Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Acting sluggish, IE10 errors, Java [Closed]


  • This topic is locked This topic is locked

#1
gracek

gracek

    Member

  • Member
  • PipPip
  • 24 posts
HI!

I am getting Windows has stopped working errors needing to restart web page and applications.
"
Internet Explorer has stopped working" error:
I get it every time I clicked on the "Watch a three minute video walkthrough of this guide" video on this site... so, I can't watch it :confused:
I then get a geekstogo is not responding error at bottom.
UPDATE, I just tried to watch a video embedded on another site, and it crashed as well. It is run with JWplayer and Adobe Flash Player...

It also happens to other websites that I need during the day.
I also have an important program I need to use that runs on Adobe Flash that that is extremely sluggish.


There are a number of errors in the Event Viewer in SYSTEM and APPLICATION that are constant, if you want them, let me know.
I am stumped.

All speed tests via speedtest.net are fine. I run ccleaner and malwarebytes regularly. I keep all programs up to date.

I recently updated my video driver and just rolled it back because I remembered it created a conflict with protools.
SO, any ideas? I'm stumped. My computer is just acting weird.

I also CAN'T uninstall Firefox. It keeps reinstalling. BUT, I can wait on that if it isn't the problem. I don't want it or use it.

Thanks!

OTL logfile created on: 12/17/2013 4:14:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Grace\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 6.20 Gb Available Physical Memory | 77.90% Memory free
15.92 Gb Paging File | 14.00 Gb Available in Paging File | 87.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.42 Gb Total Space | 783.49 Gb Free Space | 85.22% Space Free | Partition Type: NTFS

Computer Name: GRACE-PC | User Name: Grace | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/17 16:14:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Grace\Downloads\OTL.exe
PRC - [2013/12/07 05:00:07 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/09/05 09:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/18 08:56:14 | 000,659,992 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2012/01/18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/10 17:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/06/07 08:33:02 | 000,167,424 | ---- | M] (Mediafour Corporation) [Disabled | Stopped] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8ServiceD.exe -- (MacDrive8ServiceD)
SRV:64bit: - [2010/05/17 18:03:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\WINDOWS\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Disabled | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2013/09/05 09:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/18 08:56:22 | 001,227,800 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2013/04/18 08:56:14 | 000,659,992 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2013/02/28 17:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/01/18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/08/09 00:56:34 | 000,081,920 | ---- | M] (Avid Technology, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Digidesign\Pro Tools\MMERefresh.exe -- (DigiRefresh)
SRV - [2011/08/09 00:42:44 | 000,159,744 | ---- | M] (Avid Technology, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2011/07/09 01:36:12 | 002,932,224 | ---- | M] (PACE Anti-Piracy, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices)
SRV - [2010/10/08 11:45:56 | 001,919,504 | ---- | M] (Avid) [Disabled | Stopped] -- C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe -- (MboxProAudioDevMon)
SRV - [2010/07/12 14:39:24 | 000,053,248 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe -- (D_Link_DWA-125_WPS)
SRV - [2010/07/09 21:08:59 | 000,867,080 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/09 11:37:20 | 000,049,152 | ---- | M] (Panasonic System Networks Co., Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Panasonic\LocalCom\lmsrvnt.exe -- (Panasonic Local Printer Service)
SRV - [2009/09/18 04:54:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/26 11:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/17 03:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/11 03:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
SRV - [2004/02/26 07:15:58 | 000,069,632 | ---- | M] (Panasonic) [Disabled | Stopped] -- C:\Program Files (x86)\Panasonic\TrapMonitor\Trapmnnt.exe -- (Panasonic Trap Monitor Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP4c\WNt500x64\Sandra.sys -- (SANDRA)
DRV:64bit: - [2013/11/30 02:10:40 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\My Dell\pcdsrvc_x64.pkms -- (PCDSRVC{D3412D80-CF3B4A27-06020200}_0)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/04/18 08:55:50 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\psi_mf_amd64.sys -- (PSI)
DRV:64bit: - [2012/11/01 16:19:56 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/20 05:12:34 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/07/20 05:12:00 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/07/04 13:48:00 | 000,093,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lgandnetndis64.sys -- (andnetndis)
DRV:64bit: - [2012/07/03 11:58:00 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lgandnetadb.sys -- (andnetadb)
DRV:64bit: - [2012/07/03 11:50:00 | 000,036,352 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lgandnetmodem64.sys -- (ANDNetModem)
DRV:64bit: - [2012/07/03 11:50:00 | 000,029,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lgandnetdiag64.sys -- (AndNetDiag)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 05:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 05:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/11/28 21:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/09/01 13:36:36 | 000,025,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV:64bit: - [2011/07/27 13:48:14 | 000,014,952 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\iPodDrv.sys -- (iPodDrv)
DRV:64bit: - [2011/06/28 16:04:40 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2011/04/28 14:20:30 | 001,617,472 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/23 15:12:00 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/23 00:24:02 | 000,021,520 | ---- | M] (Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\diginet.sys -- (DigiNet)
DRV:64bit: - [2010/10/08 11:45:48 | 000,433,168 | ---- | M] (Avid) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\AvidMboxPro.sys -- (MBOXPRO)
DRV:64bit: - [2010/09/07 13:27:24 | 000,038,912 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\PcaSp60.sys -- (PcaSp60)
DRV:64bit: - [2010/07/22 09:59:08 | 000,428,288 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\cxpolar64.sys -- (CXPOLARIS)
DRV:64bit: - [2010/07/13 15:47:00 | 000,044,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SysNative\drivers\cxcir64.sys -- (CXIR)
DRV:64bit: - [2010/05/29 07:58:30 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV:64bit: - [2010/05/18 08:07:26 | 000,306,280 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV:64bit: - [2010/05/17 18:35:30 | 006,853,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/17 17:30:28 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/05/05 08:43:24 | 000,032,352 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV:64bit: - [2010/04/08 04:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/11/18 18:36:02 | 000,039,240 | ---- | M] (Eagletron Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SysNative\drivers\dvdriver.sys -- (DVDRIVER)
DRV:64bit: - [2009/10/16 06:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/10/02 15:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/26 10:42:58 | 000,233,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 19:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 19:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 19:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/07/13 19:06:40 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\avcstrm.sys -- (AVCSTRM)
DRV:64bit: - [2009/07/13 19:06:39 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mstape.sys -- (MSTAPE)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/09/07 13:27:24 | 000,038,912 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\PcaSp60.sys -- (PcaSp60)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 10:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\WINDOWS\SysWOW64\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006/07/19 11:04:00 | 000,014,608 | R--- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\dell\drivers\R267410\atillk64.sys -- (atillk64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{FBC4FE95-9F67-425F-95CE-B05D0D13AEFB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{FBC4FE95-9F67-425F-95CE-B05D0D13AEFB}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.tdameritrade.com/home.page
IE - HKCU\..\SearchScopes,DefaultScope = {0ECD877B-04FA-42F4-9DEB-F1414F84227A}
IE - HKCU\..\SearchScopes\{0ECD877B-04FA-42F4-9DEB-F1414F84227A}: "URL" = http://www.google.co...&rlz=1I7GGNI_en
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll File not found
FF - HKLM\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@ilok.com/iLokHelper,version=3.1.0.7: C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll ( PACE Anti-Piracy, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Grace\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Grace\AppData\Roaming\Mozilla\plugins\npo1d.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Grace\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Grace\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Grace\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Grace\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\tdameritrade.com/thinkorswim: C:\Program Files (x86)\thinkorswim\npthinkorswim.dll (TD Ameritrade)
FF - HKCU\Software\MozillaPlugins\tdameritrade.com/tossc: C:\Program Files (x86)\thinkorswim\nptossc.dll (TD Ameritrade)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/12/05 11:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/05 11:51:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: tossc (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: MightyText - Send/Receive SMS Text Messages = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi\10.1_0\
CHR - Extension: Google+ = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.2.0.418_0\
CHR - Extension: Gmail Offline = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.20_0\
CHR - Extension: Google Calendar = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Google Finance = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp\1.1_0\
CHR - Extension: Drive Notepad = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpgjomejfimnbmobcocilppikhncegaj\1.2_0\
CHR - Extension: AirDroid = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgndiocipalkpejnpafdbdlfdjihomd\2.0.4_0\
CHR - Extension: No name found = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\
CHR - Extension: GText from MightyText - SMS from Gmail\u2122 = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\iffdacemhfpnchinokehhnppllonacfj\3.91_0\
CHR - Extension: Dropbox = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.8_0\
CHR - Extension: HootSuite = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij\5.244_0\
CHR - Extension: Evernote Web = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\
CHR - Extension: Google Maps = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Planner 5D = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna\1.2.0.4_0\
CHR - Extension: Pocket = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk\0.600_0\
CHR - Extension: Google Wallet = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.3_0\

Hosts file not found
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: appspot.com ([textyserver] * in Trusted sites)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: fatsecret.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: mightytext.net ([]http in Trusted sites)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsu...oad/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/im...r/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_45)
O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://investools.w...nt/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0731E19D-7E77-4D3A-A166-D08F118FCA08}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{170DE4D5-2FDD-4518-A09A-362D354683D5}: DhcpNameServer = 192.168.1.1 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/17 15:43:51 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2013/12/13 12:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/12/13 12:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013/12/13 12:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2013/12/13 12:27:43 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2013/12/13 12:27:42 | 000,458,752 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2013/12/13 12:27:42 | 000,203,264 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2013/12/13 12:27:42 | 000,012,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2013/12/13 12:15:06 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013/12/13 12:15:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013/12/13 12:07:47 | 000,000,000 | ---D | C] -- C:\Users\Grace\Documents\Dell Downloads
[2013/12/13 11:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
[2013/12/13 11:45:10 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2013/12/13 11:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\My Dell
[2013/12/13 11:41:15 | 000,000,000 | ---D | C] -- C:\Users\Grace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
[2013/12/13 08:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/12/11 16:48:52 | 000,000,000 | ---D | C] -- C:\Users\Grace\Desktop\510 inspections
[2013/12/11 14:54:17 | 000,000,000 | -HSD | C] -- C:\Users\Grace\Documents\cache
[2013/12/11 14:54:13 | 000,000,000 | ---D | C] -- C:\Users\Grace\AppData\Roaming\webex
[2013/12/11 14:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\WebEx
[2013/12/11 12:23:08 | 000,000,000 | ---D | C] -- C:\Users\Grace\Documents\Ambling Books
[2013/12/11 12:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ambling Books
[2013/12/11 12:23:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sounds
[2013/12/11 12:23:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\plugins
[2013/12/11 12:23:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\log
[2013/12/11 12:23:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\lib
[2013/12/11 12:23:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ambling Books
[2013/12/08 13:08:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MonitorDriver
[2013/12/08 10:53:42 | 000,000,000 | ---D | C] -- C:\Users\Grace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
[2013/12/07 17:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/12/07 17:04:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/12/07 16:58:55 | 000,000,000 | ---D | C] -- C:\Users\Grace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\thinkorswim
[2013/12/05 11:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/12/05 11:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/03 14:16:16 | 000,000,000 | ---D | C] -- C:\Users\Grace\AppData\Local\FluxSoftware
[2013/12/02 14:42:51 | 000,000,000 | ---D | C] -- C:\Users\Grace\.thinkorswim
[2013/12/02 14:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\thinkorswim
[2013/12/02 14:42:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\thinkorswim
[2013/11/23 15:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/11/23 15:27:53 | 000,000,000 | ---D | C] -- C:\Users\Grace\AppData\Roaming\VS Revo Group
[2013/11/23 15:08:30 | 000,000,000 | ---D | C] -- C:\Users\Grace\AppData\Local\VS Revo Group
[2013/11/23 15:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2012/01/15 17:27:05 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Grace\AppData\Roaming\pcouffin.sys
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/17 16:05:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/17 15:50:32 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3875385828-3578430940-2960995150-1000UA.job
[2013/12/17 15:36:31 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/17 15:36:31 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/17 15:31:13 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/17 15:31:13 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/17 15:31:13 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/17 15:28:29 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/17 15:26:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/17 15:26:35 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/17 12:31:27 | 000,002,000 | ---- | M] () -- C:\Users\Grace\AppData\Roaming\wklnhst.dat
[2013/12/17 11:57:57 | 000,007,598 | ---- | M] () -- C:\Users\Grace\AppData\Local\resmon.resmoncfg
[2013/12/17 10:59:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3875385828-3578430940-2960995150-1000UA.job
[2013/12/17 10:59:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3875385828-3578430940-2960995150-1000Core.job
[2013/12/15 11:00:46 | 744,512,394 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/12/15 10:42:35 | 000,399,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/14 14:16:01 | 000,011,264 | ---- | M] () -- C:\Users\Grace\Desktop\grace info oct 2013.wps
[2013/12/13 19:33:21 | 002,579,528 | ---- | M] () -- C:\Users\Grace\Desktop\R245415.exe
[2013/12/13 12:10:40 | 143,371,832 | ---- | M] () -- C:\Users\Grace\Desktop\R274044.exe
[2013/12/13 11:23:09 | 001,052,672 | ---- | M] () -- C:\Users\Grace\Documents\dec 14 2013.evtx
[2013/12/13 08:45:12 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3875385828-3578430940-2960995150-1000Core.job
[2013/12/10 13:43:04 | 000,857,024 | ---- | M] () -- C:\Users\Grace\Documents\IRA WIthdrawl 2 of 2.pdf
[2013/12/10 13:41:15 | 002,880,775 | ---- | M] () -- C:\Users\Grace\Documents\IRA Withdrawl 1 of 2 form.pdf
[2013/12/10 13:10:18 | 003,737,347 | ---- | M] () -- C:\Users\Grace\Documents\IRA Withdrawl 10000 2013.pdf
[2013/12/10 13:09:45 | 000,856,198 | ---- | M] () -- C:\Users\Grace\Documents\IRA Withdrawl 10000 2013_4.png
[2013/12/10 13:09:38 | 000,959,368 | ---- | M] () -- C:\Users\Grace\Documents\IRA Withdrawl 10000 2013_3.png
[2013/12/10 13:09:32 | 000,947,736 | ---- | M] () -- C:\Users\Grace\Documents\IRA Withdrawl 10000 2013_2.png
[2013/12/10 13:09:25 | 000,972,176 | ---- | M] () -- C:\Users\Grace\Documents\IRA Withdrawl 10000 2013_1.png
[2013/12/10 12:49:48 | 000,269,007 | ---- | M] () -- C:\Users\Grace\Documents\IRA Distribution 1 Dec 10 2013.pdf
[2013/12/08 13:08:42 | 000,001,642 | ---- | M] () -- C:\Users\Public\Desktop\Launch Monitor Driver Installer.lnk
[2013/12/07 16:58:55 | 000,001,951 | ---- | M] () -- C:\Users\Grace\Desktop\thinkorswim.lnk
[2013/12/07 16:58:55 | 000,001,951 | ---- | M] () -- C:\Users\Grace\Application Data\Microsoft\Internet Explorer\Quick Launch\thinkorswim.lnk
[2013/12/05 14:01:57 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/05 11:51:08 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/12/05 11:47:26 | 000,000,082 | ---- | M] () -- C:\Users\Grace\AppData\Roaming\mbam.context.scan
[2013/12/05 09:08:33 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/12/03 19:24:44 | 000,002,734 | ---- | M] () -- C:\Users\Grace\Desktop\Google Keep.lnk
[2013/12/03 12:19:56 | 000,083,353 | ---- | M] () -- C:\Users\Grace\Documents\broker opening instructions real estate Chapter 5.pdf
[2013/12/02 14:42:47 | 000,001,951 | ---- | M] () -- C:\Users\Public\Desktop\thinkorswim.lnk
[2013/11/25 12:58:51 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/11/23 12:26:15 | 000,000,833 | ---- | M] () -- C:\Users\Grace\Desktop\HOSTS.old
[2013/11/22 09:57:14 | 000,002,285 | ---- | M] () -- C:\Users\Grace\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/22 09:03:53 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/15 11:00:46 | 744,512,394 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/12/13 12:27:43 | 000,534,960 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2013/12/13 12:27:43 | 000,534,960 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2013/12/13 12:27:43 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2013/12/13 12:27:43 | 000,002,137 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2013/12/13 12:27:42 | 000,332,288 | ---- | C] () -- C:\Windows\SysNative\ATIODE.exe
[2013/12/13 12:27:42 | 000,203,336 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2013/12/13 12:27:42 | 000,057,192 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2013/12/13 12:27:42 | 000,051,200 | ---- | C] () -- C:\Windows\SysNative\ATIODCLI.exe
[2013/12/13 12:27:42 | 000,021,360 | ---- | C] () -- C:\Windows\atiogl.xml
[2013/12/13 12:07:58 | 143,371,832 | ---- | C] () -- C:\Users\Grace\Desktop\R274044.exe
[2013/12/13 12:07:58 | 002,579,528 | ---- | C] () -- C:\Users\Grace\Desktop\R245415.exe
[2013/12/13 11:23:09 | 001,052,672 | ---- | C] () -- C:\Users\Grace\Documents\dec 14 2013.evtx
[2013/12/10 13:43:04 | 000,857,024 | ---- | C] () -- C:\Users\Grace\Documents\IRA WIthdrawl 2 of 2.pdf
[2013/12/10 13:41:15 | 002,880,775 | ---- | C] () -- C:\Users\Grace\Documents\IRA Withdrawl 1 of 2 form.pdf
[2013/12/10 13:10:17 | 003,737,347 | ---- | C] () -- C:\Users\Grace\Documents\IRA Withdrawl 10000 2013.pdf
[2013/12/10 13:09:44 | 000,856,198 | ---- | C] () -- C:\Users\Grace\Documents\IRA Withdrawl 10000 2013_4.png
[2013/12/10 13:09:38 | 000,959,368 | ---- | C] () -- C:\Users\Grace\Documents\IRA Withdrawl 10000 2013_3.png
[2013/12/10 13:09:31 | 000,947,736 | ---- | C] () -- C:\Users\Grace\Documents\IRA Withdrawl 10000 2013_2.png
[2013/12/10 13:09:25 | 000,972,176 | ---- | C] () -- C:\Users\Grace\Documents\IRA Withdrawl 10000 2013_1.png
[2013/12/10 12:49:48 | 000,269,007 | ---- | C] () -- C:\Users\Grace\Documents\IRA Distribution 1 Dec 10 2013.pdf
[2013/12/08 13:08:42 | 000,001,642 | ---- | C] () -- C:\Users\Public\Desktop\Launch Monitor Driver Installer.lnk
[2013/12/07 16:58:55 | 000,001,951 | ---- | C] () -- C:\Users\Grace\Desktop\thinkorswim.lnk
[2013/12/07 16:58:55 | 000,001,951 | ---- | C] () -- C:\Users\Grace\Application Data\Microsoft\Internet Explorer\Quick Launch\thinkorswim.lnk
[2013/12/05 11:51:08 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/12/05 11:51:07 | 000,001,089 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/12/05 11:47:26 | 000,000,082 | ---- | C] () -- C:\Users\Grace\AppData\Roaming\mbam.context.scan
[2013/12/05 09:08:33 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/12/03 19:24:44 | 000,002,734 | ---- | C] () -- C:\Users\Grace\Desktop\Google Keep.lnk
[2013/12/03 12:19:56 | 000,083,353 | ---- | C] () -- C:\Users\Grace\Documents\broker opening instructions real estate Chapter 5.pdf
[2013/12/02 14:42:47 | 000,001,951 | ---- | C] () -- C:\Users\Public\Desktop\thinkorswim.lnk
[2013/11/25 12:58:51 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/11/25 12:58:51 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/11/23 12:25:03 | 000,000,833 | ---- | C] () -- C:\Users\Grace\Desktop\HOSTS.old
[2013/05/04 16:22:36 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-GRACE-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/05/04 12:43:00 | 000,000,048 | ---- | C] () -- C:\Users\Grace\AppData\Roaming\burnaware.ini
[2012/12/21 13:06:07 | 000,000,068 | ---- | C] () -- C:\Windows\eyeQ Screen Saver.ini
[2012/11/25 18:14:45 | 000,000,253 | ---- | C] () -- C:\Users\Grace\AppData\Roaming\ANICONFIG_{0731E19D-7E77-4D3A-A166-D08F118FCA08}.ini
[2012/11/25 12:26:39 | 000,302,080 | ---- | C] () -- C:\Windows\lwd.exe
[2012/11/19 11:59:11 | 000,000,258 | RHS- | C] () -- C:\Users\Grace\ntuser.pol
[2012/11/03 18:53:54 | 000,006,144 | ---- | C] () -- C:\Users\Grace\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/28 12:50:01 | 000,022,284 | ---- | C] () -- C:\Users\Grace\AppData\Local\recently-used.xbel
[2012/09/20 18:40:42 | 000,074,240 | ---- | C] () -- C:\Windows\trackerpod_server.exe
[2012/08/13 09:03:33 | 000,027,520 | ---- | C] () -- C:\Users\Grace\AppData\Local\dt.dat
[2012/08/02 14:20:14 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/09 16:09:42 | 002,846,896 | ---- | C] () -- C:\Users\Grace\AppData\Local\rx_image32.Cache
[2012/05/09 16:09:42 | 000,137,800 | ---- | C] () -- C:\Users\Grace\AppData\Local\rx_audio.Cache
[2012/03/29 09:17:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012/03/29 09:17:30 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/01/18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012/01/15 17:27:05 | 000,007,859 | ---- | C] () -- C:\Users\Grace\AppData\Roaming\pcouffin.cat
[2012/01/15 17:27:05 | 000,001,167 | ---- | C] () -- C:\Users\Grace\AppData\Roaming\pcouffin.inf
[2011/10/13 18:14:11 | 000,088,384 | ---- | C] () -- C:\Users\Grace\AppData\Local\RAContactHistory.xml
[2011/08/29 21:29:05 | 000,007,598 | ---- | C] () -- C:\Users\Grace\AppData\Local\resmon.resmoncfg
[2011/08/28 19:31:40 | 000,002,000 | ---- | C] () -- C:\Users\Grace\AppData\Roaming\wklnhst.dat
[2011/08/27 18:32:58 | 000,014,848 | ---- | C] () -- C:\Users\Grace\Country Lyrics.wps

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/17 14:29:52 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\Amazon
[2012/07/17 14:30:40 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\AMPSoft
[2013/05/02 18:09:23 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\AVG10
[2013/06/23 12:52:07 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\avidemux
[2013/05/02 18:09:23 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\Digidesign
[2013/11/23 09:22:41 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\Dropbox
[2011/11/15 09:44:29 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\Epson
[2013/04/11 18:35:51 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\FamilyTreeMaker
[2011/08/27 23:11:38 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\Full
[2012/10/31 10:40:27 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\Gyration
[2012/12/05 11:28:14 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\JRT Studio
[2013/05/02 18:09:22 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\KWorld Multimedia
[2011/08/31 21:36:24 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\Leadertech
[2012/12/04 18:46:28 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\MediaMonkey
[2013/05/02 18:09:22 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\mjusbsp
[2012/02/28 13:37:38 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\MP3SkypeRecorder
[2011/09/01 13:42:54 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\PACE Anti-Piracy
[2011/08/27 18:48:48 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\PCDr
[2013/05/02 18:09:22 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\PeerNetworking
[2013/05/02 18:09:22 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\PhotoScape
[2012/11/03 18:51:46 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\TechSmith
[2011/08/28 19:31:44 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\Template
[2011/08/31 21:34:15 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\Trillium Lane
[2013/05/02 17:39:49 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\TuneUp Software
[2013/11/23 15:27:53 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\VS Revo Group
[2013/04/24 07:47:46 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\Vso
[2013/12/11 15:16:15 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\webex
[2011/09/01 11:34:50 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\Windows Live Writer
[2013/05/02 18:09:22 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\Wondershare
[2012/01/15 17:35:43 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\Xilisoft

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 902 bytes -> C:\ProgramData\Microsoft:AkPzNFs0qom7MOvAPPd9Lvz2SMDoW
@Alternate Data Stream - 1194 bytes -> C:\ProgramData\Microsoft:7dggUz434WFZBA2ut7QzEebDA
@Alternate Data Stream - 1153 bytes -> C:\Program Files (x86)\Common Files\System:Bzynzos5VDxD7Cx5aD1KszSO4PTmZs
@Alternate Data Stream - 1144 bytes -> C:\ProgramData\Microsoft:jCVa029MKBuTOS3AOqTBBa
@Alternate Data Stream - 1141 bytes -> C:\Program Files (x86)\Common Files\System:N2p5ZReWVM6CODllEw8ijag8Ii
@Alternate Data Stream - 1130 bytes -> C:\Users\Grace\AppData\Local\vDZDLmIRMILQgyV:BpuOBpSRVtWVzwZOSuwp4u
@Alternate Data Stream - 1075 bytes -> C:\Users\Grace\AppData\Local\57mDsJQwjbEjHC:bsIcdpY03CCiSTh2yO
@Alternate Data Stream - 1058 bytes -> C:\ProgramData\Microsoft:px3JD6UJlbqDYdtTme4xVDJ
@Alternate Data Stream - 1045 bytes -> C:\ProgramData\Microsoft:8lf7FR92uKtszTseV60FYkmt8
@Alternate Data Stream - 1001 bytes -> C:\ProgramData\Microsoft:JIYdd64UcrtNHdZxfMnKquXCkI8s


< End of report >





Edited by gracek, 17 December 2013 - 06:03 PM.

  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Grace, :wave: Welcome back to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

When OTL runs the first time it creates a file named Extras.txt. It should be in the same directory you ran OTL from. Please post the contents of that file.

Let's see what we can do.

I also CAN'T uninstall Firefox. It keeps reinstalling. BUT, I can wait on that if it isn't the problem. I don't want it or use it.

Can you give me a little more info on this? Are you uninstalling through the Programs and Files section of Control Panel?


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Grace\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Grace\AppData\Roaming\Mozilla\plugins\npo1d.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Grace\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll File not found
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 902 bytes -> C:\ProgramData\Microsoft:AkPzNFs0qom7MOvAPPd9Lvz2SMDoW
@Alternate Data Stream - 1194 bytes -> C:\ProgramData\Microsoft:7dggUz434WFZBA2ut7QzEebDA
@Alternate Data Stream - 1153 bytes -> C:\Program Files (x86)\Common Files\System:Bzynzos5VDxD7Cx5aD1KszSO4PTmZs
@Alternate Data Stream - 1144 bytes -> C:\ProgramData\Microsoft:jCVa029MKBuTOS3AOqTBBa
@Alternate Data Stream - 1141 bytes -> C:\Program Files (x86)\Common Files\System:N2p5ZReWVM6CODllEw8ijag8Ii
@Alternate Data Stream - 1130 bytes -> C:\Users\Grace\AppData\Local\vDZDLmIRMILQgyV:BpuOBpSRVtWVzwZOSuwp4u
@Alternate Data Stream - 1075 bytes -> C:\Users\Grace\AppData\Local\57mDsJQwjbEjHC:bsIcdpY03CCiSTh2yO
@Alternate Data Stream - 1058 bytes -> C:\ProgramData\Microsoft:px3JD6UJlbqDYdtTme4xVDJ
@Alternate Data Stream - 1045 bytes -> C:\ProgramData\Microsoft:8lf7FR92uKtszTseV60FYkmt8
@Alternate Data Stream - 1001 bytes -> C:\ProgramData\Microsoft:JIYdd64UcrtNHdZxfMnKquXCkI8s

:FILES
ipconfig /flushdns /c
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0

:COMMANDS
[emptytemp]
[resethosts]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Right click the aswMBR.exe file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Be sure the A/V Scan: is set to QuickScan
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Step-3.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • Right click the AdwCleaner icon Posted Image on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

    Posted Image
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Step-4

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
services.*
/md5stop
dir "%systemdrive%\*" /S /A:L /C


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console
  • Click the box beside Include 64bit Scans at the top of the console.
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Step-5.

Virustotal File Upload:

To use Virustotal go Here
Posted Image
  • Click the Choose File button in the middle of the screen. This will open a File Upload window.
  • On the File Upload window, in the File name box, type, or copy and paste the following and click Open:
    NOTE.. Only one file per scan

    C:\Windows\trackerpod_server.exe
    C:\Windows\lwd.exe
    C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
    .
  • This will put the file in the box on the Virustotal page.
  • Click the Scan it! button.
  • IF you get a message that the file has already been analyzed click the Reanalyze button and the file will be scanned.
  • Please be patient while the file is scanned. It may take several minutes.
  • Once the scan results appear, please copy and paste the Virustotal link(s) (URL) in your next reply
  • Repeat 1 thru 7 for each file listed.

Step-6.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The VirusTotal URL links
2. The OTL fixes log
3. The aswMBR log
4. The AdwCleaner[R0].txt log
5. The new OTL.txt log
6. The original Extras.txt log
  • 0

#3
gracek

gracek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
godawgs! geekstogo has saved me in the past. AND I learned when there is a prob, don't try to make it worse! So, I came to you first :cool:

Thanks for helping! WOW, that was a lot to do, hope I got it correctly.

Did you see anything obviously bad on my system?


Firefox: I uninstall it via control pannel, still reappears and never goes away. Haunting me!


Here is the info you requested:



Extras.txt:

OTL Extras logfile created on: 12/17/2013 4:14:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Grace\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 6.20 Gb Available Physical Memory | 77.90% Memory free
15.92 Gb Paging File | 14.00 Gb Available in Paging File | 87.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.42 Gb Total Space | 783.49 Gb Free Space | 85.22% Space Free | Partition Type: NTFS

Computer Name: GRACE-PC | User Name: Grace | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C555AAB-B773-47E6-A13F-45BB0E6E2915}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{0C70CA48-7988-4B99-8561-62448EDBFB76}" = lport=445 | protocol=6 | dir=in | app=system |
"{12BD186C-BF7C-4A46-BD40-F224E55F91CE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{16E8DBA8-075C-4BB3-9BBA-CF0B9143521B}" = rport=138 | protocol=17 | dir=out | app=system |
"{332B0A80-0D3B-4022-92BB-66A11BBC524E}" = lport=139 | protocol=6 | dir=in | app=system |
"{37027095-D481-4B4D-9488-C28D5D1706B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3BD20AF8-1166-499F-A2DF-F84301467187}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3D5EAE9C-9840-4A2C-8CEA-1921350B776B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{481318C8-6C5A-4C48-AA8E-022E677529F2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4D787072-FA4C-41B2-A749-DE1A09A7FED8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5019070E-34E3-400A-AD3E-67940009570B}" = rport=445 | protocol=6 | dir=out | app=system |
"{547759E0-A960-452B-B0C0-EADC33A6FEDA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5B68A698-F598-4611-9887-3F148A78FCD8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{61194830-003E-400D-82C6-DB3F234ECCD0}" = lport=2869 | protocol=6 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{627AB698-AE56-415A-BD39-BA08ACDCE1D0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{63CE2774-2DCD-4C09-978D-F03B6B98E6DC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{70A50A22-44C3-4393-9083-218F04248BDE}" = lport=137 | protocol=17 | dir=in | app=system |
"{711BC60C-511D-4DCC-AD32-ECA281045F5D}" = rport=139 | protocol=6 | dir=out | app=system |
"{7A00A7DC-A76E-4262-84B8-CF722EEDB0F5}" = lport=138 | protocol=17 | dir=in | app=system |
"{7D85BBB6-49F5-46CD-9D04-8A63F3768035}" = rport=10243 | protocol=6 | dir=out | app=system |
"{84D3F720-2CB3-43C1-AB52-EFC9DE6AA178}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{872867EC-5E4C-49CA-A6D8-EEEA02CCF104}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{961E6AD7-88BB-4914-8572-E9E46C020BE0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AAFDFBAB-EC86-4C45-A98B-965A0D4F9FF7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AC08AFDF-31DC-4B45-B086-7C4F116EBBDB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B99ADA06-7F1B-45E0-97CF-111F9757A78F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BAA9DA42-3443-40D7-91CE-E36076D7F38F}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{BB3FE377-2F50-4ACF-8E99-5A37DBF364D4}" = rport=137 | protocol=17 | dir=out | app=system |
"{D35FCAD1-99C5-4214-8E47-A2D7ACB638EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E6082B9E-16EC-4BFA-A7EA-8FD285F1D7F7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC4D058C-3B0C-4B1A-AF0E-13CF402E09DE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0057F9E0-1757-413E-8D2B-8338B6B6B248}" = protocol=6 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{06BB0979-9F6D-40C8-93A2-96307D7FAD25}" = protocol=17 | dir=in | app=c:\program files (x86)\panasonic\device monitor\dmlist.exe |
"{0D677354-D10F-4935-9806-B1BFD03D2033}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{17CFA816-9273-4D2B-9728-1A8D04622AFC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1A86627D-6BD5-4059-BB26-C8754C31CD38}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{24C36C1F-4A96-434F-97C0-0A350F530754}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2621E1A9-9A37-4DB2-87D2-85C6AB8E39F0}" = protocol=1 | dir=out | [email protected],-28544 |
"{31620D1A-9F85-4360-BC09-985F8EC38023}" = protocol=58 | dir=out | [email protected],-28546 |
"{31E97E4A-B8B9-4B93-8A2F-2FD0D926B699}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3DD521C2-2C42-4C0C-BBA5-2A961CAF90E5}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\rt-n12b1 wireless router utilities\discovery.exe |
"{3E58FD37-58FE-47F7-9412-A46773DAEF60}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3FAC6DDE-E030-45B3-848F-6573EE6B247E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{46091CBF-E27E-4DF7-87A9-E354613E537D}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{46466648-CB50-4C3B-AE43-4809DF178247}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{4F0E923B-6537-41A8-ADEC-E013508E51A6}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\rt-n12b1 wireless router utilities\rescue.exe |
"{4F53957D-59D0-49CE-B50F-F364C303FEA0}" = protocol=17 | dir=in | app=d:\routersetup\qiswizard.exe |
"{51522172-7FB9-4E5D-9D08-AFA566313E02}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\rt-n12b1 wireless router utilities\qiswizard.exe |
"{51AB46B1-CFF3-4AB7-88AD-AFDF4149FF4E}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\rt-n12 wireless router utilities\rescue.exe |
"{5412FC69-8B65-4417-9F02-CF99F0D4B277}" = protocol=6 | dir=in | app=c:\program files (x86)\panasonic\device monitor\dmlist.exe |
"{57DBD179-2F95-46DF-8373-383779AABA99}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{598D9BCE-462B-446A-B35B-755527958F41}" = protocol=6 | dir=out | app=system |
"{59A4E803-D1E6-419A-808C-A5DED8E78AD6}" = protocol=1 | dir=in | [email protected],-28543 |
"{63502C51-EF7B-4530-BD8A-2D0F3358E86C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{64B4E602-9D96-450D-854C-684F473D39CF}" = protocol=6 | dir=in | app=c:\users\grace\appdata\roaming\dropbox\bin\dropbox.exe |
"{675C9AC3-8585-474B-A7D5-9DA76C5A76B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{67C876AE-381F-4ECD-8C48-0AADAC2DADFE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{75712289-501A-4C79-8597-8A5C320CD92E}" = protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{7A1F5E69-9DA9-47EA-A65B-941064456AAE}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\rt-n12b1 wireless router utilities\discovery.exe |
"{88E0DD72-2D93-48FF-BE41-457EE565D935}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{91B2AECE-80C5-44B8-84D4-FA6DC18E66A0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{91E62B81-67D6-4E19-ADE9-95AF51CA84CA}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\rt-n12b1 wireless router utilities\liveupdate.exe |
"{9241277D-D9B7-4519-AD41-71D72CE149CA}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\rt-n12 wireless router utilities\qiswizard.exe |
"{948BB337-9E9C-4643-AC85-A77388E9F6B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{96FCE380-5831-4F37-BF2B-B4FC25D7A70C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9867B6AF-AC7D-4CBA-B80F-56E9085B685A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9B56804D-7932-4F6E-AF49-D3E24449D5FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AAF0BCF3-50A6-4F54-87EE-D17C0B5136DD}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\rt-n12 wireless router utilities\qiswizard.exe |
"{ABF463A2-528A-4E70-849E-EDB77E77F225}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AEA7FAC1-DD14-4ED2-A81E-2F4A6A74D042}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\rt-n12 wireless router utilities\discovery.exe |
"{AF2E3A0F-D8B8-4AF8-9800-DA792FD1AA4F}" = protocol=6 | dir=in | app=c:\progra~2\panaso~1\trapmo~1\trapmnnt.exe |
"{B62C7EA8-EC58-4AED-B79B-5F2F57DE3D96}" = protocol=17 | dir=in | app=c:\users\grace\appdata\roaming\dropbox\bin\dropbox.exe |
"{B97AF9F0-431E-4007-A58D-60C7AD1432D5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BF672B94-6A65-47DF-AEC4-5E16AB237786}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C301EB30-FA5F-4C07-BE87-D6E077572F4B}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{C82AF257-0356-4E9E-BB62-E53DC7B03D6E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CACB3F09-B2B3-4023-A16A-6B8689229B60}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\rt-n12 wireless router utilities\rescue.exe |
"{CEB39D83-C07E-48B0-AF8A-2126A8F659B7}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\rt-n12b1 wireless router utilities\rescue.exe |
"{D2CB3EE9-DA74-401B-A9BA-2325EF64DDB9}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\rt-n12 wireless router utilities\discovery.exe |
"{D60110E8-B569-4036-A1B9-06DE62DEA740}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{DB43F99A-34CE-4926-9F24-C9AC10A3A172}" = protocol=17 | dir=in | app=c:\progra~2\panaso~1\trapmo~1\trapmnnt.exe |
"{DB60FF1D-EA19-46D1-9E84-51B3749460D5}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\rt-n12b1 wireless router utilities\liveupdate.exe |
"{DC5D5CD8-8A92-4199-9CA5-1B6996F13F82}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E27B828E-23B6-470F-BF7E-1EF65DD8C385}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E5E7F364-8CE4-437F-BA05-7B41BBAEFC67}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{E86A4644-0B0C-4ACE-B41A-FCDFC7084B0D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F206BDF8-156D-4AA2-975B-5D86A053365F}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\rt-n12b1 wireless router utilities\qiswizard.exe |
"{FB5CAB66-605E-4D70-8614-A08B382D695F}" = protocol=6 | dir=out | app=%systemroot%\system32\msra.exe |
"{FBDE4E30-4348-4A63-AFF5-BD74401B7549}" = protocol=58 | dir=in | [email protected],-28545 |
"{FD22E8AC-5E96-4002-9C76-2FD4C0D6D728}" = protocol=6 | dir=in | app=d:\routersetup\qiswizard.exe |
"{FF069715-BEE7-4454-8431-6BB8C97E03C3}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{FF12FAD7-907C-46A9-B753-350099A3C57D}" = protocol=6 | dir=in | app=%systemroot%\system32\msra.exe |
"TCP Query User{0E89D523-C918-45FF-BBBC-7C9D4E57FD73}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{116EE08B-D157-4874-99E9-BEB541C065F3}C:\program files (x86)\jrt studio\isyncr\isyncr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jrt studio\isyncr\isyncr.exe |
"TCP Query User{3495DB93-B24E-4325-BF61-4FB70296F8D1}C:\program files (x86)\jrt studio\isyncr\isyncr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jrt studio\isyncr\isyncr.exe |
"TCP Query User{47998C33-9445-4FE5-9DD3-ED13795355AE}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{5D84316F-AC0B-4A5A-87BB-E6884C2B4D58}C:\users\grace\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\grace\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{65BE6AC4-7A54-4941-BA0E-C015FECD71AC}C:\program files (x86)\mp3 skype recorder\mp3 skype recorder.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mp3 skype recorder\mp3 skype recorder.exe |
"TCP Query User{9DB616A3-87E1-4EFE-9534-E549BDBF774F}C:\users\grace\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\grace\appdata\local\akamai\netsession_win.exe |
"TCP Query User{A0F702F4-F8DD-46E0-9E99-9DCEA845AFB1}C:\users\grace\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\grace\appdata\local\akamai\netsession_win.exe |
"TCP Query User{D3EE7CDE-C921-423B-BF3C-6D446C1FA594}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{EFAAA1CB-6DD6-4794-880D-9D534C395D8E}C:\users\grace\appdata\roaming\gyration\motiontools\motiontools.exe" = protocol=6 | dir=in | app=c:\users\grace\appdata\roaming\gyration\motiontools\motiontools.exe |
"TCP Query User{F128CE59-FA41-44BA-A397-B625BF4850AE}C:\program files (x86)\digidesign\pro tools\protools.exe" = protocol=6 | dir=in | app=c:\program files (x86)\digidesign\pro tools\protools.exe |
"UDP Query User{041A548E-AB81-43C5-823D-8C67C55B22B9}C:\users\grace\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\grace\appdata\local\akamai\netsession_win.exe |
"UDP Query User{33E04959-C2CF-427D-9FD1-FEC28940ECCD}C:\program files (x86)\jrt studio\isyncr\isyncr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jrt studio\isyncr\isyncr.exe |
"UDP Query User{44C78D18-02FF-4E2A-BE09-A6D95D24A8F8}C:\users\grace\appdata\roaming\gyration\motiontools\motiontools.exe" = protocol=17 | dir=in | app=c:\users\grace\appdata\roaming\gyration\motiontools\motiontools.exe |
"UDP Query User{62A63224-3D6C-42EB-8948-04CF05B0C594}C:\program files (x86)\mp3 skype recorder\mp3 skype recorder.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mp3 skype recorder\mp3 skype recorder.exe |
"UDP Query User{6727E436-883D-465C-980D-9E2382AF2590}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{87511359-1352-4AB0-BA1A-86BAF57186FC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{9D1CDCCC-9CC5-4372-B453-03EAF3588763}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{B82B2E42-B13E-4340-9114-08841F66C2C9}C:\program files (x86)\jrt studio\isyncr\isyncr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jrt studio\isyncr\isyncr.exe |
"UDP Query User{DC6C6128-F1B5-4891-B430-829D03ECC182}C:\users\grace\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\grace\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{E1357E2D-7DAB-42A0-A753-BE3DF2207A36}C:\program files (x86)\digidesign\pro tools\protools.exe" = protocol=17 | dir=in | app=c:\program files (x86)\digidesign\pro tools\protools.exe |
"UDP Query User{F86C950C-52D9-4B7F-89C0-3A010745E269}C:\users\grace\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\grace\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C898E1-38A7-49B1-9398-49E40636E2C5}" = Avid HD Driver (x64)
"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86417045FF}" = Java 7 Update 45 (64-bit)
"{3165EA9B-36CC-499B-96FF-36FC30E10EF4}" = License Support
"{3EA71966-4551-1758-775B-91769B69720A}" = ccc-utility64
"{4A35302C-A6D3-DDE5-38BA-55E7BABA9670}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5984CE26-CF4A-4564-9511-D49589C8FE9E}" = Digidesign HFS+ Disk Support
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{62C2B2D5-8650-4889-8FF2-4479532F9397}" = Avid Mbox Pro Driver 1.0.11 (x64)
"{6DC47882-3BE1-4190-8BBC-2274171C300C}" = ATI AVIVO64 Codecs
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"EPSON NX420 Series" = EPSON NX420 Series Printer Uninstall
"EPSON WorkForce 610 Series" = EPSON WorkForce 610 Series Printer Uninstall
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"PC-Doctor for Windows" = My Dell

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00DC9929-E9CB-40EF-88B8-FCFFF1BF3D17}" = Panasonic Multi-Function Station for KX-FLB800/FLM650 Series
"{04633F06-7917-46E1-BB4C-B4E36A1E26F6}" = MotionTools
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
"{0E428946-8332-B93E-9C26-8ADFCEB8DDD8}" = CCC Help Spanish
"{100C8F3B-82D6-4B14-BB7A-5E8C3FF810C8}_is1" = Driver Fusion
"{114EA307-D8C8-C17C-4908-4A6F01EFFE1A}" = CCC Help Thai
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B37E535-AEFD-A318-5424-BDCD373D7F1C}" = Catalyst Control Center Localization All
"{1CB0993B-1CD4-4A18-9C85-9732AFD9843F}" = Family Tree Maker 2012
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23306E15-327A-496E-8AE1-9E62E63BF27D}" = ASUS RT-N12B1 Wireless Router Utilities
"{26A24AE4-039D-4CA4-87B4-2F83216045FF}" = Java™ 6 Update 45
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{337ED8D9-EA79-400F-BEC9-FC7560CB8431}" = iSyncr
"{3AEB8580-42C8-E795-F770-5149255C4632}" = CCC Help Greek
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BB2CF34-1FC8-46E2-9D64-4A8D1D577549}" = Avid Pro Tools Creative Collection 9.0.5
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3D69628B-4DE8-43C7-9A22-F90F5B870C08}" = ArcSoft TotalMedia Backup
"{3E89148E-8827-DB7C-57E7-7C3555DDB752}" = CCC Help Dutch
"{451517F1-7E41-400B-AA36-FB7E2563526D}" = DW 1525 Driver Installation
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8F48C5-6FAC-9744-55C9-38BF1F0C9425}" = CCC Help Russian
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4F77DCBA-7370-CBAF-EF25-6FEB29541C84}" = CCC Help Czech
"{5061C9FB-BA2D-4498-92B6-5459A0E2F6E3}" = Panasonic V1.14.00E Device Monitor
"{514D3391-F031-78C7-8939-94023AC8AB74}" = CCC Help French
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning
"{58F2F72A-B8C9-4CCC-B253-4F1509193EC3}" = ASUS RT-N12 Wireless Router Utilities
"{5A05DF12-909D-03A6-5983-C111BE26F2BF}" = CCC Help Portuguese
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5E319E95-05FB-476C-9A84-ECB6E14D1A2A}_is1" = Ambling BookPlayer Lite version 1.04
"{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{695D218A-DEF0-503B-3183-EB992A395159}" = CCC Help Norwegian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{72E5E3F5-5BE3-BA64-49A6-4FA26EF69721}" = Catalyst Control Center InstallProxy
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78D56726-B120-D93F-A426-279C95001F08}" = CCC Help Finnish
"{7BDAA30C-451E-4668-8DEA-0E74C699DF90}" = Virtual Account Numbers
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{818FA1BB-A0A9-F553-D9C7-125C541F3A3A}" = CCC Help Italian
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{888C03E4-58E6-046B-E380-F6CB1972C398}" = CCC Help Japanese
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 2.1.0
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9060F116-D570-7033-4B42-DB0E5119DDA0}" = CCC Help Swedish
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{924AED21-D45C-3486-FE09-7DD182B35AA0}" = Catalyst Control Center Graphics Previews Common
"{929B1DC7-1201-2305-0182-6CC7655AF596}" = CCC Help English
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{99F8C520-B782-6C15-DBB7-91061BA752C5}" = CCC Help Polish
"{9AC6C5D6-91B1-439B-8695-864C058E0BE6}" = Avid Pro Tools 9.0.5
"{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"{A24C2C43-4312-493E-96B3-5D1DCE24DEBF}" = Avid Free DigiRack Plug-Ins 9.0.5
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A7F702F8-B4AD-3EF4-5B4D-C1BB0DF9DBB6}" = CCC Help Hungarian
"{A8443959-7C6F-3ED4-7BB5-DA0E0F85B9BA}" = ccc-core-static
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AD54E087-C6D2-3439-0993-3061CE6C10F1}" = Catalyst Control Center Graphics Previews Vista
"{B33CD700-6738-11D4-87FE-0080C6F974A2}" = eyeQ
"{B3C9A765-F917-6C92-A32B-607751AF4C2B}" = CCC Help Turkish
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{CB606F47-7D0E-40DF-95BB-0E5413A1295F}" = MP3 Skype Recorder
"{D616F4D0-6668-5E48-B8DB-5C7382410E75}" = CCC Help German
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DEA491FB-48BC-4B6B-8902-FCD4BAB069BE}" = iLok Client Helper
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E45CACFE-0576-4375-A84F-C34B99A7B652}" = D-Link DWA-125
"{E747B6FB-0EED-4D06-26B0-E9D44678DFC2}" = CCC Help Chinese Standard
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB6467CC-73B3-9ABE-7D9D-EA41EC4AEB92}" = CCC Help Danish
"{FC4464DB-66BB-44A7-6AF4-39857EBC393B}" = CCC Help Korean
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"{FE951E3B-2001-C965-4D43-42CBBF914515}" = CCC Help Chinese Traditional
"7-Zip" = 7-Zip 9.22beta
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"Audacity_is1" = Audacity 1.2.6
"Avidemux 2.6 (64-bit)" = Avidemux 2.6
"BurnAware Free_is1" = BurnAware Free 6.2
"Dell Dock" = Dell Dock
"doubleTwist" = doubleTwist
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EPSON Scanner" = EPSON Scan
"Family Tree Maker 2012" = Family Tree Maker 2012
"Freez Screen Video Capture v1.2_is1" = Freez Screen Video Capture v1.2
"Google Chrome" = Google Chrome
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ieSpell" = ieSpell
"ImgBurn" = ImgBurn
"InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}" = License Support
"InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"InstallShield_{DEA491FB-48BC-4B6B-8902-FCD4BAB069BE}" = iLok Client Helper
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"Secunia PSI" = Secunia PSI (3.0.0.7009)
"thinkorswim" = thinkorswim
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"VideoSpirit Pro" = VideoSpirit Pro 1.74
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{D70561DB-AF1A-4F40-8874-54BD50603993}" = MotionTools 2.2.0
"9204f5692a8faf3b" = Dell System Detect
"Akamai" = Akamai NetSession Interface
"Amazon Amazon Cloud Player" = Amazon Cloud Player
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager
"Flux" = f.lux

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/15/2013 12:31:20 PM | Computer Name = Grace-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 12/16/2013 10:54:09 AM | Computer Name = Grace-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 12/17/2013 9:46:33 AM | Computer Name = Grace-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddCoreCsiFiles : GetNextFileMapContent() failed.

System
Error: The parameter is incorrect. .

Error - 12/17/2013 9:46:33 AM | Computer Name = Grace-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddCoreCsiFiles : GetNextFileMapContent() failed.

System
Error: The parameter is incorrect. .

Error - 12/17/2013 9:51:18 AM | Computer Name = Grace-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddCoreCsiFiles : GetNextFileMapContent() failed.

System
Error: The parameter is incorrect. .

Error - 12/17/2013 9:51:18 AM | Computer Name = Grace-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddCoreCsiFiles : GetNextFileMapContent() failed.

System
Error: The parameter is incorrect. .

Error - 12/17/2013 10:32:28 AM | Computer Name = Grace-PC | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 10.0.9200.16750 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: e1c Start
Time: 01cefb2fe3ad2386 Termination Time: 23 Application Path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE Report Id:

Error - 12/17/2013 11:01:28 AM | Computer Name = Grace-PC | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 10.0.9200.16750 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 41c Start
Time: 01cefb3268361354 Termination Time: 10 Application Path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE Report Id:

Error - 12/17/2013 5:03:13 PM | Computer Name = Grace-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16750,
time stamp: 0x5269c643 Faulting module name: ntdll.dll, version: 6.1.7601.18247,
time stamp: 0x521ea8e7 Exception code: 0xc00000fd Fault offset: 0x0002defe Faulting
process id: 0xd44 Faulting application start time: 0x01cefb68f54d68c9 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\SysWOW64\ntdll.dll Report Id: a3ca10fa-675e-11e3-9d68-b8ac6fa6c7ec

Error - 12/17/2013 5:04:08 PM | Computer Name = Grace-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16750,
time stamp: 0x5269c643 Faulting module name: atiumdva.dll, version: 8.14.10.263,
time stamp: 0x4bf1b762 Exception code: 0xc00000fd Fault offset: 0x00001d1f Faulting
process id: 0x548 Faulting application start time: 0x01cefb6b6a5fbc57 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\system32\atiumdva.dll Report Id: c4677649-675e-11e3-9d68-b8ac6fa6c7ec

[ Dell Events ]
Error - 5/9/2012 4:52:55 PM | Computer Name = Grace-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/9/2012 5:15:55 PM | Computer Name = Grace-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/9/2012 5:15:55 PM | Computer Name = Grace-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/9/2012 5:16:15 PM | Computer Name = Grace-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/9/2012 5:16:15 PM | Computer Name = Grace-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/9/2013 4:04:05 PM | Computer Name = Grace-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/9/2013 4:04:05 PM | Computer Name = Grace-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/5/2013 4:48:23 PM | Computer Name = Grace-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/5/2013 4:48:23 PM | Computer Name = Grace-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/13/2013 10:24:24 AM | Computer Name = Grace-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ Media Center Events ]
Error - 11/1/2013 5:02:15 PM | Computer Name = Grace-PC | Source = MCUpdate | ID = 0
Description = 5:02:11 PM - Failed to retrieve EpgListings (Error: HeadendId 28482342
is invalid.)

Error - 11/2/2013 4:19:52 PM | Computer Name = Grace-PC | Source = MCUpdate | ID = 0
Description = 4:19:43 PM - Failed to retrieve EpgListings (Error: HeadendId 28482342
is invalid.)

Error - 11/5/2013 11:24:34 AM | Computer Name = Grace-PC | Source = MCUpdate | ID = 0
Description = 10:24:34 AM - Failed to retrieve EpgListings (Error: HeadendId 28482342
is invalid.)

Error - 11/6/2013 5:08:27 AM | Computer Name = Grace-PC | Source = MCUpdate | ID = 0
Description = 4:08:23 AM - Failed to retrieve EpgListings (Error: HeadendId 28482342
is invalid.)

Error - 11/6/2013 5:39:04 PM | Computer Name = Grace-PC | Source = MCUpdate | ID = 0
Description = 4:39:00 PM - Failed to retrieve EpgListings (Error: HeadendId 28482342
is invalid.)

Error - 11/7/2013 5:24:40 AM | Computer Name = Grace-PC | Source = MCUpdate | ID = 0
Description = 4:24:36 AM - Failed to retrieve EpgListings (Error: HeadendId 28482342
is invalid.)

Error - 11/7/2013 5:29:34 PM | Computer Name = Grace-PC | Source = MCUpdate | ID = 0
Description = 4:29:29 PM - Failed to retrieve EpgListings (Error: HeadendId 28482342
is invalid.)

Error - 11/8/2013 5:35:11 AM | Computer Name = Grace-PC | Source = MCUpdate | ID = 0
Description = 4:35:07 AM - Failed to retrieve EpgListings (Error: HeadendId 28482342
is invalid.)

Error - 11/8/2013 5:56:31 PM | Computer Name = Grace-PC | Source = MCUpdate | ID = 0
Description = 4:56:27 PM - Failed to retrieve EpgListings (Error: HeadendId 28482342
is invalid.)

Error - 11/9/2013 5:29:38 AM | Computer Name = Grace-PC | Source = MCUpdate | ID = 0
Description = 4:29:34 AM - Failed to retrieve EpgListings (Error: HeadendId 28482342
is invalid.)

[ System Events ]
Error - 12/17/2013 4:27:04 PM | Computer Name = Grace-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 12/17/2013 4:27:04 PM | Computer Name = Grace-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter

Error - 12/17/2013 4:27:06 PM | Computer Name = Grace-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 12/17/2013 4:27:07 PM | Computer Name = Grace-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 12/17/2013 4:27:07 PM | Computer Name = Grace-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 12/17/2013 4:28:04 PM | Computer Name = Grace-PC | Source = DCOM | ID = 10016
Description =

Error - 12/17/2013 4:38:04 PM | Computer Name = Grace-PC | Source = DCOM | ID = 10016
Description =

Error - 12/17/2013 4:48:04 PM | Computer Name = Grace-PC | Source = DCOM | ID = 10016
Description =

Error - 12/17/2013 4:58:04 PM | Computer Name = Grace-PC | Source = DCOM | ID = 10016
Description =

Error - 12/17/2013 5:08:04 PM | Computer Name = Grace-PC | Source = DCOM | ID = 10016
Description =


< End of report >







1st OLT Report 12142013_135522.log:


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@talk.google.com/O1DPlugin\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@talk.google.com/O3DPlugin\ deleted successfully.
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
ADS C:\ProgramData\Microsoft:AkPzNFs0qom7MOvAPPd9Lvz2SMDoW deleted successfully.
ADS C:\ProgramData\Microsoft:7dggUz434WFZBA2ut7QzEebDA deleted successfully.
ADS C:\Program Files (x86)\Common Files\System:Bzynzos5VDxD7Cx5aD1KszSO4PTmZs deleted successfully.
ADS C:\ProgramData\Microsoft:jCVa029MKBuTOS3AOqTBBa deleted successfully.
ADS C:\Program Files (x86)\Common Files\System:N2p5ZReWVM6CODllEw8ijag8Ii deleted successfully.
ADS C:\Users\Grace\AppData\Local\vDZDLmIRMILQgyV:BpuOBpSRVtWVzwZOSuwp4u deleted successfully.
ADS C:\Users\Grace\AppData\Local\57mDsJQwjbEjHC:bsIcdpY03CCiSTh2yO deleted successfully.
ADS C:\ProgramData\Microsoft:px3JD6UJlbqDYdtTme4xVDJ deleted successfully.
ADS C:\ProgramData\Microsoft:8lf7FR92uKtszTseV60FYkmt8 deleted successfully.
ADS C:\ProgramData\Microsoft:JIYdd64UcrtNHdZxfMnKquXCkI8s deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Grace\Desktop\cmd.bat deleted successfully.
C:\Users\Grace\Desktop\cmd.txt deleted successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\zh_TW folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\zh_CN folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\vi folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\uk folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\tr folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\th folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\sw folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\sv folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\sr folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\sl folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\sk folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\ru folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\ro folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\pt_PT folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\pt_BR folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\pl folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\no folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\nl folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\ms folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\lv folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\lt folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\ko folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\ja folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\iw folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\it folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\id folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\hu folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\hr folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\hi folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\fr folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\fil folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\fi folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\fa folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\et folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\es_419 folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\es folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\en_GB folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\en folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\el folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\de folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\da folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\cs folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\ca folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\bg folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\ar folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales\am folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\_locales folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0\i18n folder moved successfully.
C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13503.1273_0 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Grace
->Temp folder emptied: 155635 bytes
->Temporary Internet Files folder emptied: 229296036 bytes
->Java cache emptied: 240267 bytes
->Google Chrome cache emptied: 57460547 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 20087 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 481980 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43191980 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 666 bytes
RecycleBin emptied: 352 bytes

Total Files Cleaned = 316.00 mb

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 12182013_135522



aswMBR log:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-12-18 15:03:23
-----------------------------
15:03:23.645 OS Version: Windows x64 6.1.7601 Service Pack 1
15:03:23.645 Number of processors: 8 586 0x1E05
15:03:23.646 ComputerName: GRACE-PC UserName: Grace
15:03:29.213 Initialize success
15:04:17.491 AVAST engine defs: 13121802
15:13:21.261 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:13:21.265 Disk 0 Vendor: ST310005 CC45 Size: 953869MB BusType: 8
15:13:21.331 Disk 0 MBR read successfully
15:13:21.335 Disk 0 MBR scan
15:13:21.339 Disk 0 Windows 7 default MBR code
15:13:21.342 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
15:13:21.364 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12342 MB offset 81920
15:13:21.395 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 941486 MB offset 25358336
15:13:21.452 Disk 0 scanning C:\Windows\system32\drivers
15:13:34.088 Service scanning
15:13:57.357 Modules scanning
15:13:57.367 Disk 0 trace - called modules:
15:13:57.380 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:13:57.709 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007df1790]
15:13:57.717 3 CLASSPNP.SYS[fffff88001b9b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b2c050]
15:14:11.130 AVAST engine scan C:\Windows
15:14:16.332 AVAST engine scan C:\Windows\system32
15:17:40.079 AVAST engine scan C:\Windows\system32\drivers
15:17:56.586 AVAST engine scan C:\Users\Grace
15:22:48.711 Disk 0 MBR has been saved successfully to "C:\Users\Grace\Desktop\MBR.dat"
15:22:48.743 The log file has been saved successfully to "C:\Users\Grace\Desktop\aswMBR.txt"







OTL.txt log from final scan....





OTL logfile created on: 12/18/2013 5:54:44 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Grace\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 6.12 Gb Available Physical Memory | 76.89% Memory free
15.92 Gb Paging File | 13.97 Gb Available in Paging File | 87.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.42 Gb Total Space | 782.64 Gb Free Space | 85.12% Space Free | Partition Type: NTFS

Computer Name: GRACE-PC | User Name: Grace | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/17 16:14:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Grace\Desktop\OTL.exe
PRC - [2013/12/07 05:00:07 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/09/05 09:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/18 08:56:14 | 000,659,992 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2012/01/18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/06/07 08:33:02 | 000,167,424 | ---- | M] (Mediafour Corporation) [Disabled | Stopped] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8ServiceD.exe -- (MacDrive8ServiceD)
SRV:64bit: - [2010/05/17 18:03:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\WINDOWS\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Disabled | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2013/09/05 09:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/18 08:56:22 | 001,227,800 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2013/04/18 08:56:14 | 000,659,992 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2013/02/28 17:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/01/18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/08/09 00:56:34 | 000,081,920 | ---- | M] (Avid Technology, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Digidesign\Pro Tools\MMERefresh.exe -- (DigiRefresh)
SRV - [2011/08/09 00:42:44 | 000,159,744 | ---- | M] (Avid Technology, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2011/07/09 01:36:12 | 002,932,224 | ---- | M] (PACE Anti-Piracy, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices)
SRV - [2010/10/08 11:45:56 | 001,919,504 | ---- | M] (Avid) [Disabled | Stopped] -- C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe -- (MboxProAudioDevMon)
SRV - [2010/07/12 14:39:24 | 000,053,248 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe -- (D_Link_DWA-125_WPS)
SRV - [2010/07/09 21:08:59 | 000,867,080 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/09 11:37:20 | 000,049,152 | ---- | M] (Panasonic System Networks Co., Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Panasonic\LocalCom\lmsrvnt.exe -- (Panasonic Local Printer Service)
SRV - [2009/09/18 04:54:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/26 11:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/17 03:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/11 03:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
SRV - [2004/02/26 07:15:58 | 000,069,632 | ---- | M] (Panasonic) [Disabled | Stopped] -- C:\Program Files (x86)\Panasonic\TrapMonitor\Trapmnnt.exe -- (Panasonic Trap Monitor Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP4c\WNt500x64\Sandra.sys -- (SANDRA)
DRV:64bit: - [2013/11/30 02:10:40 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\My Dell\pcdsrvc_x64.pkms -- (PCDSRVC{D3412D80-CF3B4A27-06020200}_0)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/04/18 08:55:50 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\psi_mf_amd64.sys -- (PSI)
DRV:64bit: - [2012/11/01 16:19:56 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/20 05:12:34 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/07/20 05:12:00 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/07/04 13:48:00 | 000,093,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lgandnetndis64.sys -- (andnetndis)
DRV:64bit: - [2012/07/03 11:58:00 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lgandnetadb.sys -- (andnetadb)
DRV:64bit: - [2012/07/03 11:50:00 | 000,036,352 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lgandnetmodem64.sys -- (ANDNetModem)
DRV:64bit: - [2012/07/03 11:50:00 | 000,029,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lgandnetdiag64.sys -- (AndNetDiag)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 05:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 05:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/11/28 21:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/09/01 13:36:36 | 000,025,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV:64bit: - [2011/07/27 13:48:14 | 000,014,952 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\iPodDrv.sys -- (iPodDrv)
DRV:64bit: - [2011/06/28 16:04:40 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2011/04/28 14:20:30 | 001,617,472 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/23 15:12:00 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/23 00:24:02 | 000,021,520 | ---- | M] (Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\diginet.sys -- (DigiNet)
DRV:64bit: - [2010/10/08 11:45:48 | 000,433,168 | ---- | M] (Avid) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\AvidMboxPro.sys -- (MBOXPRO)
DRV:64bit: - [2010/09/07 13:27:24 | 000,038,912 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\PcaSp60.sys -- (PcaSp60)
DRV:64bit: - [2010/07/22 09:59:08 | 000,428,288 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\cxpolar64.sys -- (CXPOLARIS)
DRV:64bit: - [2010/07/13 15:47:00 | 000,044,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SysNative\drivers\cxcir64.sys -- (CXIR)
DRV:64bit: - [2010/05/29 07:58:30 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV:64bit: - [2010/05/18 08:07:26 | 000,306,280 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV:64bit: - [2010/05/17 18:35:30 | 006,853,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/17 17:30:28 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/05/05 08:43:24 | 000,032,352 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV:64bit: - [2010/04/08 04:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/11/18 18:36:02 | 000,039,240 | ---- | M] (Eagletron Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SysNative\drivers\dvdriver.sys -- (DVDRIVER)
DRV:64bit: - [2009/10/16 06:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/10/02 15:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/26 10:42:58 | 000,233,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 19:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 19:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 19:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/07/13 19:06:40 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\avcstrm.sys -- (AVCSTRM)
DRV:64bit: - [2009/07/13 19:06:39 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mstape.sys -- (MSTAPE)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/09/07 13:27:24 | 000,038,912 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\PcaSp60.sys -- (PcaSp60)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 10:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\WINDOWS\SysWOW64\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006/07/19 11:04:00 | 000,014,608 | R--- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\dell\drivers\R267410\atillk64.sys -- (atillk64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{FBC4FE95-9F67-425F-95CE-B05D0D13AEFB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{FBC4FE95-9F67-425F-95CE-B05D0D13AEFB}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3875385828-3578430940-2960995150-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.tdameritrade.com/home.page
IE - HKU\S-1-5-21-3875385828-3578430940-2960995150-1000\..\SearchScopes,DefaultScope = {0ECD877B-04FA-42F4-9DEB-F1414F84227A}
IE - HKU\S-1-5-21-3875385828-3578430940-2960995150-1000\..\SearchScopes\{0ECD877B-04FA-42F4-9DEB-F1414F84227A}: "URL" = http://www.google.co...&rlz=1I7GGNI_en
IE - HKU\S-1-5-21-3875385828-3578430940-2960995150-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-3875385828-3578430940-2960995150-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3875385828-3578430940-2960995150-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll File not found
FF - HKLM\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@ilok.com/iLokHelper,version=3.1.0.7: C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll ( PACE Anti-Piracy, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Grace\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Grace\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Grace\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\tdameritrade.com/thinkorswim: C:\Program Files (x86)\thinkorswim\npthinkorswim.dll (TD Ameritrade)
FF - HKCU\Software\MozillaPlugins\tdameritrade.com/tossc: C:\Program Files (x86)\thinkorswim\nptossc.dll (TD Ameritrade)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/12/05 11:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/05 11:51:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: DjVu Plugin Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npdjvu.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll
CHR - plugin: doubletwist Plugin 1, 3, 0, 0 (Enabled) = C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U45 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: PACE Client Helper Plugin (Enabled) = C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: thinkorswim (Enabled) = C:\Program Files (x86)\thinkorswim\npthinkorswim.dll
CHR - plugin: tossc (Enabled) = C:\Program Files (x86)\thinkorswim\nptossc.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Grace\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Grace\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: MightyText - Send/Receive SMS Text Messages = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi\10.1_0\
CHR - Extension: Google+ = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.2.0.418_0\
CHR - Extension: Gmail Offline = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.20_0\
CHR - Extension: Google Calendar = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Google Finance = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp\1.1_0\
CHR - Extension: Drive Notepad = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpgjomejfimnbmobcocilppikhncegaj\1.2_0\
CHR - Extension: AirDroid = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgndiocipalkpejnpafdbdlfdjihomd\2.0.4_0\
CHR - Extension: GText from MightyText - SMS from Gmail\u2122 = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\iffdacemhfpnchinokehhnppllonacfj\3.91_0\
CHR - Extension: Dropbox = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.8_0\
CHR - Extension: HootSuite = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij\5.244_0\
CHR - Extension: Evernote Web = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\
CHR - Extension: Google Maps = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Planner 5D = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna\1.2.0.4_0\
CHR - Extension: Pocket = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk\0.600_0\
CHR - Extension: Google Wallet = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.3_0\

O1 HOSTS File: ([2013/12/18 13:57:42 | 000,000,098 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3875385828-3578430940-2960995150-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3875385828-3578430940-2960995150-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3875385828-3578430940-2960995150-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3875385828-3578430940-2960995150-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3875385828-3578430940-2960995150-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3875385828-3578430940-2960995150-1000\..Trusted Domains: appspot.com ([textyserver] * in Trusted sites)
O15 - HKU\S-1-5-21-3875385828-3578430940-2960995150-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3875385828-3578430940-2960995150-1000\..Trusted Domains: fatsecret.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3875385828-3578430940-2960995150-1000\..Trusted Domains: mightytext.net ([]http in Trusted sites)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsu...oad/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/im...r/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_45)
O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://investools.w...nt/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0731E19D-7E77-4D3A-A166-D08F118FCA08}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{170DE4D5-2FDD-4518-A09A-362D354683D5}: DhcpNameServer = 192.168.1.1 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point


========== Files/Folders - Created Within 30 Days ==========

[2013/12/18 13:55:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/18 13:46:55 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Grace\Desktop\aswmbr.exe
[2013/12/17 16:14:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Grace\Desktop\OTL.exe
[2013/12/15 10:56:52 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/12/15 10:56:52 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/12/15 10:56:52 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2013/12/15 10:56:52 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2013/12/15 10:56:51 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013/12/13 12:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/12/13 12:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013/12/13 12:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2013/12/13 12:27:44 | 000,124,944 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\drivers\AtiHdmi.sys
[2013/12/13 12:27:43 | 004,917,248 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2013/12/13 12:27:43 | 002,753,536 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2013/12/13 12:27:43 | 000,421,376 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
[2013/12/13 12:27:43 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2013/12/13 12:27:43 | 000,278,528 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
[2013/12/13 12:27:43 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2013/12/13 12:27:43 | 000,030,208 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2013/12/13 12:27:42 | 019,892,224 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2013/12/13 12:27:42 | 015,171,584 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2013/12/13 12:27:42 | 006,853,632 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2013/12/13 12:27:42 | 005,268,480 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2013/12/13 12:27:42 | 004,293,120 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atidxx64.dll
[2013/12/13 12:27:42 | 004,100,096 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2013/12/13 12:27:42 | 000,591,872 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\aticfx64.dll
[2013/12/13 12:27:42 | 000,458,752 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2013/12/13 12:27:42 | 000,446,464 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2013/12/13 12:27:42 | 000,335,872 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2013/12/13 12:27:42 | 000,263,680 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2013/12/13 12:27:42 | 000,237,568 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2013/12/13 12:27:42 | 000,203,264 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2013/12/13 12:27:42 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2013/12/13 12:27:42 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2013/12/13 12:27:42 | 000,054,272 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2013/12/13 12:27:42 | 000,054,272 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2013/12/13 12:27:42 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2013/12/13 12:27:42 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2013/12/13 12:27:42 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2013/12/13 12:27:42 | 000,052,224 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2013/12/13 12:27:42 | 000,052,224 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2013/12/13 12:27:42 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2013/12/13 12:27:42 | 000,043,008 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2013/12/13 12:27:42 | 000,039,936 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2013/12/13 12:27:42 | 000,018,432 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2013/12/13 12:27:42 | 000,016,896 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2013/12/13 12:27:42 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2013/12/13 12:27:42 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2013/12/13 12:27:42 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
[2013/12/13 12:27:42 | 000,012,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2013/12/13 12:15:06 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013/12/13 12:15:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013/12/13 12:07:47 | 000,000,000 | ---D | C] -- C:\Users\Grace\Documents\Dell Downloads
[2013/12/13 11:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
[2013/12/13 11:45:10 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2013/12/13 11:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\My Dell
[2013/12/13 11:41:15 | 000,000,000 | ---D | C] -- C:\Users\Grace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
[2013/12/13 08:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/12/11 16:48:52 | 000,000,000 | ---D | C] -- C:\Users\Grace\Desktop\510 inspections
[2013/12/11 14:54:17 | 000,000,000 | -HSD | C] -- C:\Users\Grace\Documents\cache
[2013/12/11 14:54:13 | 000,000,000 | ---D | C] -- C:\Users\Grace\AppData\Roaming\webex
[2013/12/11 14:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\WebEx
[2013/12/11 13:55:47 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/11 13:55:47 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/11 13:55:46 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/12/11 13:55:46 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/12/11 13:55:46 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/12/11 13:55:46 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/12/11 13:55:46 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/12/11 13:55:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/12/11 13:55:46 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/12/11 13:55:46 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/12/11 13:55:46 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/12/11 13:55:44 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/11 13:55:44 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/12/11 13:55:44 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/12/11 13:55:44 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/12/11 12:23:08 | 000,000,000 | ---D | C] -- C:\Users\Grace\Documents\Ambling Books
[2013/12/11 12:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ambling Books
[2013/12/11 12:23:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sounds
[2013/12/11 12:23:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\plugins
[2013/12/11 12:23:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\log
[2013/12/11 12:23:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\lib
[2013/12/11 12:23:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ambling Books
[2013/12/11 08:45:11 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/11 08:45:06 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/11 08:45:06 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/11 08:45:06 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/11 08:45:06 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/11 08:45:06 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/11 08:45:06 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/12/11 08:45:06 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013/12/11 08:45:06 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013/12/10 14:04:14 | 009,272,200 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/12/08 13:08:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MonitorDriver
[2013/12/08 10:53:42 | 000,000,000 | ---D | C] -- C:\Users\Grace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
[2013/12/07 17:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/12/07 17:04:39 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/12/07 17:04:34 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/12/07 17:04:34 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/12/07 17:04:34 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/12/07 17:04:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/12/07 16:58:55 | 000,000,000 | ---D | C] -- C:\Users\Grace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\thinkorswim
[2013/12/05 11:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/12/05 11:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/03 14:16:16 | 000,000,000 | ---D | C] -- C:\Users\Grace\AppData\Local\FluxSoftware
[2013/12/02 14:42:51 | 000,000,000 | ---D | C] -- C:\Users\Grace\.thinkorswim
[2013/12/02 14:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\thinkorswim
[2013/12/02 14:42:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\thinkorswim
[2013/11/23 15:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/11/23 15:27:53 | 000,000,000 | ---D | C] -- C:\Users\Grace\AppData\Roaming\VS Revo Group
[2013/11/23 15:08:30 | 000,000,000 | ---D | C] -- C:\Users\Grace\AppData\Local\VS Revo Group
[2013/11/23 15:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2012/01/15 17:27:05 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Grace\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/12/18 17:50:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3875385828-3578430940-2960995150-1000UA.job
[2013/12/18 17:05:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/18 16:59:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3875385828-3578430940-2960995150-1000UA.job
[2013/12/18 15:22:48 | 000,000,512 | ---- | M] () -- C:\Users\Grace\Desktop\MBR.dat
[2013/12/18 14:06:19 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/18 14:06:19 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/18 14:06:19 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/18 14:06:15 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/18 14:06:15 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/18 14:01:36 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/18 14:01:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/18 14:00:57 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/18 13:57:42 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/12/18 13:47:28 | 001,226,750 | ---- | M] () -- C:\Users\Grace\Desktop\AdwCleaner.exe
[2013/12/18 13:47:19 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Grace\Desktop\aswmbr.exe
[2013/12/18 10:59:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3875385828-3578430940-2960995150-1000Core.job
[2013/12/17 16:14:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Grace\Desktop\OTL.exe
[2013/12/17 12:31:27 | 000,002,000 | ---- | M] () -- C:\Users\Grace\AppData\Roaming\wklnhst.dat
[2013/12/17 11:57:57 | 000,007,598 | ---- | M] () -- C:\Users\Grace\AppData\Local\resmon.resmoncfg
[2013/12/15 11:00:46 | 744,512,394 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/12/15 10:42:35 | 000,399,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/14 14:16:01 | 000,011,264 | ---- | M] () -- C:\Users\Grace\Desktop\grace info oct 2013.wps
[2013/12/13 19:33:21 | 002,579,528 | ---- | M] () -- C:\Users\Grace\Desktop\R245415.exe
[2013/12/13 12:10:40 | 143,371,832 | ---- | M] () -- C:\Users\Grace\Desktop\R274044.exe
[2013/12/13 11:23:09 | 001,052,672 | ---- | M] () -- C:\Users\Grace\Documents\dec 14 2013.evtx
[2013/12/13 08:45:12 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3875385828-3578430940-2960995150-1000Core.job
[2013/12/10 15:04:29 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/10 15:04:29 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/10 15:04:07 | 009,272,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/12/10 13:43:04 | 000,857,024 | ---- | M] () -- C:\Users\Grace\Documents\IRA WIthdrawl 2 of 2.pdf
[2013/12/10 13:41:15 | 002,880,775 | ---- | M] () -- C:\Users\Grace\Documents\IRA Withdrawl 1 of 2 form.pdf
[2013/12/10 13:10:18 | 003,737,347 | ---- | M] () -- C:\Users\Grace\Documents\IRA Withdrawl 10000 2013.pdf
[2013/12/10 13:09:45 | 000,856,198 | ---- | M] () -- C:\Users\Grace\Documents\IRA Withdrawl 10000 2013_4.png
[2013/12/10 13:09:38 | 000,959,368 | ---- | M] () -- C:\Users\Grace\Documents\IRA Withdrawl 10000 2013_3.png
[2013/12/10 13:09:32 | 000,947,736 | ---- | M] () -- C:\Users\Grace\Documents\IRA Withdrawl 10000 2013_2.png
[2013/12/10 13:09:25 | 000,972,176 | ---- | M] () -- C:\Users\Grace\Documents\IRA Withdrawl 10000 2013_1.png
[2013/12/10 12:49:48 | 000,269,007 | ---- | M] () -- C:\Users\Grace\Documents\IRA Distribution 1 Dec 10 2013.pdf
[2013/12/08 13:08:42 | 000,001,642 | ---- | M] () -- C:\Users\Public\Desktop\Launch Monitor Driver Installer.lnk
[2013/12/07 17:04:25 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/12/07 17:04:22 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/12/07 17:04:22 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/12/07 17:04:22 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/12/07 16:58:55 | 000,001,951 | ---- | M] () -- C:\Users\Grace\Desktop\thinkorswim.lnk
[2013/12/07 16:58:55 | 000,001,951 | ---- | M] () -- C:\Users\Grace\Application Data\Microsoft\Internet Explorer\Quick Launch\thinkorswim.lnk
[2013/12/05 14:01:57 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/05 11:51:08 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/12/05 11:47:26 | 000,000,082 | ---- | M] () -- C:\Users\Grace\AppData\Roaming\mbam.context.scan
[2013/12/05 09:08:33 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/12/03 19:24:44 | 000,002,734 | ---- | M] () -- C:\Users\Grace\Desktop\Google Keep.lnk
[2013/12/03 12:19:56 | 000,083,353 | ---- | M] () -- C:\Users\Grace\Documents\broker opening instructions real estate Chapter 5.pdf
[2013/12/02 14:42:47 | 000,001,951 | ---- | M] () -- C:\Users\Public\Desktop\thinkorswim.lnk
[2013/11/25 12:58:51 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/11/23 12:26:15 | 000,000,833 | ---- | M] () -- C:\Users\Grace\Desktop\HOSTS.old
[2013/11/22 09:57:14 | 000,002,285 | ---- | M] () -- C:\Users\Grace\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/22 09:03:53 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif

========== Files Created - No Company Name ==========

[2013/12/18 15:22:48 | 000,000,512 | ---- | C] () -- C:\Users\Grace\Desktop\MBR.dat
[2013/12/18 13:47:28 | 001,226,750 | ---- | C] () -- C:\Users\Grace\Desktop\AdwCleaner.exe
[2013/12/15 11:00:46 | 744,512,394 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/12/13 12:27:43 | 000,534,960 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2013/12/13 12:27:43 | 000,534,960 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2013/12/13 12:27:43 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2013/12/13 12:27:43 | 000,002,137 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2013/12/13 12:27:42 | 000,332,288 | ---- | C] () -- C:\Windows\SysNative\ATIODE.exe
[2013/12/13 12:27:42 | 000,203,336 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2013/12/13 12:27:42 | 000,057,192 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2013/12/13 12:27:42 | 000,051,200 | ---- | C] () -- C:\Windows\SysNative\ATIODCLI.exe
[2013/12/13 12:27:42 | 000,021,360 | ---- | C] () -- C:\Windows\atiogl.xml
[2013/12/13 12:07:58 | 143,371,832 | ---- | C] () -- C:\Users\Grace\Desktop\R274044.exe
[2013/12/13 12:07:58 | 002,579,528 | ---- | C] () -- C:\Users\Grace\Desktop\R245415.exe
[2013/12/13 11:23:09 | 001,052,672 | ---- | C] () -- C:\Users\Grace\Documents\dec 14 2013.evtx
[2013/12/10 13:43:04 | 000,857,024 | ---- | C] () -- C:\Users\Grace\Documents\IRA WIthdrawl 2 of 2.pdf
[2013/12/10 13:41:15 | 002,880,775 | ---- | C] () -- C:\Users\Grace\Documents\IRA Withdrawl 1 of 2 form.pdf
[2013/12/10 13:10:17 | 003,737,347 | ---- | C] () -- C:\Users\Grace\Documents\IRA Withdrawl 10000 2013.pdf
[2013/12/10 13:09:44 | 000,856,198 | ---- | C] () -- C:\Users\Grace\Documents\IRA Withdrawl 10000 2013_4.png
[2013/12/10 13:09:38 | 000,959,368 | ---- | C] () -- C:\Users\Grace\Documents\IRA Withdrawl 10000 2013_3.png
[2013/12/10 13:09:31 | 000,947,736 | ---- | C] () -- C:\Users\Grace\Documents\IRA Withdrawl 10000 2013_2.png
[2013/12/10 13:09:25 | 000,972,176 | ---- | C] () -- C:\Users\Grace\Documents\IRA Withdrawl 10000 2013_1.png
[2013/12/10 12:49:48 | 000,269,007 | ---- | C] () -- C:\Users\Grace\Documents\IRA Distribution 1 Dec 10 2013.pdf
[2013/12/08 13:08:42 | 000,001,642 | ---- | C] () -- C:\Users\Public\Desktop\Launch Monitor Driver Installer.lnk
[2013/12/07 16:58:55 | 000,001,951 | ---- | C] () -- C:\Users\Grace\Desktop\thinkorswim.lnk
[2013/12/07 16:58:55 | 000,001,951 | ---- | C] () -- C:\Users\Grace\Application Data\Microsoft\Internet Explorer\Quick Launch\thinkorswim.lnk
[2013/12/05 11:51:08 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/12/05 11:51:07 | 000,001,089 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/12/05 11:47:26 | 000,000,082 | ---- | C] () -- C:\Users\Grace\AppData\Roaming\mbam.context.scan
[2013/12/05 09:08:33 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/12/03 19:24:44 | 000,002,734 | ---- | C] () -- C:\Users\Grace\Desktop\Google Keep.lnk
[2013/12/03 12:19:56 | 000,083,353 | ---- | C] () -- C:\Users\Grace\Documents\broker opening instructions real estate Chapter 5.pdf
[2013/12/02 14:42:47 | 000,001,951 | ---- | C] () -- C:\Users\Public\Desktop\thinkorswim.lnk
[2013/11/25 12:58:51 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/11/25 12:58:51 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/11/23 12:25:03 | 000,000,833 | ---- | C] () -- C:\Users\Grace\Desktop\HOSTS.old
[2013/05/04 16:22:36 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-GRACE-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/05/04 12:43:00 | 000,000,048 | ---- | C] () -- C:\Users\Grace\AppData\Roaming\burnaware.ini
[2012/12/21 13:06:07 | 000,000,068 | ---- | C] () -- C:\Windows\eyeQ Screen Saver.ini
[2012/11/25 18:14:45 | 000,000,253 | ---- | C] () -- C:\Users\Grace\AppData\Roaming\ANICONFIG_{0731E19D-7E77-4D3A-A166-D08F118FCA08}.ini
[2012/11/25 12:26:39 | 000,302,080 | ---- | C] () -- C:\Windows\lwd.exe
[2012/11/19 11:59:11 | 000,000,258 | RHS- | C] () -- C:\Users\Grace\ntuser.pol
[2012/11/03 18:53:54 | 000,006,144 | ---- | C] () -- C:\Users\Grace\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/28 12:50:01 | 000,022,284 | ---- | C] () -- C:\Users\Grace\AppData\Local\recently-used.xbel
[2012/09/20 18:40:42 | 000,074,240 | ---- | C] () -- C:\Windows\trackerpod_server.exe
[2012/08/13 09:03:33 | 000,027,520 | ---- | C] () -- C:\Users\Grace\AppData\Local\dt.dat
[2012/08/02 14:20:14 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/09 16:09:42 | 002,846,896 | ---- | C] () -- C:\Users\Grace\AppData\Local\rx_image32.Cache
[2012/05/09 16:09:42 | 000,137,800 | ---- | C] () -- C:\Users\Grace\AppData\Local\rx_audio.Cache
[2012/03/29 09:17:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012/03/29 09:17:30 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/01/18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012/01/15 17:27:05 | 000,007,859 | ---- | C] () -- C:\Users\Grace\AppData\Roaming\pcouffin.cat
[2012/01/15 17:27:05 | 000,001,167 | ---- | C] () -- C:\Users\Grace\AppData\Roaming\pcouffin.inf
[2011/10/13 18:14:11 | 000,088,384 | ---- | C] () -- C:\Users\Grace\AppData\Local\RAContactHistory.xml
[2011/08/29 21:29:05 | 000,007,598 | ---- | C] () -- C:\Users\Grace\AppData\Local\resmon.resmoncfg
[2011/08/28 19:31:40 | 000,002,000 | ---- | C] () -- C:\Users\Grace\AppData\Roaming\wklnhst.dat
[2011/08/27 18:32:58 | 000,014,848 | ---- | C] () -- C:\Users\Grace\Country Lyrics.wps

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/02/01 13:58:59 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/02/01 13:58:59 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/11/17 14:29:52 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\Amazon
[2012/07/17 14:30:40 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\AMPSoft
[2013/05/02 18:09:23 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\AVG10
[2013/06/23 12:52:07 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\avidemux
[2013/05/02 18:09:23 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\Digidesign
[2013/11/23 09:22:41 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\Dropbox
[2011/11/15 09:44:29 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\Epson
[2013/04/11 18:35:51 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\FamilyTreeMaker
[2011/08/27 23:11:38 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\Full
[2012/10/31 10:40:27 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\Gyration
[2012/12/05 11:28:14 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\JRT Studio
[2013/05/02 18:09:22 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\KWorld Multimedia
[2011/08/31 21:36:24 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\Leadertech
[2012/12/04 18:46:28 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\MediaMonkey
[2013/05/02 18:09:22 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\mjusbsp
[2012/02/28 13:37:38 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\MP3SkypeRecorder
[2011/09/01 13:42:54 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\PACE Anti-Piracy
[2011/08/27 18:48:48 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\PCDr
[2013/05/02 18:09:22 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\PeerNetworking
[2013/05/02 18:09:22 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\PhotoScape
[2012/11/03 18:51:46 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\TechSmith
[2011/08/28 19:31:44 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\Template
[2011/08/31 21:34:15 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\Trillium Lane
[2013/05/02 17:39:49 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\TuneUp Software
[2013/11/23 15:27:53 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\VS Revo Group
[2013/04/24 07:47:46 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\Vso
[2013/12/18 15:56:30 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\webex
[2011/09/01 11:34:50 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\Windows Live Writer
[2013/05/02 18:09:22 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\Wondershare
[2012/01/15 17:35:43 | 000,000,000 | ---D | M] -- C:\Users\Grace\AppData\Roaming\Xilisoft

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 20:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 00:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 20:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 08:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 08:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 17:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 00:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 23:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 08:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 08:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 07:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 01:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 20:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 20:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 20:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 08:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/13 20:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 20:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 20:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 20:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 12:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 06:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 01:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 20:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 08:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 08:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 08:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 08:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 08:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 07:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 08:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 08:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 07:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 00:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 08:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 08:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 08:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 08:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 08:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 08:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 08:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 08:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 07:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 17:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 08:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 08:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\WINDOWS\erdnt\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\WINDOWS\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\WINDOWS\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/09/23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/09/05 09:04:00 | 000,559,090 | ---- | M] () MD5=8ADD48E413D05BF2E7AEC00173DDFABC -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.CSS >
[2011/08/31 02:30:40 | 000,000,093 | ---- | M] () MD5=F15FB82C578490B209442B8C1D5076CC -- C:\ProgramData\Intuit\Quicken\Inet\Common\Localweb\Services\Services.css
[2011/08/31 02:30:40 | 000,000,093 | ---- | M] () MD5=F15FB82C578490B209442B8C1D5076CC -- C:\Users\All Users\Intuit\Quicken\Inet\Common\Localweb\Services\Services.css

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\WINDOWS\erdnt\cache64\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.INI >
[2011/08/31 02:30:40 | 000,000,012 | ---- | M] () MD5=810C4D394B59FF7116A0CD6052286C41 -- C:\ProgramData\Intuit\Quicken\Inet\Common\Localweb\Services\Services.ini
[2011/08/31 02:30:40 | 000,000,012 | ---- | M] () MD5=810C4D394B59FF7116A0CD6052286C41 -- C:\Users\All Users\Intuit\Quicken\Inet\Common\Localweb\Services\Services.ini

< MD5 for: SERVICES.LNK >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\SysWOW64\services.msc
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PNG >
[2013/11/30 02:13:00 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files\My Dell\images\icons\png\24_24\services.png

< MD5 for: SERVICES.PTXML >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\WINDOWS\erdnt\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\WINDOWS\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\WINDOWS\erdnt\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\WINDOWS\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\WINDOWS\erdnt\cache86\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\WINDOWS\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\WINDOWS\erdnt\cache64\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\WINDOWS\erdnt\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is AA21-ED6D
Directory of C:\
07/14/2009 12:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 12:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 12:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 12:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 12:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 12:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 12:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Grace
08/27/2011 06:21 PM <JUNCTION> Application Data [C:\Users\Grace\AppData\Roaming]
08/27/2011 06:21 PM <JUNCTION> Cookies [C:\Users\Grace\AppData\Roaming\Microsoft\Windows\Cookies]
08/27/2011 06:21 PM <JUNCTION> Local Settings [C:\Users\Grace\AppData\Local]
08/27/2011 06:21 PM <JUNCTION> My Documents [C:\Users\Grace\Documents]
08/27/2011 06:21 PM <JUNCTION> NetHood [C:\Users\Grace\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/27/2011 06:21 PM <JUNCTION> PrintHood [C:\Users\Grace\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/27/2011 06:21 PM <JUNCTION> Recent [C:\Users\Grace\AppData\Roaming\Microsoft\Windows\Recent]
08/27/2011 06:21 PM <JUNCTION> SendTo [C:\Users\Grace\AppData\Roaming\Microsoft\Windows\SendTo]
08/27/2011 06:21 PM <JUNCTION> Start Menu [C:\Users\Grace\AppData\Roaming\Microsoft\Windows\Start Menu]
08/27/2011 06:21 PM <JUNCTION> Templates [C:\Users\Grace\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Grace\AppData\Local
08/27/2011 06:21 PM <JUNCTION> Application Data [C:\Users\Grace\AppData\Local]
08/27/2011 06:21 PM <JUNCTION> History [C:\Users\Grace\AppData\Local\Microsoft\Windows\History]
08/27/2011 06:21 PM <JUNCTION> Temporary Internet Files [C:\Users\Grace\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Grace\Documents
08/27/2011 06:21 PM <JUNCTION> My Music [C:\Users\Grace\Music]
08/27/2011 06:21 PM <JUNCTION> My Pictures [C:\Users\Grace\Pictures]
08/27/2011 06:21 PM <JUNCTION> My Videos [C:\Users\Grace\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\WINDOWS\System32\config\systemprofile
07/09/2010 09:05 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
07/09/2010 09:05 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
08/31/2011 07:17 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
08/31/2011 07:17 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/31/2011 07:17 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/31/2011 07:17 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
08/31/2011 07:17 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
08/31/2011 07:17 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
08/31/2011 07:17 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\WINDOWS\System32\config\systemprofile\AppData\Local
07/09/2010 09:05 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
07/09/2010 09:05 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
07/09/2010 09:05 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\WINDOWS\System32\config\systemprofile\Documents
08/31/2011 07:17 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
08/31/2011 07:17 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
08/31/2011 07:17 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\WINDOWS\SysWOW64\config\systemprofile
07/09/2010 09:05 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
07/09/2010 09:05 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
08/31/2011 07:17 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
08/31/2011 07:17 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/31/2011 07:17 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/31/2011 07:17 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
08/31/2011 07:17 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
08/31/2011 07:17 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
08/31/2011 07:17 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local
07/09/2010 09:05 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
07/09/2010 09:05 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
07/09/2010 09:05 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\WINDOWS\SysWOW64\config\systemprofile\Documents
08/31/2011 07:17 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
08/31/2011 07:17 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
08/31/2011 07:17 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
79 Dir(s) 840,395,853,824 bytes free

< End of report >

Edited by gracek, 18 December 2013 - 05:17 PM.

  • 0

#4
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

I don't see the VirusTotal URL links or the AdwCleaner log. Could you post them please?
  • 0

#5
gracek

gracek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
YIKES, Sorry!!!!!!!! My brain was lacking for a moment...

I am not sure you got correct last OTL scan. I don't see it on my desktop either.. should I redo it?

I re did the virus total...
https://www.virustot...sis/1387433247/

https://www.virustot...sis/1387433421/

https://www.virustot...sis/1387433531/

# AdwCleaner v3.010 - Report created 21/10/2013 at 18:00:58
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Grace - GRACE-PC
# Running from : C:\Users\Grace\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\Program Files (x86)\Common Files\spigot
Folder Found C:\Users\Grace\AppData\Local\unitlayers
Folder Found C:\Users\Grace\AppData\Roaming\DSite

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\dsiteproducts
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Value Found : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (en-US)

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4023 octets] - [21/10/2013 18:00:58]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4083 octets] ##########
# AdwCleaner v3.015 - Report created 18/12/2013 at 17:24:10
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Grace - GRACE-PC
# Running from : C:\Users\Grace\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\dsiteproducts
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Updater By Sweetpacks

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16750


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8127 octets] - [21/10/2013 17:00:58]
AdwCleaner[R1].txt - [920 octets] - [21/10/2013 17:12:36]
AdwCleaner[S0].txt - [4185 octets] - [21/10/2013 17:01:40]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8306 octets] ##########

Edited by gracek, 19 December 2013 - 12:23 AM.

  • 0

#6
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the logs. The aswMBR scan is clean. The files you uploaded are clean. Continuing on :)

The AdwCleaner logs you posted were run on Oct. 21, 2013.

*************************

AdwCleaner[R0].txt - [8127 octets] - [21/10/2013 17:00:58]
AdwCleaner[R1].txt - [920 octets] - [21/10/2013 17:12:36]
AdwCleaner[S0].txt - [4185 octets] - [21/10/2013 17:01:40]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8306 octets] ##########

Obviously you have an old copy of AdwCleaner. We need to remove it and download a fresh copy and run a new scan. Going forward, if I ask you for a scan and it is from a tool you already have (that we didn't download) please let me know so that we can get a fresh copy.


Step-1.

Uninstall AdwCleaner

Re-open AdwCleaner
  • Click the Uninstall button
  • Confirm with yes
Posted Image


Step-2.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • Right click the AdwCleaner icon Posted Image on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

    Posted Image
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Step-3.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
  • Right click the FSS.exe file, click Run as Administrator and OK any UAC prompts.

    Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step-4


Run Security Check

Download Security Check from here or here and save it to the Desktop.
  • Right click the SecurityCheck icon Posted Image and click Run as Administrator to run the application. Allow any UAC warnings.
  • Follow the onscreen instructions inside of the black box.

    Posted Image
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The new AdwCleaner.txt log
2. The FSS.txt log
3. The checkup.txt log
  • 0

#7
gracek

gracek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi, Here ya go... Happy Friday!

# AdwCleaner v3.015 - Report created 20/12/2013 at 18:50:47
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Grace - GRACE-PC
# Running from : C:\Users\Grace\Desktop\AdwCleaner (1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\dsiteproducts
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Updater By Sweetpacks

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16750


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3916 octets] - [20/12/2013 18:50:47]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3976 octets] ##########


Farbar Service Scanner Version: 05-12-2013
Ran by Grace (administrator) on 20-12-2013 at 18:53:53
Running from "C:\Users\Grace\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****




Results of screen317's Security Check version 0.99.77
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (3.0.0.7009)
Malwarebytes Anti-Malware version 1.75.0.1300
Java™ 6 Update 45
Java 7 Update 45
Java™ SE Runtime Environment 6
Adobe Flash Player 11.9.900.170
Adobe Reader XI
Mozilla Firefox (25.0.1)
Google Chrome 31.0.1650.57
Google Chrome 31.0.1650.63
Google Chrome Plugins...
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````






  • 0

#8
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the logs. Let's kill some more stuff. After this round please tell me what issues remain.


Step-1.

Program uninstalls

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

Java™ 6 Update 45
Java™ SE Runtime Environment 6


3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.


Step-2.

Re-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner
  • Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Step-3.

Scan with JRT:

Posted Image Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Right click the JRT icon Posted Image and click Run as Administrator to run the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
NOTE: Reboot the machine and ensure that all security software is now enabled.


Step-4.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O16 - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_45)
O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_10)

:FILES
ipconfig /flushdns /c
C:\Users\Default\AppData\Roaming\TuneUp Software
C:\Users\Default User\AppData\Roaming\TuneUp Software
C:\Users\Grace\AppData\Roaming\AVG10
C:\Users\Grace\AppData\Roaming\TuneUp Software
netsh advfirewall reset /c
netsh advfirewall set allprofiles state ON /c

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The AdwCleaner[S0].txt log
2. The JRT.txt log
3. The OTL fixes log
  • 0

#9
gracek

gracek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
HI! Thanks for all the help so far!!

I have not proceeded with the steps past uninstall.

When I try to uninstall Java™ 6 Update 45
I get an error when uninstalling. It did not uninstall. The error states:
"Error:1723- There is a problem with this windows installer package. A DLL required for this install to complete could not run. Contact your support personell or package vendor."


I was successful with uninstalling: Java™ SE Runtime Environment 6

Should I proceed with the next steps? I will wait for your instruction.

Thanks
  • 0

#10
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Yes, please.
  • 0

Advertisements


#11
gracek

gracek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
YEAH, between the gazillion phone calls, I got the scans done!!! Question- Should I be running AVG or something along with MS Security E.?

Here ya go... Thanks again for your time.



# AdwCleaner v3.015 - Report created 21/12/2013 at 14:23:31
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Grace - GRACE-PC
# Running from : C:\Users\Grace\Desktop\AdwCleaner (1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16750


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4100 octets] - [20/12/2013 18:50:47]
AdwCleaner[R1].txt - [4160 octets] - [21/12/2013 14:21:32]
AdwCleaner[S0].txt - [3954 octets] - [21/12/2013 14:23:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4014 octets] ##########




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Grace on Sat 12/21/2013 at 15:15:21.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3875385828-3578430940-2960995150-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\alxtb2.toolbarproxy
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\alxtb2.toolbarproxy.1



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\Program Files (x86)\alexa toolbar"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/21/2013 at 15:19:34.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk moved successfully.
File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Grace\Desktop\cmd.bat deleted successfully.
C:\Users\Grace\Desktop\cmd.txt deleted successfully.
C:\Users\Default\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Users\Default\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.
C:\Users\Default\AppData\Roaming\TuneUp Software folder moved successfully.
File\Folder C:\Users\Default User\AppData\Roaming\TuneUp Software not found.
C:\Users\Grace\AppData\Roaming\AVG10\cfgall folder moved successfully.
C:\Users\Grace\AppData\Roaming\AVG10 folder moved successfully.
C:\Users\Grace\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Users\Grace\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.
C:\Users\Grace\AppData\Roaming\TuneUp Software folder moved successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Grace\Desktop\cmd.bat deleted successfully.
C:\Users\Grace\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state ON /c >
Ok.
C:\Users\Grace\Desktop\cmd.bat deleted successfully.
C:\Users\Grace\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Grace
->Temp folder emptied: 184742023 bytes
->Temporary Internet Files folder emptied: 448346946 bytes
->Java cache emptied: 3015105 bytes
->Google Chrome cache emptied: 381540578 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 22214 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42020 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 971.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12212013_161027





  • 0

#12
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Thanks again for your time.

You are welcome.

Question- Should I be running AVG or something along with MS Security E.?

No. You shouldn't ever have more than one antivirus program running. Having two or more running will slow the system down. Multiple AV programs produce false positives, depending on the configuration used. And you actually end up with less protection. Not to mention that AV programs are so bad at playing well together that trying to install a second or third one will break the one that was working and not install the second one completely. Sometimes resulting in not being able to uninstall either program using the normal method and not allowing any other AV to be installed.

You should have a antimalware program, such as MalwareBytes, that you can use often to run on demand scans. We will do that next and also run an on-line scan.
Before running the next steps please disable any screen saver you might have running.


Step-1.

Posted ImageMalwarebytes' Anti-Malware

Close all programs and browsers on your computer and disable any screen saver you might have running.

Right click the MalwareBytes icon on the desktop and click Run As Administrator, then click the Continue or OK button on the UAC window.
  • You will now be at the main program as shown below.

    Posted Image
  • Click the Update tab abd update the program if required.
  • Click the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
    MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image

    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore (see the image below), and click Remove Selected<---Very Important.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

I would suggest that you run a Quick Scan frequently and a Full Scan every week or so. Update the definition files before running a scan. Click the Update tab and update from there.


Step-2

Run ESET Online Scanner:

Note: Optimized for Internet Explorer but you can use Chrome or Mozilla FireFox for this scan.

Important! You will need to disable your currently installed Anti-Virus program, how to do so can be read here.

Vista / 7 users: You will need to to right-click on either the Internet Explorer or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on:

    Posted Image

    Note: If using Mozilla Firefox a window will open telling you that you will need to download the ESET Smart Installer. Click on esetsmartinstaller_enu.exe to download the Smart Installer. Save it to the desktop.
    When prompted double click on the Posted Image icon on the desktop. After successful installation of ESET Smart Installer ESET Online Scanner is launched in a new window.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • A new window will open:

    Posted Image
  • Select the option YES, I accept the Terms of Use then click on:

    Posted Image
  • When prompted allow the Add-On/Active X to install. The following window will open:

    Posted Image

    • Uncheck the box beside Remove Found Threats
    • Check the box Scan archives.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. [i]The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

A.
If No Threats Were Found:
  • Put a checkmark in Uninstall application on close
  • Close the program
  • Report to me that nothing was found
B.
If Threats Were Found:
  • Click on list of threats found
  • Click on export to text file and save it to the desktop as ESET SCAN.txt
  • Click on Back
  • Put a checkmark in Uninstall application on close Be sure you have saved the file first
  • Click on Finish
  • Close the program
Don't forget to enable your Antivirus program and screen saver.


Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The MalwareBytes log
2. The ESET scan log (IF it found anything). If it didn't just let me know.
3. How is the computer running now?
  • 0

#13
gracek

gracek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I ran malwarebytes.

When I ran the ESET Scanner, a popup window opened with a blank light blue screen. I looked at source and it is running JAVA! So, what should I do about the java. There was no prompt to allow addon/active X. Java is the software that wouldn't uninstall where I got the error. I still have in programs- Jave 6 update 45, java 7 update 45, and java 7 update 45 64 bit.

The program that wasn't working well was a java based one. Trade Architect. And Internet Explorer was crashing. So far, during a lot of this, no crashing with IE, but I haven't been working with JAVA either. Tomorrow I will give it a workout! I think it will take another day to see how the computer is doing... I will need to play with the programs that were crashing.

Going to bed! G

Here is the Malwarebytes log...

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.21.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16750
Grace :: GRACE-PC [administrator]

12/21/2013 6:22:39 PM
mbam-log-2013-12-21 (18-22-39).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 416255
Time elapsed: 51 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 11
HKCR\CLSID\{EA582743-9076-4178-9AA6-7393FDF4D5CE} (PUP.Optional.AmazonTB.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72} (PUP.Optional.AmazonTB.A) -> Quarantined and deleted successfully.
HKCR\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C} (PUP.Optional.AmazonTB.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA582743-9076-4178-9AA6-7393FDF4D5CE} (PUP.Optional.AmazonTB.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA582743-9076-4178-9AA6-7393FDF4D5CE} (PUP.Optional.AmazonTB.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{F443A627-5009-4323-9C1D-7FD598D0D712} (PUP.Optional.AmazonTB.A) -> Quarantined and deleted successfully.
HKCR\AlxTB2.AlxHelper.1 (PUP.Optional.AmazonTB.A) -> Quarantined and deleted successfully.
HKCR\AlxTB2.AlxHelper (PUP.Optional.AmazonTB.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712} (PUP.Optional.AmazonTB.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F443A627-5009-4323-9C1D-7FD598D0D712} (PUP.Optional.AmazonTB.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F443A627-5009-4323-9C1D-7FD598D0D712} (PUP.Optional.AmazonTB.A) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{EA582743-9076-4178-9AA6-7393FDF4D5CE} (PUP.Optional.AmazonTB.A) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{EA582743-9076-4178-9AA6-7393FDF4D5CE} (PUP.Optional.AmazonTB.A) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





  • 0

#14
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

When I ran the ESET Scanner, a popup window opened with a blank light blue screen. I looked at source and it is running JAVA! So, what should I do about the java. There was no prompt to allow addon/active X. Java is the software that wouldn't uninstall where I got the error. I still have in programs- Jave 6 update 45, java 7 update 45, and java 7 update 45 64 bit.

You still have the current Java version installed--Java 7 Update 45. The Java 6 versions that we were uninstalling were old and did not need on be on the system.
Did the ESET scan finish? If it did finish did it find anything? If it found things did you save the log file? If you saved the log file could you post it please?
If ESET didn't finish please run it again. If it won't work correctly in IE try Firefox.
  • 0

#15
gracek

gracek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I was not able to run the scanner, it opened up a blank blue screen. No way to run. It did run a scan and wouldn't give me an option to run a scan since the popup window to scan was blank blue. When I ran the ESET Scanner, a popup window opened with a blank light blue screen

PS, Happy Holidays, I am not in a "hurry" just hope to get this working by Jan 2 :-)

Then, I am out of pocket for a month.

So, I hope you are well, and I appreciate you being a volunteer!

Edited by gracek, 23 December 2013 - 02:00 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP