B4C-4E38-B3DE-BA4D1E1439DD}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{9B9688AB-9E30-4BB3-9294-552465C7EF00}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{9BEA956B-0042-4D12-9149-508F78E0A5F0}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{9CC768BC-A4CD-4A52-ABC2-7CB5DBBB8FFB}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{9E12B460-F7EE-42AD-93DC-CCB5D5B754E2}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{9E550A8F-4086-4A32-8257-C1C92EEBA797}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{9E822240-52CB-45CF-B4D8-133CA4151515}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{9EAD4B46-3E97-4220-A85C-378749835F0E}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{9EF7BD09-F886-4009-9F0B-E8B77762396D}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{9FBEE30F-87F8-488B-9C72-FAFD67487D23}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{A01E8593-C9C0-4101-BC0C-CC1EE5488C74}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{A112B8B7-EBD0-4A22-80F1-C5CB3F5430C2}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{A36CDC1A-A8F8-4CC3-9E97-81A90BD9B41F}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{A75BEA15-877C-478B-8ACF-9D33B5F08C83}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{A7EF62A5-DFBA-4CB1-8676-CFFB78972FF2}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{A7F48ED9-7994-4576-8F1C-8565609A7084}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{A7F75C0D-D8EF-4E4E-8A3E-56F160822ED9}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{A84320DA-4CF5-4848-A06E-3C5147DAA138}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{A925CBA7-7D96-45F6-A03D-F12CCDCDCEB4}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{A9F8756F-4412-432A-B6ED-9CF32ACE1977}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{AA40CFB5-2C97-4C90-8C4A-00D26F116136}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{AC21121C-6838-4E15-8898-C91B76CB4D5B}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{AC3C9656-EF18-417A-A7ED-21CF2B27C666}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{AC53CBE6-BAE8-468E-BEA9-538C29656D65}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{AEFB2997-EF59-47A9-B89D-BFE6D7301947}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{AF179A1C-457B-4144-89A7-6663FBE1F69B}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{AFB8F15F-32FC-4219-9C39-AF44EEABFA4A}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{B04749DA-8583-42B3-8EC0-CD2538E0AC03}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{B0513E1F-8CFA-4A10-A4FF-978BAC9AA383}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{B0B54D8C-66A4-4F38-B578-E936579E1BB3}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{B0CB7C56-1E3A-40DB-AB27-D89101D2F90A}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{B2149272-88F3-4591-A161-C2347E4074A5}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{B489A247-9207-4095-B114-FF0CF67797B4}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{B538F775-87BE-4D0A-A0E7-D68AC5F0DC8D}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{B5782B40-F39A-4998-9657-940D3D2A1430}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{BCBAA8C0-DC14-4673-A4A2-3EFEC2672EC8}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{BD3EF253-2595-4FF6-A277-3276F3F1040B}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{BE387BEC-FD30-446A-A50E-0E67A6750673}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{BF8A4FA6-BFC0-4A9F-8563-F6566EAC64DF}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{C3ED5406-461C-4947-8539-6E98D4284B49}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{C491039D-BCC2-4D5F-9503-FEF00CE7119D}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{C61CA9ED-F320-4A1F-BAC8-AF3522FFF1D8}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{C80CDB85-2046-41DC-AD0E-8E24961AD599}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{C8CEF16B-7C82-4DC8-AAFC-03D76F70CB0C}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{C935C75D-0AED-4F18-8920-A4805E956904}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{CB5FE3F4-7F67-4372-BD23-AF2F63D37E21}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{CBEE748E-E17D-46AD-A74E-8D61355674B4}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{CE4AF620-FCA8-4611-A303-3086180C4FB8}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{D0473928-4600-454D-82C2-C8D1CD708487}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{D2A389F1-7BFF-437D-AB4D-8F444C493443}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{D3AF3477-1B0B-4D8E-8033-848915D1FAEA}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{D57C9452-6182-408F-9C50-14E864810808}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{D6182C9E-0CFE-4457-9757-1C7EABFCDE84}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{D6727499-6CEC-4B36-B39B-69325D060F95}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{D67E32A6-55BA-4ECF-909A-2F67F3F4C060}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{D6E6A82F-366A-4DAC-815A-C13EF84F2DC5}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{D8CA749D-ECBF-4864-AE6F-49F3B66EDA80}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{D9D590EF-2EB5-488E-99FC-D8A2D36D092C}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{DA97883A-93A2-4979-9E16-06D2E1BA40C0}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{DBA2E18F-C235-4D08-A8C1-0F0EA0CB7375}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{DD155000-90BE-437E-AEC9-2EA40C44EA02}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{DF8D3E0E-ED4B-4DE0-85ED-A7CFAC8E40DE}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{DFC29AA0-9ED6-4151-9D3B-741F7754138A}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{E00D2827-9D7D-45D6-B8F1-41DAE640FE44}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{E39D5906-3DD2-4A75-A71B-1D9EDF2D9E29}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{E711E029-23A6-4108-869E-9C43C0E31185}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{E7B77A94-C2AA-4EEF-BA1E-228E124C7355}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{E8BDA46B-0761-4EB8-981B-CDCC027B7B2F}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{E8FA7F77-2040-4CC2-9D33-34A7690A77A0}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{E9FBDDF7-5F8B-419B-ABC2-9E86B23B6677}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{EA352369-0A92-40E4-B521-2E7A90FB909D}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{ECD14E6D-42EA-423E-810F-8348D29A1686}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{EDF23C8E-1110-400B-AF8E-4D698A6AD4B0}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{EFCC03B9-8071-40B3-91D7-6E13966928B7}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{F076203C-B28E-4BD6-A97E-D51E74C4D8C4}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{F20C71F1-F8DA-45DA-9B3C-6388C8E7A54B}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{F2717E63-C0AC-49CE-9699-FB448687A022}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{F3563563-ABA5-4FE0-BC34-F27B7C57C30D}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{F3BDA621-09B2-4B3B-A9EB-46B4D725C668}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{F3F6C0DF-3503-4F61-B947-B250BC7A8A42}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{F8569E49-11AB-47F3-A778-535FDB3A5593}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{FACFF9DD-91BE-45CD-B5EC-44714A855140}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{FBB869A9-5684-4B3D-9922-72D6E03EC79B}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{FDC3A2D2-2CC0-43B2-9988-1B467BF405C6}
Successfully deleted: [Empty Folder] C:\Users\Pat\appdata\local\{FFC08BA9-94C0-4DDB-BC0E-E6E96731636B}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 11/14/2013 at 15:08:19.49
End of JRT log

