[DonnaB]

It's the free version, and I just downloaded it yesterday (had previously uninstalled it when we fixed the laptop the first time).

You're right. That's my fault. The Holidays came upon us so fast having you reinstall Spybot and AVG totally slipped my mind. I do apologize.

Download sites like CNET, Softonic, etc. are notorious for including foistware to be installed along side with free software not to mention many free softwares are redirecting to sites such as those and many users end up with unwanted software on the system. I use a site called Ninite which offers just the installers that are free of all that foistware (they're not in it for the money like those "other" sites are). If they don;t have the installer for the software you desire, you can request the software to be added to their library of installers by filling out the suggestion form at the bottom left of the page.

I'm about to run those scans, it may take a while as this computer is going super slow.

I'll await those logs.

[Advertisements]

No need to apologize! I'm having issues installing JRT, though. It only opens for a second before crashing. I've tried removing it and redownloading it, but to no avail. I really hope we can figure this out

[CZ2761]

No need to apologize! I'm having issues installing JRT, though. It only opens for a second before crashing. I've tried removing it and redownloading it, but to no avail. I really hope we can figure this out

[DonnaB]

I'm having issues installing JRT, though. It only opens for a second before crashing.

Ok. Go with AdwCleaner first and see if that works.

Let me know.

[CZ2761]

Okay I finally have the AdwCleaner log :

# AdwCleaner v3.016 - Report created 01/01/2014 at 17:29:47
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Chris - CHRIS-PC
# Running from : C:\Users\Chris\Downloads\AdwCleaner (1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\safeguard-secure-search.xml
File Found : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Found : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Found : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\wpufm3lp.default\searchplugins\conduit-search.xml
File Found : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\wpufm3lp.default\user.js
Folder Found : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhbbmmgbnjalccamlaefhepnajfmgopb
Folder Found : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\wpufm3lp.default\Extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
Folder Found C:\Program Files\AVG SafeGuard toolbar
Folder Found C:\Program Files\AVG Secure Search
Folder Found C:\Program Files\Common Files\AVG Secure Search
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\Searchprotect
Folder Found C:\ProgramData\AVG SafeGuard toolbar
Folder Found C:\ProgramData\AVG Secure Search
Folder Found C:\ProgramData\Conduit
Folder Found C:\Users\Chris\AppData\Local\AVG SafeGuard toolbar
Folder Found C:\Users\Chris\AppData\Local\AVG Secure Search
Folder Found C:\Users\Chris\AppData\Local\NativeMessaging
Folder Found C:\Users\Chris\AppData\Local\Temp\AirInstaller
Folder Found C:\Users\Chris\AppData\Local\Temp\CT3306061
Folder Found C:\Users\Chris\AppData\Local\Temp\NativeMessaging
Folder Found C:\Users\Chris\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found C:\Users\Chris\AppData\LocalLow\AVG Secure Search
Folder Found C:\Users\Chris\AppData\LocalLow\Conduit
Folder Found C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\wpufm3lp.default\CT3306061
Folder Found C:\Windows\system32\Searchprotect

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\jhbbmmgbnjalccamlaefhepnajfmgopb
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\SearchProtect
Key Found : HKLM\Software\AVG SafeGuard toolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3315828
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jhbbmmgbnjalccamlaefhepnajfmgopb
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\SearchProtect
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\wpufm3lp.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword

*************************

AdwCleaner[R0].txt - [8359 octets] - [01/01/2014 17:01:32]
AdwCleaner[R1].txt - [8279 octets] - [01/01/2014 17:29:47]
AdwCleaner[S0].txt - [350 octets] - [01/01/2014 17:26:48]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [8398 octets] ##########

[DonnaB]

Perfect!

AdwCleaner found tons of foistware.

Double-click AdwCleaner.exe to run the tool again.

• Click the Scan button.
  Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
• AdwCleaner will begin to scan your computer like it did before.
• After the scan has finished, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Next:

Please download MiniToolBox and run it.

Checkmark following boxes ONLY:

• Flush DNS
• List last 10 Event Viewer log
• List Installed Programs
• List Devices - (dial) Only Problems - (dial) No Driver (dial) All
• List Users, Partitions and Memory size
• List Minidump Files

Click Go and post the result.

Also include the following log:

AdwCleaner[S0].txt

Donna

[CZ2761]

Here is the adwcleaner log:
# AdwCleaner v3.016 - Report created 01/01/2014 at 19:31:13
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Chris - CHRIS-PC
# Running from : C:\Users\Chris\Downloads\AdwCleaner (1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Chris\AppData\Local\Temp\CT3306061
Folder Deleted : C:\Users\Chris\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Chris\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Chris\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\wpufm3lp.default\CT3306061
Folder Deleted : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\wpufm3lp.default\Extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
Folder Deleted : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhbbmmgbnjalccamlaefhepnajfmgopb
File Deleted : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\wpufm3lp.default\searchplugins\conduit-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\wpufm3lp.default\user.js
File Deleted : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\jhbbmmgbnjalccamlaefhepnajfmgopb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jhbbmmgbnjalccamlaefhepnajfmgopb
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3315828
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\wpufm3lp.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url

*************************

AdwCleaner[R0].txt - [8359 octets] - [01/01/2014 17:01:32]
AdwCleaner[R1].txt - [8478 octets] - [01/01/2014 17:29:47]
AdwCleaner[R2].txt - [8538 octets] - [01/01/2014 18:45:31]
AdwCleaner[R3].txt - [7917 octets] - [01/01/2014 19:19:33]
AdwCleaner[R4].txt - [8036 octets] - [01/01/2014 19:30:36]
AdwCleaner[S0].txt - [350 octets] - [01/01/2014 17:26:48]
AdwCleaner[S1].txt - [1147 octets] - [01/01/2014 18:52:14]
AdwCleaner[S2].txt - [350 octets] - [01/01/2014 19:20:20]
AdwCleaner[S3].txt - [7599 octets] - [01/01/2014 19:31:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [7659 octets] ##########

...And here is the MiniToolBox log:
MiniToolBox by Farbar Version: 18-12-2013
Ran by Chris (administrator) on 01-01-2014 at 19:40:02
Running from "C:\Users\Chris\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/01/2014 07:34:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 07:28:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 07:27:44 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/01/2014 07:16:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 07:15:48 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/01/2014 06:15:47 PM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5, faulting module Flash32_11_9_900_170.ocx, version 11.9.900.170, time stamp 0x529b7962, exception code 0xc0000005, fault offset 0x005ac217,
process id 0x1bc4, application start time 0xExplorer.EXE0.

Error: (01/01/2014 04:24:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 04:11:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 03:43:29 PM) (Source: Application Error) (User: )
Description: Faulting application firefox.exe, version 26.0.0.5087, time stamp 0x52a0d273, faulting module kernel32.dll, version 6.0.6002.18704, time stamp 0x5065ccb6, exception code 0x0eedfade, fault offset 0x0003fc16,
process id 0x145c, application start time 0xfirefox.exe0.

Error: (01/01/2014 03:40:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/01/2014 07:36:20 PM) (Source: Service Control Manager) (User: )
Description: QuickPlay Task Scheduler (QTS)

Error: (01/01/2014 07:34:07 PM) (Source: Service Control Manager) (User: )
Description: vToolbarUpdater17.2.0%%2

Error: (01/01/2014 07:34:07 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (01/01/2014 07:34:07 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Display Driver Servicenvlddmkm%%1058

Error: (01/01/2014 07:32:15 PM) (Source: disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/01/2014 07:32:15 PM) (Source: disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/01/2014 07:32:15 PM) (Source: disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/01/2014 07:32:15 PM) (Source: disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/01/2014 07:32:15 PM) (Source: disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/01/2014 07:32:15 PM) (Source: disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.


Microsoft Office Sessions:
=========================
Error: (01/01/2014 07:34:06 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 07:28:38 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 07:27:44 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/01/2014 07:16:37 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 07:15:48 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/01/2014 06:15:47 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.0.6002.1800549e01da5Flash32_11_9_900_170.ocx11.9.900.170529b7962c0000005005ac2171bc401cf0746a965b63f

Error: (01/01/2014 04:24:39 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 04:11:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 03:43:29 PM) (Source: Application Error)(User: )
Description: firefox.exe26.0.0.508752a0d273kernel32.dll6.0.6002.187045065ccb60eedfade0003fc16145c01cf073219ee8566

Error: (01/01/2014 03:40:38 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2014-01-01 14:50:54.135
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-01 14:50:53.948
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-01 14:50:53.776
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-01 14:50:53.605
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-01 14:50:53.433
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-01 14:50:53.230
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-01 14:50:53.059
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-01 14:50:52.887
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-01 14:50:52.700
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-01 14:50:52.544
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Reader 8.1.0 (Version: 8.1.0)
Adobe Shockwave Player (Version: 10.2.0.023)
Adobe Shockwave Player 12.0 (Version: 12.0.6.147)
Age of Empires II HD © Microsoft Studios version 1 (Version: 1)
Age of Empires II: HD Edition
Age of Empires III - The Asian Dynasties (Version: 1.00.0000)
Age of Empires III (Version: 1.00.0000)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.704.0)
Auslogics DiskDefrag (Version: 4.4.0.0)
AVG 2013 (Version: 13.0.3462)
AVG 2013 (Version: 13.0.3658)
AVG 2013 (Version: 2013.0.3462)
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.30.20.0)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0209.1059.19636)
Catalyst Control Center Graphics Full Existing (Version: 2009.0209.1059.19636)
Catalyst Control Center Graphics Full New (Version: 2009.0209.1059.19636)
Catalyst Control Center Graphics Light (Version: 2009.0209.1059.19636)
Catalyst Control Center Graphics Previews Common (Version: 2009.0209.1059.19636)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0209.1059.19636)
Catalyst Control Center InstallProxy (Version: 2009.0209.1059.19636)
CCC Help English (Version: 2009.0209.1058.19636)
ccc-core-static (Version: 2009.0209.1059.19636)
ccc-utility (Version: 2009.0209.1059.19636)
CCleaner (Version: 3.12)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.02026)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.02026)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Crystal Reports 2008 Runtime SP1 (Version: 12.1.0.882)
CyberLink DVD Suite (Version: 5.5.1519)
CyberLink YouCam (Version: 2.0.1616)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
EasyCleaner (Version: 2.0.6.380)
Google Chrome (Version: 31.0.1650.63)
Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2)
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.63.2)
HP Active Support Library (Version: 3.1.4.1)
HP Customer Experience Enhancements (Version: 5.6.0.2510)
HP Doc Viewer (Version: 1.01.0005)
HP Help and Support (Version: 2.0.7.0)
HP Photosmart Essential 2.5 (Version: 1.02.0000)
HP Photosmart Essential 2.5 (Version: 2.5)
HP Quick Launch Buttons 6.40 D3 (Version: 6.40 D3)
HP QuickPlay 3.7
HP QuickTouch 1.00 D2 (Version: 1.0.9)
HP Smart Web Printing (Version: 109.9.19158)
HP Support Solutions Framework (Version: 11.50.0000)
HP Total Care Advisor (Version: 2.1.3359.2635)
HP Update (Version: 4.000.010.008)
HP User Guides 0103 (Version: 1.01.0000)
HP Wireless Assistant (Version: 3.00 I2)
HPNetworkAssistant (Version: 1.1.70)
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.02.0000)
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.02.0000)
HPPhotoSmartDiscLabel_Tattoo (Version: 2.02.0000)
HPPhotoSmartDiscLabelContent1 (Version: 2.02.0000)
hpphotosmartdisclabelplugin (Version: 2.02.0000)
HPPhotoSmartPhotobookHolidayPack1 (Version: 1.00.0000)
HPPhotoSmartPhotobookModernPack1 (Version: 1.00.0000)
HPPhotoSmartPhotobookPlayfulPack1 (Version: 1.00.0000)
HPPhotoSmartPhotobookScrapbookPack1 (Version: 1.00.0000)
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000)
HPTCSSetup (Version: 1.0.964.2626)
IDT Audio (Version: 1.0.5893.0)
iTunes (Version: 11.1.0.126)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
JMicron JMB38X Flash Media Controller (Version: 1.00.11.02)
LabelPrint (Version: 2.20.2719)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (Version: 11.0.60610.1)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0)
Mozilla Maintenance Service (Version: 26.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee autoProducer 6.1 (Version: 6.10.050)
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OpenOffice 4.0.1 (Version: 4.01.9714)
Peachtree Accounting 2011 (Version: 18.0.04)
PeachTree Signature Ready Forms (Version: 6.11.1)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
Pervasive PSQL v10 SP2 Workgroup (32-bit) (Version: 10.10.126)
Pervasive PSQL v10 SP2 Workgroup (32-bit) (Version: 10.20.034)
Power2Go (Version: 5.6.3919)
PowerDirector (Version: 6.5.2719)
ProtectSmart Hard Drive Protection (Version: 3.10 A7)
PSSWCORE (Version: 2.02.0000)
QuickPlay SlingPlayer 0.4.6 (Version: 0.4.6)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000)
Sage Integration Services (Version: 2.2.2240)
Sage Message Center (Version: 2.00.0000)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skins (Version: 2009.0209.1059.19636)
Skype™ 5.10 (Version: 5.10.116)
Slingbox Flash Tour (Version: 1.0.0)
SlingPlayer (Version: 1.04.0206)
Snagit 11 (Version: 11.0.0)
Spybot - Search & Destroy (Version: 1.6.2)
Steam
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 10.2.4.0)
System Requirements Lab CYRI (Version: 6.0.8.0)
Team Fortress 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
VideoToolkit01 (Version: 100.0.128.000)
VitalSource Bookshelf (Version: 5.05.0047)
VLC media player 1.1.11 (Version: 1.1.11)
War Thunder
Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0) (Version: 09/04/2008 2.6.0.0)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 3068.43 MB
Available physical RAM: 1843.16 MB
Total Pagefile: 6339.12 MB
Available Pagefile: 5119.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.38 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:222.46 GB) (Free:104.19 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:10.42 GB) (Free:1.73 GB) NTFS

========================= Users: ========================================

User accounts for \\CHRIS-PC

Administrator Chris Guest

========================= Minidump Files ==================================

C:\Windows\Minidump\Mini022713-01.dmp
C:\Windows\Minidump\Mini120412-01.dmp
C:\Windows\Minidump\Mini120813-01.dmp

**** End of log ****


It took three tries before I could get the adwCleaner log, it kept freezing up. I finally got it to work by restarting in Safe Mode. Starting Windows regularly or in Safe Mode with Networking causes the computer to run slow and causes all of those explorer.exe and iexplorer.exe processes to run.

[DonnaB]

Hi CZ2761,

In your first post today you stated the following:

Hello again,

My laptop was running great until yesterday.

Was this before you reinstalled AVG? Reason I ask is as follows:

The post above, in the MiniToolBox log under CodeIntegrity Errors: is the following:

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

If you notice, all 10 of the Code Integrity Errors are related to that one driver which is avgidshx.sys and related to AVG.

Now, if you look further down the same log you will see Installed Programs and in the list of installed programs you will see the following:

AVG 2013 (Version: 13.0.3462)
AVG 2013 (Version: 13.0.3658)
AVG 2013 (Version: 2013.0.3462)

It appears that there are 3 versions of AVG installed. That can cause conflicts.

Let's see what uninstalling AVG and reinstalling it will do. Please follow the instructions below to uninstall the proper way to ensure all residual files are removed prior to reinstalling:

Download the AVG Removal tool to your desktop.

Download the installer for AVG to your desktop. To do so, look for AVG under the Security category and place a checkmark in the box to the left then scroll down and click on the green Get Installer button.

Note: If you decide you would like to try a different AV, my recommendation would be Avast.

Next:

Disconnect from the internet....

Go to Start > Control Panel > Programs and Features and uninstall AVG.

Reboot. DO NOT connect to the internet just yet.

Click on the AVG Removal Tool and allow it to remove the leftover files.

Once complete, click on the AVG executable and install.

Reboot your computer. It is now safe to connect to the internet.

Let me know the results.

[CZ2761]

I completed all of the steps up until the re-installation of AVG. I'm going to try out Avast instead.

I installed AVG after the computer rebooted itself, and it's been slow since.

Also, during one of the reboots earlier, a form of advertisement popped-up in between shutting down the desktop and rebooting. It wasn't running while I was working but appeared to be like a webpage (like a third party or adware page). Not sure if it's something new or something that will be found in a scan.

The laptop is still running slowly.

Edited by CZ2761, 01 January 2014 - 09:37 PM.

[DonnaB]

I completed all of the steps up until the re-installation of AVG. I'm going to try out Avast instead.

You'll like Avast. Honestly, it is much better than AVG. Doesn't feed on the resources as much.

Also, during one of the reboots earlier, a form of advertisement popped-up in between shutting down the desktop and rebooting

Let me know if that happens again.

I'm discussing some of the entries in the logs above with one of my fellow associates for a second opinion. I'll post back as soon as possible. May not be tonight, then I'm back to work in the a.m.

In my absence, please do not try getting the JRT to run that would run before. It will flush out the Event Viewer logs that I may need for diagnostic purposes. Though, if you would, once you get Avast installed and registered, could you please run a boot time scan(instructions found further down the page). A log should be found when you click on Scan > Scan history which will be found at the bottom of the scan window.

Thank you,
Donna

[CZ2761]

I installed Avast and ran the boot-time scan, and when Windows started an error message came up saying that explorer.exe experienced a problem and had to close. All I have now is a black screen with the mouse cursor. I was able to open programs through the task manager. The Avast scan found 5 threats but only has a list of the threats, not a log that I can paste here. The files infected (with their status) are:

C:\Program Files\Uninstaller\Uninstall.exe PUP:Win32:Installer-U [PUP]
C:\Users\Chris\AppData\Loval\SwvUpdater\Updater.exe|>[UPX] PUP:Win32:Amonetize-D [PUP]
C:\Users\Chris\AppData\Local\Temp\parent.txt PUP:Win32:DomalQ-BB[PUP]
C:\Users\Chris\AppData\Local\Temp\ee8b35c9-c1f5-42-ea-8f1c-e582cb352cee0\parent.txt PUP:Win32:DomalQ-BB [PUP]

C:\Users\Chris\Downloads\avast.exe PUP:Win32:DomalQ-BB[PUP]

It also seems like a third-party program is installed and created an add-on for firefox, it's called snap.do

This poor machine!

[DonnaB]

It also seems like a third-party program is installed and created an add-on for firefox, it's called snap.do

AdwCleaner should have removed that along with smartbar. Let's have another look with OTL to see what was missed.

• Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
• Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox
  and
• Check the option for All under the Extra Registry section
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

• OTL.txt <-- Will be opened, maximized
• Extras.txt <-- Will be minimized on task bar.

Please post the contents of both OTL.txt and Extras.txt files in your next reply.

[CZ2761]

It seems to have popped up after the last OTL scan. This is so crazy!

Here are those logs:

OTL logfile created on: 1/3/2014 12:03:56 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 78.29% Memory free
6.19 Gb Paging File | 5.56 Gb Available in Paging File | 89.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.46 Gb Total Space | 106.68 Gb Free Space | 47.95% Space Free | Partition Type: NTFS
Drive D: | 10.42 Gb Total Space | 1.73 Gb Free Space | 16.58% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/02 10:26:53 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/01/02 10:18:48 | 000,143,488 | ---- | M] () -- c:\Program Files\Optimizer Pro\OptProCrash.exe
PRC - [2014/01/01 14:33:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Downloads\OTL.exe
PRC - [2013/12/17 12:03:22 | 000,046,904 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
PRC - [2011/10/31 10:00:15 | 000,435,528 | ---- | M] (Pervasive Software Inc.) -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
PRC - [2009/04/11 01:27:48 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\PresentationSettings.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/03/26 17:26:56 | 000,341,328 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe
PRC - [2008/02/12 15:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/02/08 19:47:56 | 000,159,744 | ---- | M] () -- C:\WINDOWS\System32\atitmmxx.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe -- (vToolbarUpdater17.2.0)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2014/01/02 10:26:53 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/01/02 10:18:48 | 000,143,488 | ---- | M] () [Auto | Running] -- c:\Program Files\Optimizer Pro\OptProCrash.exe -- (ca82e1a5)
SRV - [2013/12/17 12:03:22 | 000,046,904 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2013/12/12 10:36:12 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/11 14:40:36 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/12/11 11:14:54 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/19 17:45:18 | 000,038,440 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/03/09 00:10:32 | 030,798,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/12/13 04:44:32 | 000,544,840 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/18 13:47:00 | 002,370,448 | ---- | M] (WIBU-SYSTEMS AG) [Disabled | Stopped] -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2011/10/31 10:00:15 | 000,435,528 | ---- | M] (Pervasive Software Inc.) [Auto | Running] -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)
SRV - [2011/10/25 11:51:56 | 000,043,848 | R--- | M] (Sage Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Sage\Peachtree\SmartPostingService2011.exe -- (Peachtree SmartPosting 2011)
SRV - [2008/04/15 13:18:38 | 000,221,239 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_030ac640\stacsv.exe -- (STacSV)
SRV - [2008/03/26 17:26:56 | 000,341,328 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/12 15:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe -- (AESTFilters)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a1huorjw)
DRV - File not found [Kernel | Unavailable | Unknown] -- C:\Windows\TEMP\3738.tmp -- (4875c600)
DRV - [2014/01/02 10:27:01 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/01/02 10:27:01 | 000,410,528 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2014/01/02 10:27:01 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/01/02 10:27:01 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/01/02 10:27:01 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/01/02 10:27:01 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2014/01/02 10:27:01 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/01/01 10:17:17 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/11/23 01:30:40 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/05/19 21:52:37 | 000,466,008 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sptd.sys -- (sptd)
DRV - [2012/12/13 04:28:44 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2012/12/13 04:26:38 | 000,058,320 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\acsmux.sys -- (acsmux)
DRV - [2012/12/13 04:26:38 | 000,039,888 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\acsint.sys -- (acsint)
DRV - [2009/02/08 21:06:20 | 004,172,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/11/17 14:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/09/04 01:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/05/13 21:09:00 | 007,443,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/13 21:09:00 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/15 13:19:54 | 000,378,368 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/04/15 05:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/11 12:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/03/27 15:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2008/03/27 15:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2007/07/11 12:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 02:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=02/01/2014
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1961090724-942705277-1128008459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKU\S-1-5-21-1961090724-942705277-1128008459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=02/01/2014
IE - HKU\S-1-5-21-1961090724-942705277-1128008459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=02/01/2014
IE - HKU\S-1-5-21-1961090724-942705277-1128008459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...Date=02/01/2014
IE - HKU\S-1-5-21-1961090724-942705277-1128008459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1961090724-942705277-1128008459-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=02/01/2014
IE - HKU\S-1-5-21-1961090724-942705277-1128008459-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=02/01/2014
IE - HKU\S-1-5-21-1961090724-942705277-1128008459-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-1961090724-942705277-1128008459-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=02/01/2014
IE - HKU\S-1-5-21-1961090724-942705277-1128008459-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1961090724-942705277-1128008459-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://feed.snapdo.c...ate=02/01/2014"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2011.70
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.URL: "http://feed.snapdo.c...=02/01/2014&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1206147.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Chris\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Chris\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/06/10 08:37:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/01/02 10:27:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/11/08 18:54:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2014/01/02 10:26:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\wpufm3lp.default\extensions
[2014/01/02 10:21:07 | 000,002,425 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\wpufm3lp.default\searchplugins\Web Search.xml
[2013/09/06 21:15:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/27 17:24:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/12 10:36:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/01/02 10:27:04 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\2.0.5.6_0\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\18.2_0\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mogcbkkjhojimpkmhbpndncicbcfigid\1.0_0\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/08/11 17:57:53 | 000,001,161 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 forum.alcohol-soft.com
O1 - Hosts: 127.0.0.1 support.alcohol-soft.com
O1 - Hosts: 127.0.0.1 users.alcohol-soft.com
O1 - Hosts: 127.0.0.1 shop.alcohol-soft.com
O1 - Hosts: 127.0.0.1 vodka.alcohol-soft.com
O1 - Hosts: 127.0.0.1 *.alcohol-soft.com
O1 - Hosts: 127.0.0.1 *.alcohol-soft.*
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1961090724-942705277-1128008459-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1961090724-942705277-1128008459-1000..\Run: [URmedia] C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKU\.DEFAULT..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found
O4 - HKU\S-1-5-18..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-1961090724-942705277-1128008459-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-1961090724-942705277-1128008459-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1961090724-942705277-1128008459-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0819543E-146D-4416-8CDE-A68597624A77}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C8DA66C-C24A-49EF-B3BB-7F784FC0114A}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B72DD6A-D65E-4A6A-A9E0-50489A711B2A}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~1\optimi~1\optpro~1.dll) - c:\Program Files\Optimizer Pro\OptProCrash.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 08:11:44 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0981f7da-6a65-11e3-bf63-00269e1d9082}\Shell - "" = AutoRun
O33 - MountPoints2\{0981f7da-6a65-11e3-bf63-00269e1d9082}\Shell\AutoRun\command - "" = H:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{44229e24-6ac8-11e1-8a5e-001eecf4b2ed}\Shell - "" = AutoRun
O33 - MountPoints2\{4b2a77ef-c0f9-11e2-8ae5-001eecf4b2ed}\Shell - "" = AutoRun
O33 - MountPoints2\{4b2a77ef-c0f9-11e2-8ae5-001eecf4b2ed}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{cc973cc0-02d5-11e3-93df-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cc973cc0-02d5-11e3-93df-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{cc973cc0-02d5-11e3-93df-806e6f6e6963}\Shell\setup\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/02 10:34:25 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2014/01/02 10:29:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\AVAST Software
[2014/01/02 10:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/01/02 10:28:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2014/01/02 10:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/01/02 10:27:45 | 000,057,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2014/01/02 10:27:43 | 000,775,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2014/01/02 10:27:42 | 000,410,528 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2014/01/02 10:27:41 | 000,067,824 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/01/02 10:27:40 | 000,054,832 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2014/01/02 10:27:07 | 000,270,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/01/02 10:27:00 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/01/02 10:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/01/02 10:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/01/02 10:20:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Optimizer Pro
[2014/01/02 10:19:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Smartbar
[2014/01/02 10:19:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Optimizer Pro
[2014/01/02 10:19:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2014/01/02 10:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
[2014/01/02 10:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/01/02 10:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
[2014/01/02 10:18:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\SwvUpdater
[2014/01/02 10:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro
[2014/01/01 17:00:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/01 09:47:05 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2014/01/01 06:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\PassShow
[2014/01/01 06:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\ToniArts
[2014/01/01 06:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyCleaner
[2013/12/31 22:47:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013/12/31 22:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2013/12/31 22:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2013/12/31 21:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/12/31 21:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/12/21 23:50:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2013/12/21 23:48:45 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\WarThunder
[2013/12/21 23:48:45 | 000,000,000 | ---D | C] -- C:\ProgramData\WarThunder
[2013/12/21 16:13:22 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\URmedia
[2013/12/16 20:28:08 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\tdsskiller.exe
[2013/12/14 17:09:59 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\CyberLink
[2013/12/12 10:36:52 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/12/12 10:36:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/12/12 10:36:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/12/12 10:36:46 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/12/12 10:36:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/12/12 10:36:44 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/12/12 10:36:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/12/12 10:36:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/12/12 01:05:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\TuneUp Software
[2013/12/11 14:06:27 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/12/11 14:06:25 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
[2013/12/11 14:06:25 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2013/12/11 14:06:25 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2013/12/11 14:06:22 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013/12/11 14:06:22 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll
[2013/12/07 21:25:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Auslogics
[2013/12/07 21:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2013/12/07 21:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2013/12/07 20:55:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2013/12/06 21:39:33 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\OpenOffice
[2013/12/06 21:37:48 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
[2013/12/06 21:36:11 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice 4
[2013/12/06 21:35:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\OpenOffice 4.0.1 (en-US) Installation Files
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/03 00:00:09 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/03 00:00:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/03 00:00:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/02 23:59:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/02 23:59:35 | 3218,280,448 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/02 13:40:57 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/02 13:34:19 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1961090724-942705277-1128008459-1000UA.job
[2014/01/02 13:14:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/02 13:07:19 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2014/01/02 10:34:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1961090724-942705277-1128008459-1000Core.job
[2014/01/02 10:29:25 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/01/02 10:27:01 | 000,775,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2014/01/02 10:27:01 | 000,410,528 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2014/01/02 10:27:01 | 000,180,248 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/01/02 10:27:01 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/01/02 10:27:01 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2014/01/02 10:27:01 | 000,054,832 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2014/01/02 10:27:01 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/01/02 10:27:00 | 000,270,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/01/02 10:27:00 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/01/02 10:21:11 | 000,002,065 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Search.lnk
[2014/01/02 10:21:10 | 000,002,041 | ---- | M] () -- C:\Users\Chris\Desktop\Search.lnk
[2014/01/02 10:19:18 | 000,000,854 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/01/02 10:19:18 | 000,000,844 | ---- | M] () -- C:\Users\Chris\Desktop\MyPC Backup.lnk
[2014/01/02 10:18:46 | 000,000,819 | ---- | M] () -- C:\Users\Chris\Desktop\Optimizer Pro.lnk
[2014/01/01 21:39:21 | 000,008,944 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2014/01/01 10:58:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2014/01/01 10:58:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2014/01/01 10:56:26 | 000,000,115 | ---- | M] () -- C:\Windows\wininit.ini
[2014/01/01 10:17:17 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2014/01/01 07:08:00 | 000,000,104 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Computer - Shortcut.lnk
[2013/12/31 22:47:45 | 000,001,039 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/12/31 22:47:45 | 000,001,015 | ---- | M] () -- C:\Users\Chris\Desktop\Spybot - Search & Destroy.lnk
[2013/12/22 14:19:31 | 000,008,516 | ---- | M] () -- C:\Users\Chris\chilipepper.jpg
[2013/12/21 19:31:57 | 000,608,660 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/21 19:31:57 | 000,105,842 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/12/16 20:28:24 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\tdsskiller.exe
[2013/12/14 17:09:58 | 002,989,660 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\DVD.exe
[2013/12/13 19:30:36 | 000,018,195 | ---- | M] () -- C:\Users\Chris\Desktop\Wines.odt
[2013/12/12 11:01:32 | 000,430,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/12/11 11:14:51 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/12/11 11:14:51 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/12/08 18:52:21 | 269,701,115 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/12/07 21:25:23 | 000,000,922 | ---- | M] () -- C:\Users\Chris\Desktop\Auslogics DiskDefrag.lnk
[2013/12/06 21:48:20 | 000,015,215 | ---- | M] () -- C:\Users\Chris\Documents\cwabcaiks.odt
[2013/12/06 21:37:59 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
[2013/12/06 00:32:52 | 000,002,044 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/06 00:32:52 | 000,002,042 | ---- | M] () -- C:\Users\Chris\Desktop\Google Chrome.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/02 10:29:25 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/01/02 10:28:10 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/02 10:28:04 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/02 10:27:44 | 000,180,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/01/02 10:27:42 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/01/02 10:21:11 | 000,002,071 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2014/01/02 10:21:11 | 000,002,065 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Search.lnk
[2014/01/02 10:21:10 | 000,002,041 | ---- | C] () -- C:\Users\Chris\Desktop\Search.lnk
[2014/01/02 10:19:18 | 000,000,854 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/01/02 10:19:18 | 000,000,844 | ---- | C] () -- C:\Users\Chris\Desktop\MyPC Backup.lnk
[2014/01/02 10:18:46 | 000,000,819 | ---- | C] () -- C:\Users\Chris\Desktop\Optimizer Pro.lnk
[2014/01/02 10:18:42 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\AmiUpdXp.job
[2014/01/01 22:07:08 | 3218,280,448 | -HS- | C] () -- C:\hiberfil.sys
[2014/01/01 10:58:18 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2014/01/01 10:58:18 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2014/01/01 07:08:00 | 000,000,104 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Computer - Shortcut.lnk
[2013/12/31 22:47:45 | 000,001,039 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/12/31 22:47:45 | 000,001,015 | ---- | C] () -- C:\Users\Chris\Desktop\Spybot - Search & Destroy.lnk
[2013/12/22 14:19:30 | 000,008,516 | ---- | C] () -- C:\Users\Chris\chilipepper.jpg
[2013/12/13 19:11:43 | 000,018,195 | ---- | C] () -- C:\Users\Chris\Desktop\Wines.odt
[2013/12/07 21:25:23 | 000,000,922 | ---- | C] () -- C:\Users\Chris\Desktop\Auslogics DiskDefrag.lnk
[2013/12/06 21:48:18 | 000,015,215 | ---- | C] () -- C:\Users\Chris\Documents\cwabcaiks.odt
[2013/12/06 21:37:59 | 000,000,977 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
[2013/11/30 07:02:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/11/29 21:26:00 | 000,000,115 | ---- | C] () -- C:\Windows\wininit.ini
[2013/11/27 12:28:13 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/11/25 01:23:39 | 000,000,552 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d8caps.dat
[2013/11/24 14:11:42 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2013/09/29 16:38:11 | 000,000,495 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013/05/19 22:15:01 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2013/04/18 17:25:16 | 000,188,468 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/05/25 18:17:09 | 000,034,814 | ---- | C] () -- C:\Users\Chris\AppData\Local\dt.dat
[2012/01/28 11:19:31 | 000,008,944 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2011/11/14 00:28:17 | 000,071,168 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/08 10:09:37 | 000,249,739 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/11/08 10:09:32 | 000,249,739 | ---- | C] () -- C:\ProgramData\nvModes.dat

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


And the Extras:
OTL Extras logfile created on: 1/3/2014 12:03:56 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 78.29% Memory free
6.19 Gb Paging File | 5.56 Gb Available in Paging File | 89.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.46 Gb Total Space | 106.68 Gb Free Space | 47.95% Space Free | Partition Type: NTFS
Drive D: | 10.42 Gb Total Space | 1.73 Gb Free Space | 16.58% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- "%1" %*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1961090724-942705277-1128008459-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2B86FA71-254F-497F-9722-A25C49D28E11}" = rport=137 | protocol=17 | dir=out | app=system |
"{43688AB0-5026-4109-BD35-C9F94C453FB2}" = lport=138 | protocol=17 | dir=in | app=system |
"{4D463317-8AA1-42EB-AAAA-46FB45DC961D}" = lport=3351 | protocol=6 | dir=in | name=pervasive dbengine |
"{5A4CB45D-0259-4C82-9946-CA1380D42EB2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{866D77D3-8AA2-4318-9874-31E4C1A231B7}" = lport=137 | protocol=17 | dir=in | app=system |
"{8A048E29-75EC-4132-B07E-A99D60547B10}" = lport=445 | protocol=6 | dir=in | app=system |
"{8E599228-5F36-4B01-9782-CDAF7A7DF85D}" = lport=1583 | protocol=6 | dir=in | name=pervasive dbengine |
"{9F3C8C1B-6DA2-4F0D-A981-57594F0D6604}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{BFF9B835-B75B-4BE6-9705-0C23AE776AE0}" = lport=139 | protocol=6 | dir=in | app=system |
"{E3BE076D-61DD-4A6A-80A5-333CF65D0B6A}" = rport=445 | protocol=6 | dir=out | app=system |
"{E50F9893-D461-4BE7-A960-869C3F1DB807}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{EA01412C-D37A-4237-8C2E-247030DB62A5}" = rport=139 | protocol=6 | dir=out | app=system |
"{EFF98E92-7B6F-4782-BDDF-F331AEFABB92}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0263DABF-EF77-48CB-B81B-61C269F641F2}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{086EBDD0-D2A4-4115-9E7D-D5620F6F92C0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\team fortress 2\hl2.exe |
"{0EE63860-31B4-4363-9C13-37DDF7128868}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"{11ADFC12-38B0-4667-82AC-93306FE52F0B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\team fortress 2\hl2.exe |
"{16ACDFE2-0220-4AFE-B2BD-324C0E801201}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{28F749D7-7D30-42DC-B172-A82150B263EA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\team fortress 2\hl2.exe |
"{2B901E9E-38BB-4139-827E-A9A773D1BD74}" = protocol=58 | dir=out | [email protected],-28546 |
"{350756F3-25FB-4811-AA84-2CE1D3349BAF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\age2hd\launcher.exe |
"{3C1CE542-FA9F-407A-8EF9-3C008766CBC5}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{4077636B-AD4F-4DC4-A72C-F678C34CA0A7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\age2hd\launcher.exe |
"{4360F3DF-8D98-4686-B86A-828DED02CAE7}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{43B98980-EB95-4614-A4D6-99AFE53ADBC4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\war thunder\launcher.exe |
"{4FD1363D-CFA8-4B8C-824B-D93F3EB9B515}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\team fortress 2\hl2.exe |
"{50B3F0CC-9A59-4C98-BAAD-3C25B1DA0F65}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\team fortress 2\hl2.exe |
"{50E9D66C-209C-4C4A-B27B-BC36B3ED0E16}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{51EE844F-74E0-45C8-84FB-73AC69CE33C9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{5D2C68F0-030E-4C92-9B6E-C1204C19C9F1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5DF1C42E-E752-4E4E-A0C0-C68872DD16D5}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{67DDD819-4658-46C6-8051-CA0937EE2D06}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6FC9820B-9A1F-4F8A-958D-C95885E390BE}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{7345A150-1395-4A82-BB80-146E30A17F40}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\age2hd\launcher.exe |
"{777C8CC4-F17C-4A6D-8F55-DCE99749F8F4}" = protocol=6 | dir=in | app=c:\program files\pervasive software\psql\bin\w3dbsmgr.exe |
"{7FBFF7C6-7B40-4F7D-8D01-5BD55DA6C83F}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{81B48244-E124-41CB-A0DF-885063DC350D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\team fortress 2\hl2.exe |
"{84688B25-7D8D-4393-9CBC-D87794CAC412}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{877F6D89-DE63-41DE-9296-C17D2197C6E9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{8AB0B066-2698-4A91-B5FE-31B1E791F208}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\team fortress 2\hl2.exe |
"{91FB66D6-4CCC-4096-8685-5862BC7E4385}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"{93092660-9A0C-4FD5-8676-C8D07A169EA6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\war thunder\launcher.exe |
"{97E906B3-2FF3-4D20-AFC3-DC3D17F13F53}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B0EDE9EB-A8AC-4ABF-81D9-B42F20C3FB5F}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{BEEA257F-30E6-4739-9C7F-4663398B59F5}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{C72728E7-4B98-4F7C-AA7E-6B0E88A99CA5}" = protocol=1 | dir=out | [email protected],-28544 |
"{CAC52DD3-2A0A-4526-863D-3CF90F8A3295}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D07DB96B-7551-4F3B-A6F5-B47BA7AAD6B1}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{D2F34EAA-121E-4F0F-BF1E-9D3C7EDE4428}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{D6AF57C8-6443-4C2D-82DB-629C14CE0156}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{D7788BDD-2654-4E24-9453-68119D2E3AE2}" = protocol=58 | dir=in | [email protected],-28545 |
"{DCCA4B59-4F01-4826-9089-935BE4339170}" = protocol=1 | dir=in | [email protected],-28543 |
"{E0FE72CF-E914-4B70-AD17-8AEEBF7948EE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\age2hd\launcher.exe |
"{E124605C-BD1D-416C-A87C-AEB0E0FF81FC}" = protocol=17 | dir=in | app=c:\program files\pervasive software\psql\bin\w3dbsmgr.exe |
"{E6140F30-5818-4775-BEE4-85A093C259F4}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{ECB83D74-BFDB-47E0-B5BE-F43AA0957F30}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{F694C544-F243-4383-83AB-7A89256CB6D8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\team fortress 2\hl2.exe |
"TCP Query User{8127EB56-444C-4340-9EB1-1DFF3E3DF79A}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{8CCD8902-F275-4BAC-A60C-91886DB6D8C3}C:\program files\steam\steamapps\common\war thunder\aces.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\war thunder\aces.exe |
"TCP Query User{D707EFCC-9309-44B4-A8EC-DF46AA6A3406}C:\program files\hp\common\hpdevicedetection3.exe" = protocol=6 | dir=in | app=c:\program files\hp\common\hpdevicedetection3.exe |
"TCP Query User{D7AC601B-8D94-49D2-8350-FF61539E730B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{05D726A8-536F-4D2E-A4B1-CC1A0AB24701}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{45F3E2A8-5D77-43D8-AD1A-9A19BEDC61E1}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{6967F8AB-F2CF-4FA6-BFEE-000CE2281739}C:\program files\steam\steamapps\common\war thunder\aces.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\war thunder\aces.exe |
"UDP Query User{7D6D596E-3F40-4A30-B75D-56E7B3D4B305}C:\program files\hp\common\hpdevicedetection3.exe" = protocol=17 | dir=in | app=c:\program files\hp\common\hpdevicedetection3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}" = Pervasive PSQL v10 SP2 Workgroup (32-bit)
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1CC677FA-C65A-0767-9AE4-370A233D8366}" = ATI Catalyst Install Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F579925-2652-6934-2E6C-EE652CD807E3}" = Catalyst Control Center Core Implementation
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23CCE784-A812-4647-AEFF-1DCCD4E57478}" = HP Support Solutions Framework
"{254006BC-97DE-4C82-A1A1-A2BAD2520083}" = Snap.Do
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{264A668E-A999-031C-9779-50A56C83ADF2}" = Catalyst Control Center Graphics Full Existing
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{28C3E5E6-5ACA-408D-9A46-089C5334EC97}" = HP Help and Support
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{380357CA-29F4-4B3C-B401-32C057E6B59B}" = HP Smart Web Printing
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}" = OpenOffice 4.0.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4CB16960-2A17-C313-5C52-00D5612627AB}" = ccc-core-static
"{54E4EECE-61B9-4D85-9B3C-99686A9ED6A1}" = Peachtree Accounting 2011
"{5A4D9E13-4E96-5CD5-FC03-8431277A97F6}" = Catalyst Control Center Graphics Full New
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66F0EA94-483A-82CB-B9FC-38329A3014F2}" = Catalyst Control Center Graphics Previews Vista
"{6798DD4E-BD16-4735-87EB-D712637CCB8C}" = Sage Message Center
"{6EBF4CF2-651F-C168-6C4F-F86BF000E55B}" = Catalyst Control Center InstallProxy
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CA5C4DF-8327-4035-AE2B-CA76336A04FD}" = Snagit 11
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{8BCB844B-0814-4354-A413-1063DB4618E9}" = PeachTree Signature Ready Forms
"{8EBAB2D3-C17D-1070-015A-800180C303E8}" = Skins
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9AA9FEE7-9F99-4E69-947A-49F7DA0DDA3A}" = Cisco AnyConnect Secure Mobility Client
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{9F78DBE6-95C1-ADEC-796A-E76DD4CDB4E8}" = Catalyst Control Center Graphics Light
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD72731-807A-4B79-AE05-9190B7002B7B}" = ProtectSmart Hard Drive Protection
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B8169E45-8E23-430B-91D1-EC64540C8ED0}" = HP User Guides 0103
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C25E9B95-8000-8985-EF20-9FF4DCEA41BA}" = CCC Help English
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}" = Crystal Reports 2008 Runtime SP1
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
"{DF9C119C-7F26-45B9-93D4-7C372CBBBA11}" = iTunes
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{E8C3CF7A-9E8F-4C5D-8EC7-FF5A495E178C}" = VitalSource Bookshelf
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F3FCB08B-E752-444D-86A0-0634A4F3B23D}" = System Requirements Lab CYRI
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FA44DB7C-5158-A2DE-8672-D7C7E13E10A3}" = Catalyst Control Center Graphics Previews Common
"{FD6FAE16-DD20-EDBF-AB50-FAC87EB197D1}" = ccc-utility
"7DE39862CC26DCE2446838AAF7CD5C163F835A57" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Avast" = avast! Free Antivirus
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{54E4EECE-61B9-4D85-9B3C-99686A9ED6A1}" = Peachtree Accounting 2011
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Integration Services" = Sage Integration Services
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyPC Backup" = MyPC Backup
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Optimizer Pro_is1" = Optimizer Pro v3.2
"Pervasive PSQL v10 SP2 Workgroup (32-bit)" = Pervasive PSQL v10 SP2 Workgroup (32-bit)
"QWdlIG9mIEVtcGlyZXMgSUkgSEQgKGMpIE1pY3Jvc29mdCBTdHVkaW9z_is1" = Age of Empires II HD © Microsoft Studios version 1
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"Steam" = Steam
"Steam App 221380" = Age of Empires II: HD Edition
"Steam App 236390" = War Thunder
"Steam App 440" = Team Fortress 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1961090724-942705277-1128008459-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{481d491f-4f01-46d4-8b43-0187ae71ad0c}" = Snap.Do Engine
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/2/2014 11:23:47 AM | Computer Name = Chris-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/2/2014 11:23:47 AM | Computer Name = Chris-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/2/2014 11:23:47 AM | Computer Name = Chris-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/2/2014 11:24:09 AM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27,
exception code 0xc0000005, fault offset 0x00066462, process id 0x1a8c, application
start time 0x01cf07ceaed1edeb.

Error - 1/2/2014 11:24:49 AM | Computer Name = Chris-PC | Source = VSS | ID = 8194
Description =

Error - 1/2/2014 11:24:58 AM | Computer Name = Chris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 1/2/2014 11:31:38 AM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerPlugin_11_9_900_170.exe, version 11.9.900.170,
time stamp 0x529b79bf, faulting module ShimEng.dll_unloaded, version 0.0.0.0, time
stamp 0x4549bdb7, exception code 0xc0000005, fault offset 0x6d304618, process id
0x140c, application start time 0x01cf07cfb9aa567b.

Error - 1/2/2014 2:07:10 PM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27,
exception code 0xc0000005, fault offset 0x00066462, process id 0x7b0, application
start time 0x01cf07e5734fe5b0.

Error - 1/2/2014 2:08:20 PM | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/2/2014 2:27:58 PM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27,
exception code 0xc0000005, fault offset 0x00066462, process id 0x7a8, application
start time 0x01cf07e85c73ae7d.

[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 11/27/2013 6:10:10 PM | Computer Name = Chris-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL

Error - 11/27/2013 6:10:10 PM | Computer Name = Chris-PC | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
311 m_pITelemetryPlugin is NULL

Error - 11/27/2013 7:40:38 PM | Computer Name = Chris-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.

Error - 11/27/2013 7:45:25 PM | Computer Name = Chris-PC | Source = acvpnagent | ID = 67108866
Description = Function: XmlParser::invokeParser File: .\Xml\XmlParser.cpp Line: 182
Invoked
Function: ISAXXMLReader::parse Return Code: -2146697210 (0x800C0006) Description:
WINDOWS_ERROR_CODE

Error - 11/27/2013 7:45:25 PM | Computer Name = Chris-PC | Source = acvpnagent | ID = 67108866
Description = Function: CPhoneHomeAgent::LoadSettingsFromXmlFile File: ..\PhoneHomeAgent.cpp
Line:
603 Invoked Function: XmlParser::parseFile Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED

Error - 11/27/2013 7:45:41 PM | Computer Name = Chris-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked
Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE


Error - 11/27/2013 7:50:25 PM | Computer Name = Chris-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL

Error - 11/27/2013 7:50:25 PM | Computer Name = Chris-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL

Error - 11/27/2013 7:50:25 PM | Computer Name = Chris-PC | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
311 m_pITelemetryPlugin is NULL

Error - 11/27/2013 8:31:01 PM | Computer Name = Chris-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.

[ System Events ]
Error - 1/3/2014 12:59:22 AM | Computer Name = Chris-PC | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\DR0.

Error - 1/3/2014 12:59:22 AM | Computer Name = Chris-PC | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\DR0.

Error - 1/3/2014 1:00:02 AM | Computer Name = Chris-PC | Source = Microsoft-Windows-TaskScheduler | ID = 412
Description =

Error - 1/3/2014 1:01:23 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 1/3/2014 1:01:23 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/3/2014 1:01:23 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 1/3/2014 1:01:23 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/3/2014 1:01:23 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/3/2014 1:03:10 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 1/3/2014 1:03:10 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >

[DonnaB]

Hi CZ2761,

It appears that when you download software, the downloads you find include a lot of unsavvory programs that need to be unchecked whilst installing.

We'll have to uninstall Spybot Search and Destroy again to ensure it does not interfer with our fix. When we go to reinstall Spybot, I'm going to have you reinstall Spybot 2 from the Ninite site to ensure you get a safe download.

The following prorams are PUP's (Potentially Undesirable Programs). You've experienced what Snap.do is capable of. The EasyCleaner and Optimizer Pro are programs that can causegreat harm to your system if you are educated in their use. They may have been installed without your knowing. If you did install intentionally, allow me to warn you that in due time they will really mess up you poor machine. Let's uninstall the following:

Go to Start > Control Panel > Programs and Features and uninstall the following if found:


EasyCleaner (Version: 2.0.6.380)
Optimizer Pro v3.2
Snap.Do
Software Version Updater
Spybot - Search & Destroy (Version: 1.6.2)



Next:

• Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
• Under the Custom Scans/Fixes box at the bottom, paste in the following:
  
  

  :COMMANDS
  [CREATERESTOREPOINT]
  
  :OTL
  PRC - [2014/01/02 10:18:48 | 000,143,488 | ---- | M] () -- c:\Program Files\Optimizer Pro\OptProCrash.exe
  SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe -- (vToolbarUpdater17.2.0)
  SRV - [2014/01/02 10:18:48 | 000,143,488 | ---- | M] () [Auto | Running] -- c:\Program Files\Optimizer Pro\OptProCrash.exe -- (ca82e1a5)
  SRV - [2013/09/19 17:45:18 | 000,038,440 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files\MyPC Backup\BackupStack.exe -- (BackupStack)
  DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a1huorjw)
  DRV - File not found [Kernel | Unavailable | Unknown] -- C:\Windows\TEMP\3738.tmp -- (4875c600)
  DRV - [2013/11/23 01:30:40 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgtpx86.sys -- (avgtp)
  IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
  IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=02/01/2014
  IE - HKU\S-1-5-21-1961090724-942705277-1128008459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=02/01/2014
  IE - HKU\S-1-5-21-1961090724-942705277-1128008459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=02/01/2014
  IE - HKU\S-1-5-21-1961090724-942705277-1128008459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...Date=02/01/2014
  IE - HKU\S-1-5-21-1961090724-942705277-1128008459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
  IE - HKU\S-1-5-21-1961090724-942705277-1128008459-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=02/01/2014
  IE - HKU\S-1-5-21-1961090724-942705277-1128008459-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=02/01/2014
  IE - HKU\S-1-5-21-1961090724-942705277-1128008459-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
  IE - HKU\S-1-5-21-1961090724-942705277-1128008459-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=02/01/2014
  O4 - HKU\.DEFAULT..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found
  O4 - HKU\S-1-5-18..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found
  O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = File not found
  O20 - AppInit_DLLs: (c:\progra~1\optimi~1\optpro~1.dll) - c:\Program Files\Optimizer Pro\OptProCrash.dll ()
  O33 - MountPoints2\{4b2a77ef-c0f9-11e2-8ae5-001eecf4b2ed}\Shell\AutoRun\command - "" = F:\setup.exe
  O33 - MountPoints2\{cc973cc0-02d5-11e3-93df-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe
  O33 - MountPoints2\{cc973cc0-02d5-11e3-93df-806e6f6e6963}\Shell\setup\command - "" = F:\setup.exe
  [2014/01/02 10:20:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Optimizer Pro
  [2014/01/02 10:19:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Smartbar
  [2014/01/02 10:19:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Optimizer Pro
  [2014/01/02 10:19:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
  [2014/01/02 10:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
  [2014/01/02 10:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
  [2014/01/02 10:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro
  [2014/01/01 06:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyCleaner
  [2013/12/12 01:05:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\TuneUp Software
  [2014/01/02 10:19:18 | 000,000,854 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
  [2014/01/02 10:19:18 | 000,000,844 | ---- | M] () -- C:\Users\Chris\Desktop\MyPC Backup.lnk
  [2014/01/02 10:18:46 | 000,000,819 | ---- | M] () -- C:\Users\Chris\Desktop\Optimizer Pro.lnk
  [2014/01/02 10:18:42 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\AmiUpdXp.job
  [2014/01/02 10:19:18 | 000,000,854 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
  [2014/01/02 10:19:18 | 000,000,844 | ---- | C] () -- C:\Users\Chris\Desktop\MyPC Backup.lnk
  [2014/01/02 10:18:46 | 000,000,819 | ---- | C] () -- C:\Users\Chris\Desktop\Optimizer Pro.lnk
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [resethosts]
  [emptytemp]
  

• Make sure all other windows are closed.
• Click the Run Fix button at the top
• Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
• Post the log that is found in C:\_OTL\Moved Files in your next reply.
• Open OTL again and click the Quick Scan button.

Next:

• Double-click AdwCleaner.exe to run the tool.
  Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
• Click the Clean button.
• AdwCleaner will begin. Be patient as the scan may take some time to complete.
• After the scan has finished, click the Report button. A logfile (AdwCleaner[S0].txt) will open in Notepad for review.
• The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, please let me know about it.
• Copy and paste the contents of that logfile in your next reply.
• A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Please post the following logs in your next reply:

C:\_OTL\Moved Files
OTL.txt
AdwCleaner[S0].txt

Thank you!
Donna

[CZ2761]

The Custom Scan froze so I re-scanned. Here is the log:

Files\Folders moved on Reboot...
File\Folder C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Here is the quick scan:
OTL logfile created on: 1/4/2014 12:51:39 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = c:\Users\Chris\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 63.96% Memory free
6.19 Gb Paging File | 5.01 Gb Available in Paging File | 80.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.46 Gb Total Space | 106.47 Gb Free Space | 47.86% Space Free | Partition Type: NTFS
Drive D: | 10.42 Gb Total Space | 1.73 Gb Free Space | 16.58% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/02 10:26:54 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/01/02 10:26:53 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/12/17 12:03:22 | 000,046,904 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
PRC - [2013/11/27 18:57:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- c:\Users\Chris\Downloads\OTL (1).exe
PRC - [2011/10/31 10:00:15 | 000,435,528 | ---- | M] (Pervasive Software Inc.) -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/15 13:17:24 | 000,442,433 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/03/26 17:26:56 | 000,341,328 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe
PRC - [2008/02/12 15:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe
PRC - [2006/11/02 04:45:35 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regsvr32.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/02 10:27:00 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/12/21 16:13:33 | 000,020,480 | ---- | M] () -- C:\Users\Chris\AppData\Local\URmedia\iTunesMod.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/02/08 19:47:56 | 000,159,744 | ---- | M] () -- C:\WINDOWS\System32\atitmmxx.dll


========== Services (SafeList) ==========

SRV - [2014/01/02 10:26:53 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/12/17 12:03:22 | 000,046,904 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2013/12/12 10:36:12 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/11 14:40:36 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/12/11 11:14:54 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/09 00:10:32 | 030,798,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/12/13 04:44:32 | 000,544,840 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/18 13:47:00 | 002,370,448 | ---- | M] (WIBU-SYSTEMS AG) [Disabled | Stopped] -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2011/11/16 11:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2011/10/31 10:00:15 | 000,435,528 | ---- | M] (Pervasive Software Inc.) [Auto | Running] -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)
SRV - [2011/10/25 11:51:56 | 000,043,848 | R--- | M] (Sage Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Sage\Peachtree\SmartPostingService2011.exe -- (Peachtree SmartPosting 2011)
SRV - [2008/04/15 13:18:38 | 000,221,239 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_030ac640\stacsv.exe -- (STacSV)
SRV - [2008/03/26 17:26:56 | 000,341,328 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/12 15:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe -- (AESTFilters)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (acygf0ia)
DRV - [2014/01/02 10:27:01 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/01/02 10:27:01 | 000,410,528 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2014/01/02 10:27:01 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/01/02 10:27:01 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/01/02 10:27:01 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/01/02 10:27:01 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2014/01/02 10:27:01 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/01/01 10:17:17 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/05/19 21:52:37 | 000,466,008 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sptd.sys -- (sptd)
DRV - [2012/12/13 04:28:44 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2012/12/13 04:26:38 | 000,058,320 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\acsmux.sys -- (acsmux)
DRV - [2012/12/13 04:26:38 | 000,039,888 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\acsint.sys -- (acsint)
DRV - [2009/02/08 21:06:20 | 004,172,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/11/17 14:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/09/04 01:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/05/13 21:09:00 | 007,443,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/13 21:09:00 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/15 13:19:54 | 000,378,368 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/04/15 05:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/11 12:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/03/27 15:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2008/03/27 15:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2007/07/11 12:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 02:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{1DF32FC6-D3C9-4AD9-9396-544BB4A47CDC}: "URL" = http://www.google.co...1I7AVND_enUS569
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://feed.snapdo.c...ate=02/01/2014"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2011.70
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.URL: "http://feed.snapdo.c...=02/01/2014&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1206147.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Chris\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Chris\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/06/10 08:37:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/01/02 10:27:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/11/08 18:54:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2014/01/02 10:26:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\wpufm3lp.default\extensions
[2014/01/02 10:21:07 | 000,002,425 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\wpufm3lp.default\searchplugins\Web Search.xml
[2013/09/06 21:15:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/27 17:24:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/12 10:36:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/01/02 10:27:04 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\2.0.5.6_0\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\18.2_0\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mogcbkkjhojimpkmhbpndncicbcfigid\1.0_0\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/01/04 00:40:14 | 000,000,098 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Snap.DoEngine) - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Snap.Do) - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [URmedia] C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0819543E-146D-4416-8CDE-A68597624A77}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C8DA66C-C24A-49EF-B3BB-7F784FC0114A}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B72DD6A-D65E-4A6A-A9E0-50489A711B2A}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 08:11:44 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0981f7da-6a65-11e3-bf63-00269e1d9082}\Shell - "" = AutoRun
O33 - MountPoints2\{0981f7da-6a65-11e3-bf63-00269e1d9082}\Shell\AutoRun\command - "" = H:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{44229e24-6ac8-11e1-8a5e-001eecf4b2ed}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/04 00:34:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/03 00:40:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Google
[2014/01/02 10:34:25 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2014/01/02 10:29:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\AVAST Software
[2014/01/02 10:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/01/02 10:28:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2014/01/02 10:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/01/02 10:27:45 | 000,057,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2014/01/02 10:27:43 | 000,775,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2014/01/02 10:27:42 | 000,410,528 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2014/01/02 10:27:41 | 000,067,824 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/01/02 10:27:40 | 000,054,832 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2014/01/02 10:27:07 | 000,270,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/01/02 10:27:00 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/01/02 10:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/01/02 10:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/01/02 10:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/01/02 10:18:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\SwvUpdater
[2014/01/01 17:00:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/01 09:47:05 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2014/01/01 06:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\PassShow
[2013/12/31 22:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2013/12/31 22:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2013/12/31 21:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/12/31 21:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/12/21 23:50:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2013/12/21 23:48:45 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\WarThunder
[2013/12/21 23:48:45 | 000,000,000 | ---D | C] -- C:\ProgramData\WarThunder
[2013/12/21 16:13:22 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\URmedia
[2013/12/16 20:28:08 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\tdsskiller.exe
[2013/12/14 17:09:59 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\CyberLink
[2013/12/07 21:25:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Auslogics
[2013/12/07 21:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2013/12/07 21:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2013/12/07 20:55:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2013/12/06 21:39:33 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\OpenOffice
[2013/12/06 21:37:48 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
[2013/12/06 21:36:11 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice 4
[2013/12/06 21:35:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\OpenOffice 4.0.1 (en-US) Installation Files
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/04 00:43:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/04 00:43:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/04 00:43:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/04 00:42:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/04 00:42:37 | 3216,216,064 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/04 00:41:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/04 00:40:14 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/01/04 00:34:20 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1961090724-942705277-1128008459-1000UA.job
[2014/01/04 00:14:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/03 10:34:11 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1961090724-942705277-1128008459-1000Core.job
[2014/01/02 10:29:25 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/01/02 10:27:01 | 000,775,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2014/01/02 10:27:01 | 000,410,528 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2014/01/02 10:27:01 | 000,180,248 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/01/02 10:27:01 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/01/02 10:27:01 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2014/01/02 10:27:01 | 000,054,832 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2014/01/02 10:27:01 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/01/02 10:27:00 | 000,270,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/01/02 10:27:00 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/01/02 10:21:11 | 000,002,065 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Search.lnk
[2014/01/02 10:21:10 | 000,002,041 | ---- | M] () -- C:\Users\Chris\Desktop\Search.lnk
[2014/01/01 21:39:21 | 000,008,944 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2014/01/01 10:58:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2014/01/01 10:58:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2014/01/01 10:56:26 | 000,000,115 | ---- | M] () -- C:\Windows\wininit.ini
[2014/01/01 10:17:17 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2014/01/01 07:08:00 | 000,000,104 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Computer - Shortcut.lnk
[2013/12/22 14:19:31 | 000,008,516 | ---- | M] () -- C:\Users\Chris\chilipepper.jpg
[2013/12/21 19:31:57 | 000,608,660 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/21 19:31:57 | 000,105,842 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/12/16 20:28:24 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\tdsskiller.exe
[2013/12/14 17:09:58 | 002,989,660 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\DVD.exe
[2013/12/13 19:30:36 | 000,018,195 | ---- | M] () -- C:\Users\Chris\Desktop\Wines.odt
[2013/12/12 11:01:32 | 000,430,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/12/08 18:52:21 | 269,701,115 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/12/07 21:25:23 | 000,000,922 | ---- | M] () -- C:\Users\Chris\Desktop\Auslogics DiskDefrag.lnk
[2013/12/06 21:48:20 | 000,015,215 | ---- | M] () -- C:\Users\Chris\Documents\cwabcaiks.odt
[2013/12/06 21:37:59 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
[2013/12/06 00:32:52 | 000,002,044 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/06 00:32:52 | 000,002,042 | ---- | M] () -- C:\Users\Chris\Desktop\Google Chrome.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/04 00:26:16 | 3216,216,064 | -HS- | C] () -- C:\hiberfil.sys
[2014/01/02 10:29:25 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/01/02 10:28:10 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/02 10:28:04 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/02 10:27:44 | 000,180,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/01/02 10:27:42 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/01/02 10:21:11 | 000,002,071 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2014/01/02 10:21:11 | 000,002,065 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Search.lnk
[2014/01/02 10:21:10 | 000,002,041 | ---- | C] () -- C:\Users\Chris\Desktop\Search.lnk
[2014/01/01 10:58:18 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2014/01/01 10:58:18 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2014/01/01 07:08:00 | 000,000,104 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Computer - Shortcut.lnk
[2013/12/22 14:19:30 | 000,008,516 | ---- | C] () -- C:\Users\Chris\chilipepper.jpg
[2013/12/13 19:11:43 | 000,018,195 | ---- | C] () -- C:\Users\Chris\Desktop\Wines.odt
[2013/12/07 21:25:23 | 000,000,922 | ---- | C] () -- C:\Users\Chris\Desktop\Auslogics DiskDefrag.lnk
[2013/12/06 21:48:18 | 000,015,215 | ---- | C] () -- C:\Users\Chris\Documents\cwabcaiks.odt
[2013/12/06 21:37:59 | 000,000,977 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
[2013/11/30 07:02:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/11/29 21:26:00 | 000,000,115 | ---- | C] () -- C:\Windows\wininit.ini
[2013/11/27 12:28:13 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/11/25 01:23:39 | 000,000,552 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d8caps.dat
[2013/11/24 14:11:42 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2013/09/29 16:38:11 | 000,000,495 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013/05/19 22:15:01 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2013/04/18 17:25:16 | 000,188,468 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/05/25 18:17:09 | 000,034,814 | ---- | C] () -- C:\Users\Chris\AppData\Local\dt.dat
[2012/01/28 11:19:31 | 000,008,944 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2011/11/14 00:28:17 | 000,071,168 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/08 10:09:37 | 000,249,739 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/11/08 10:09:32 | 000,249,739 | ---- | C] () -- C:\ProgramData\nvModes.dat

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/01/02 10:29:32 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\AVAST Software
[2013/11/23 01:38:48 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Azureus
[2013/07/21 21:28:29 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DAEMON Tools Pro
[2013/05/27 08:53:45 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Firaxis Games
[2013/08/10 08:48:50 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\LolClient
[2013/07/21 21:34:27 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\My Games
[2013/12/06 21:39:33 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice
[2013/11/30 07:10:28 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\openvr
[2013/09/29 17:11:06 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Peachtree
[2013/08/05 09:58:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Riot Games

========== Purity Check ==========



< End of report >


And finally the AdwCleaner log:
# AdwCleaner v3.016 - Report created 04/01/2014 at 01:11:00
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Chris - CHRIS-PC
# Running from : C:\Users\Chris\Downloads\AdwCleaner (1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\wpufm3lp.default\searchplugins\Web Search.xml
Folder Found C:\Users\Chris\AppData\Local\SwvUpdater
Folder Found C:\Users\Chris\AppData\LocalLow\Smartbar

***** [ Shortcuts ] *****

Shortcut Found : C:\Users\Chris\Desktop\Search.lnk ( hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=US&userid=057ce24d-4d07-d056-b9c7-1ba44095c7c7&searchtype=sc&installDate=02/01/2014 )
Shortcut Found : C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk ( hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=US&userid=057ce24d-4d07-d056-b9c7-1ba44095c7c7&searchtype=sc&installDate=02/01/2014 )
Shortcut Found : C:\Users\Chris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Search.lnk ( hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=US&userid=057ce24d-4d07-d056-b9c7-1ba44095c7c7&searchtype=sc&installDate=02/01/2014 )

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\smartbarbackup
Key Found : HKCU\Software\smartbarlog
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.bho
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526

Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=US&userid=057ce24d-4d07-d056-b9c7-1ba44095c7c7&searchtype=ds&q={searchTerms}&installDate=02/01/2014
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=US&userid=057ce24d-4d07-d056-b9c7-1ba44095c7c7&searchtype=ds&q={searchTerms}&installDate=02/01/2014

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\wpufm3lp.default\prefs.js ]

Line Found : user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=US&userid=057ce24d-4d07-d056-b9c7-1ba44095c7c7&searchtype=nt&installDate=02/01/2014");
Line Found : user_pref("browser.search.defaultenginename", "Web Search");
Line Found : user_pref("browser.search.selectedEngine", "Web Search");
Line Found : user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=US&userid=057ce24d-4d07-d056-b9c7-1ba44095c7c7&searchtype=hp&installDate=02/01/2014");
Line Found : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Found : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Found : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Found : user_pref("extensions.helperbar.Visibility", false);
Line Found : user_pref("extensions.helperbar.lastExternalJsUpdate", "1388629517217");
Line Found : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=US&userid=057ce24d-4d07-d056-b9c7-1ba44095c7c7&searchtype=ds&installDate=02/01/2014&q=");

-\\ Google Chrome v

[ File : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8359 octets] - [01/01/2014 17:01:32]
AdwCleaner[R1].txt - [8478 octets] - [01/01/2014 17:29:47]
AdwCleaner[R2].txt - [8538 octets] - [01/01/2014 18:45:31]
AdwCleaner[R3].txt - [7917 octets] - [01/01/2014 19:19:33]
AdwCleaner[R4].txt - [8036 octets] - [01/01/2014 19:30:36]
AdwCleaner[R5].txt - [6321 octets] - [04/01/2014 01:11:00]
AdwCleaner[S0].txt - [350 octets] - [01/01/2014 17:26:48]
AdwCleaner[S1].txt - [1147 octets] - [01/01/2014 18:52:14]
AdwCleaner[S2].txt - [350 octets] - [01/01/2014 19:20:20]
AdwCleaner[S3].txt - [7739 octets] - [01/01/2014 19:31:13]

########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [6619 octets] ##########


As a side note, Avast has been popping up numerous times with malware warnings stating that the explorer.exe process is infected. Not sure what to do about that just yet.

Oh and another side note, my desktop is working again!

Thanks again for all your help!

Edited by CZ2761, 04 January 2014 - 12:16 AM.

[DonnaB]

As a side note, Avast has been popping up numerous times with malware warnings stating that the explorer.exe process is infected. Not sure what to do about that just yet.

Ok CZ2761,

Time to get the big guns out. Please do the following:

Download ComboFix from Here or Here to your Desktop.
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
• Also allow the installation of the recovery console

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.

Notes:

• Do not mouse-click Combofix's window while it is running. That may cause it to stall.
• Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
• If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.