The type of the file system is NTFS.
Volume label is OS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
822 large file records processed.

0 bad file records processed.

0 EA records processed.

41 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
31423 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.

966359039 KB total disk space.
117252132 KB in 497071 files.
236536 KB in 31424 indexes.
0 KB in bad sectors.
697071 KB in use by the system.
65536 KB occupied by the log file.
848173300 KB available on disk.

4096 bytes in each allocation unit.
241589759 total allocation units on disk.
212043325 allocation units available on disk.


It worked well last night, but, this morning it didn't . It was back to the way it was when we started. My daughter says it's going from full screen mode to regular mode very rapidly in Firefox. I will know better tomorrow how it's working when I turn it on.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#10
godawgs
Posted 15 November 2013 - 03:30 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the logs. Does the screen problem happen only in Firefox?


Step-1.

Malicious program uninstall

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

Pogo Games (remove only)

3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.msn.ipl...q={searchTerms}
[2013/07/19 18:52:08 | 000,002,402 | ---- | M] () -- C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\jmw0oceh.default\searchplugins\bingp.xml
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\Pogo Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
[2013/11/13 14:33:59 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

:FILES
C:\Program Files (x86)\Pogo Games
C:\Users\Pat\AppData\Roaming\Pogo Games
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.4.0.5_0
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).

Before completing Steps 3 and 4 please disable any screen saver you might have running.


Step-3.

Posted ImageMalwarebytes' Anti-Malware

Close all programs and browsers on your computer and disable any screen saver you might have running.

Right click the MalwareBytes icon on the desktop and click Run As Administrator, then click the Continue button on the UAC window.)
You will now be at the main program as shown below.

Posted Image

  • Click the Update tab and update the program if required.
  • Click the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
    MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image

    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore (see the image below), and click Remove Selected<---Very Important.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step-4.

Run ESET Online Scanner:

Note: Optimized for Internet Explorer but you can use Chrome or Mozilla FireFox for this scan.

Important! You will need to disable your currently installed Anti-Virus program, how to do so can be read here.

Vista / 7 users: You will need to to right-click on either the Internet Explorer or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on:

    Posted Image

    Note: If using Mozilla Firefox a window will open telling you that you will need to download the ESET Smart Installer. Click on esetsmartinstaller_enu.exe to download the Smart Installer. Save it to the desktop.
    When prompted double click on the Posted Image icon on the desktop. After successful installation of ESET Smart Installer ESET Online Scanner is launched in a new window.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • A new window will open:

    Posted Image
  • Select the option YES, I accept the Terms of Use then click on:

    Posted Image
  • When prompted allow the Add-On/Active X to install. The following window will open:

    Posted Image

    • Uncheck the box beside Remove Found Threats
    • Check the box Scan archives.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

A.
If No Threats Were Found:
  • Put a checkmark in Uninstall application on close
  • Close the program
  • Report to me that nothing was found
B.
If Threats Were Found:
  • Click on list of threats found
  • Click on export to text file and save it to the desktop as ESET SCAN.txt
  • Click on Back
  • Put a checkmark in Uninstall application on close Be sure you have saved the file first
  • Click on Finish
  • Close the program
Don't forget to enable your Antivirus program and screen saver.


Step-5.

Virustotal File Upload:

To use Virustotal go Here
Posted Image
  • Click the Choose File button in the middle of the screen. This will open a File Upload window.
  • On the File Upload window, in the File name box, type, or copy and paste the following and click Open:
    NOTE.. Only one file per scan

    C:\Program Files (x86)\mozilla firefox\searchplugins\bingober12024822.xml
    C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober44157065.xml
    C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober9374724.xml    .
  • This will put the file in the box on the Virustotal page.
  • Click the Scan it! button.
  • IF you get a message that the file has already been analyzed click the Reanalyze button and the file will be scanned.
  • Please be patient while the file is scanned. It may take several minutes.
  • Once the scan results appear, please copy and paste the Virustotal link(s) (URL) in your next reply
  • Repeat 1 thru 7 for each file listed.

Step-6.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my question above.
2. Let me know hoe the uninstall went.
3. The OTL fixes log
4. The ESET scan log (IF it found anything). If it didn't just let me know.
5. The VirusTotal URL links
  • 0

Advertisements

#11
PattyB
Posted 17 November 2013 - 01:07 PM

PattyB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thanks for checking the logs.
I only use Firefox as a browser. I do use a program for my church budgets & it is an online program. I am having problems in this program. I do have tech support for this program. P.S. The screen just flipped like crazy.
The pogo games uninstall went smooth.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}\ not found.
File C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\jmw0oceh.default\searchplugins\bingp.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\ not found.
File C:\Program Files (x86)\Pogo Games\iWinGamesHookIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb46be07-13eb-4c49-b0f0-fc78b9ea4983}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb46be07-13eb-4c49-b0f0-fc78b9ea4983}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job moved successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\Pogo Games not found.
C:\Users\Pat\AppData\Roaming\Pogo Games\wordwhomp_cdl\Properties folder moved successfully.
C:\Users\Pat\AppData\Roaming\Pogo Games\wordwhomp_cdl\Cache folder moved successfully.
C:\Users\Pat\AppData\Roaming\Pogo Games\wordwhomp_cdl folder moved successfully.
C:\Users\Pat\AppData\Roaming\Pogo Games\Common\Cache folder moved successfully.
C:\Users\Pat\AppData\Roaming\Pogo Games\Common folder moved successfully.
C:\Users\Pat\AppData\Roaming\Pogo Games folder moved successfully.
File\Folder C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 not found.
File\Folder C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 not found.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0 folder moved successfully.
File\Folder C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.4.0.5_0 not found.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\__MACOSX\_locales folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\__MACOSX folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\zh_TW folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\zh_CN folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\vi folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\uk folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\tr folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\th folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\sr folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\sl folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\sk folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\se folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ru folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ro folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\pt_PT folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\pt_BR folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\pl folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\no folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\nl folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\lv folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\lt folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ko folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ja folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\it folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\id folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\hu folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\hr folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\hi folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\fr folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\fil folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\fi folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\es folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\en folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\el folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\de folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\da folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\cs folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ca folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\bg folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ar folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales folder moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Pat
->Temp folder emptied: 2613944 bytes
->Temporary Internet Files folder emptied: 1456197 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 154400417 bytes
->Google Chrome cache emptied: 6237916 bytes
->Flash cache emptied: 2640 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 46416 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1926 bytes

Total Files Cleaned = 157.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11162013_140018

Files\Folders moved on Reboot...
C:\Users\Pat\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Users\Pat\Downloads\ComcastTB_3.5.exe multiple threats
https://www.virustot...sis/1384713315/


https://www.virustot...sis/1384713946/

https://www.virustot...sis/1384714326/
  • 0

#12
PattyB
Posted 17 November 2013 - 01:12 PM

PattyB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Users\Pat\Downloads\ComcastTB_3.5.exe multiple threats
  • 0

#13
godawgs
Posted 17 November 2013 - 01:27 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

I only use Firefox as a browser.

I understand. But could you use other browsers and tell me if it happens in them as well or is it just Firefox?

I forgot to ask for the MalwareBytes log. You can find it by opening the MalwareBytes program and clicking on the Logs tab. Then click the most recent log file and click the Open button. Copy and Paste that log into your next reply.


Step-1.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
  • Right click the FSS.exe file, click Run as Administrator and OK any UAC prompts.

    Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step-2.

Run Security Check

Download Security Check from here or here and save it to the Desktop.
  • Right click the SecurityCheck icon Posted Image and click Run as Administrator to run the application. Allow any UAC warnings.
  • Follow the onscreen instructions inside of the black box.

    Posted Image
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my questions above.
2. The MalwareBytes log
3. The FSS.txt log
4. The checkup.txt log
  • 0

#14
PattyB
Posted 19 November 2013 - 12:46 PM

PattyB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
In IE the screen goes all the way down to a smaller window, so it seems worse. In fact, I had to reboot just to post this answer because it is really acting up. I also cannot connect to my Church Program. I would like to have some idea as to when I can get that back... I figure I might have to reinstall or something, I'm not sure, but I don't want to contact them until I have your OK. Thanks so much for all your help!

MBAM:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.16.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Pat :: PAT-PC [administrator]

11/16/2013 2:11:28 PM
mbam-log-2013-11-16 (14-11-28).txt

Scan type: Full scan (C:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 724819
Time elapsed: 2 hour(s), 8 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Pat\Desktop\Connect2Carol.exe (PUP.Radmin) -> Quarantined and deleted successfully.

(end)


Farbar Service Scanner Version: 10-11-2013
Ran by Pat (administrator) on 19-11-2013 at 13:35:17
Running from "C:\Users\Pat\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-11-13 07:13] - [2013-09-27 20:09] - 0497152 ____A (Microsoft Corporation) 79059559E89D06E8B80CE2944BE20228

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-10-09 20:48] - [2013-09-07 21:30] - 1903552 ____A (Microsoft Corporation) 40AF23633D197905F03AB5628C558C51

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Results of screen317's Security Check version 0.99.77
Windows 7 Service Pack 1 x64
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2014
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java™ 6 Update 22
Java version out of Date!
Adobe Flash Player 11.9.900.117
Adobe Reader XI
Mozilla Firefox (25.0.1)
Google Chrome 31.0.1650.48
Google Chrome 31.0.1650.57
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
  • 0

#15
godawgs
Posted 19 November 2013 - 02:06 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the log.

I also cannot connect to my Church Program.

When did this happen? Was it after the MalwareBytes scan back on 11/16?

Do you know what this file on the desktop is/was?: C:\Users\Pat\Desktop\Connect2Carol.exe

For the Firefox issue let's see if a plugin, preference setting, extension or theme is causing it:

Please go to the Firefox support page here and follow the directions to troubleshoot those items.

Let me know if that resolved the issue.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP