Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Having Trouble With IE Opening & Browsing [Solved]

Started by robkbriggs , Jan 02 2014 01:27 PM

  • This topic is locked This topic is locked

#1
robkbriggs
Posted 02 January 2014 - 01:27 PM

robkbriggs

    Member

  • Member
  • PipPipPip
  • 152 posts
Hello,

My girlfriend's sister brought her laptop to me because she has been having some problems with it. She told me that she can't check her email, and that it wouldn't do anything. I tried to get some more info from her, and from what she said, IE is slow to open up, and takes a long time to load web pages. After taking a quick look a it, it appears that it has some malware on it. I also noticed that it looks like it doesn't have current antivirus or antimalware programs on it. I would just like to get in and clean it up, so when I give it back to her we are starting from a safe baseline.

OTL Log

OTL logfile created on: 1/2/2014 1:00:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sheets\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 48.79% Memory free
6.95 Gb Paging File | 5.01 Gb Available in Paging File | 71.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.66 Gb Total Space | 392.09 Gb Free Space | 87.59% Space Free | Partition Type: NTFS
Drive D: | 6.78 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: SHEETS-PC | User Name: Sheets | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/02 12:59:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sheets\Desktop\OTL.exe
PRC - [2013/09/21 14:50:14 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/08/14 14:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/30 22:11:08 | 000,042,784 | ---- | M] (Yontoo LLC) -- C:\Users\Sheets\AppData\Roaming\Yontoo\YontooDesktop.exe
PRC - [2013/04/30 22:11:08 | 000,023,552 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
PRC - [2012/03/23 03:33:48 | 000,419,408 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2012/03/23 03:33:46 | 000,355,920 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2012/03/23 03:33:46 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2012/03/23 03:33:44 | 001,105,488 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2012/02/29 07:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2012/02/06 18:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2012/01/05 15:22:10 | 000,256,536 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/02 12:56:52 | 000,013,600 | ---- | M] () -- C:\Users\Sheets\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll
MOD - [2013/10/14 02:38:00 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\065d1a77c70d2c1c13fce187ba67ae86\System.Windows.Forms.ni.dll
MOD - [2013/10/14 02:37:35 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/08/17 20:47:32 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/17 20:47:06 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/17 20:46:58 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/21 16:48:15 | 002,052,096 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/07/21 16:48:15 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/07/11 17:54:54 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/02 17:09:05 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2012/10/05 04:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2013/11/26 03:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/09/06 11:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/29 00:41:26 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/02/07 18:53:48 | 000,871,296 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2012/02/06 18:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/12/23 20:39:58 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 18:41:08 | 000,240,736 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/08/14 14:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/05/29 11:28:01 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/03/23 03:33:46 | 000,355,920 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2012/02/29 07:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2012/01/05 15:22:10 | 000,256,536 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/24 21:01:12 | 000,107,048 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2012/09/24 21:00:36 | 000,077,184 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2012/09/24 21:00:00 | 000,173,504 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/29 01:01:58 | 010,819,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/02/28 23:41:08 | 000,328,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/02/07 05:01:00 | 003,538,432 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/02/07 00:03:06 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2012/02/07 00:03:06 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2012/01/31 22:54:56 | 000,031,872 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd)
DRV:64bit: - [2012/01/13 02:05:56 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/12/05 01:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/10/25 09:16:46 | 000,219,776 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/10/25 09:16:46 | 000,102,528 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/08/02 14:33:16 | 000,105,744 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2011/07/13 23:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/13 23:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=04/12/2013
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.findwi...6CB8A}&serpv=22
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=04/12/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=04/12/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://search.findwide.com/?guid={ [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...D&ocid=U147DDHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=04/12/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=04/12/2013
IE - HKCU\..\SearchScopes,DefaultScope = {CBFDE2B3-738B-43FB-A7C8-A1452645F66E}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=04/12/2013
IE - HKCU\..\SearchScopes\{203B2710-1CE1-4635-B762-C84DA7DC576B}: "URL" = http://search.yahoo....petb&type=10743
IE - HKCU\..\SearchScopes\{CBFDE2B3-738B-43FB-A7C8-A1452645F66E}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\547FC3B25EFA415F8D5CE62D2D036DFB: "URL" = http://search.findwi...k={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tightropeinteractive.com/Plugin: C:\Users\Sheets\AppData\Local\TNT2\2.0.0.1663\npTNT2.dll (Findwide)
FF - HKCU\Software\MozillaPlugins\@tnt2ghost.com/Plugin: C:\Users\Sheets\AppData\Local\TNT2\2.0.0.1663\npTNT2ghost.dll (Findwide)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension [2013/12/05 20:35:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2013/12/05 20:34:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/21 14:50:59 | 000,000,000 | ---D | M]

[2013/12/05 20:35:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sheets\AppData\Roaming\Mozilla\Firefox\extensions
[2013/12/05 20:35:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sheets\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: FindWide (Enabled)
CHR - default_search_provider: search_url = http://search.findwi...k={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: npAPI Plugin (Enabled) = C:\Users\Sheets\AppData\Local\TNT2\2.0.0.1663\npTNT2.dll
CHR - plugin: npAPI Ghost Plugin (Enabled) = C:\Users\Sheets\AppData\Local\TNT2\2.0.0.1663\npTNT2ghost.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Google Docs = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Docs = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Docs = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Google Drive = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Drive = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: YouTube = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Search = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: No name found = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\djgojpphcoccgjoafgdhiomafpcopmfn\1_0\
CHR - Extension: No name found = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjllbogbaogimpilgdginhalhhbmhiob\1.25.6_0\crossrider
CHR - Extension: No name found = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjllbogbaogimpilgdginhalhhbmhiob\1.25.6_0\
CHR - Extension: RealDownloader = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: RealDownloader = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_1\
CHR - Extension: No name found = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.43_0\
CHR - Extension: No name found = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_1\
CHR - Extension: Google Wallet = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Wallet = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: No name found = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\
CHR - Extension: No name found = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\picicfdalhmohgcfkpenfgblnijmnagl\2.0.0.429_0\
CHR - Extension: Gmail = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Gmail = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Tube Dimmer) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\TubeDimmer\IE\common.dll (Creative Island Media, LLC)
O2 - BHO: (MyWordTool) - {45470599-8237-486D-87B5-E89CD6AED154} - C:\Users\Sheets\AppData\Roaming\MyWordTool\temp.dat File not found
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Consumer Input\dca-bho.dll (Compete, Inc.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - {503984BC-61A4-4C3C-A69E-FDAFC8D09934} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {503984BC-61A4-4C3C-A69E-FDAFC8D09934} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3:HKU - HKCU\..\Toolbar\WebBrowser: (FindWide Toolbar) - {503984BC-61A4-4C3C-A69E-FDAFC8D09934} - C:\Users\Sheets\AppData\Local\TNT2\Profiles\10743\passport.dll (Findwide)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: nearlovingsbend.net ([www] http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6479D562-7292-4C80-888A-6A3EF5D8C9B4}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261070~1.41\{c16c1~1\browse~1.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/07/21 21:13:47 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/08/09 11:25:31 | 000,000,041 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{7e4d1cbc-a9ae-11e1-958d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7e4d1cbc-a9ae-11e1-958d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\ShelExec.exe index.html
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/02 12:59:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sheets\Desktop\OTL.exe
[2013/12/23 20:41:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/12/23 20:40:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/12/19 23:33:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/12/19 23:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/12/19 23:27:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2013/12/19 23:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/12/19 23:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/12/19 22:01:09 | 000,000,000 | ---D | C] -- C:\Users\Sheets\AppData\Local\{737624CA-D9BD-4646-AD11-44C0FC6DD739}
[2013/12/19 20:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2013/12/19 20:56:56 | 002,212,176 | ---- | C] (ELAN Microelectronics Corp.) -- C:\Windows\ETDUninst.dll
[2013/12/19 20:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/12/19 20:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2013/12/11 21:55:09 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013/12/11 21:55:09 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013/12/11 21:55:09 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013/12/11 21:55:07 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013/12/11 21:53:05 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/12/11 21:53:04 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/11 21:53:04 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/11 21:53:04 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/12/11 21:53:04 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/12/11 21:53:04 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/12/11 21:53:04 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/12/11 21:53:03 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/12/11 21:53:03 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/12/11 21:53:03 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/12/11 21:53:03 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/12/11 21:53:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/12/11 21:53:02 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/12/11 21:53:01 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/12/11 21:53:01 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/12/11 21:52:58 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/11 21:26:54 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013/12/11 21:26:54 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013/12/11 21:26:49 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/12/11 21:26:49 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/12/11 21:26:46 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/11 21:26:40 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/11 21:26:40 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/11 21:26:40 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/11 21:26:40 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/11 21:26:40 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/11 21:26:40 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/12/11 21:26:40 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013/12/11 21:26:40 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013/12/05 20:25:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/12/04 22:13:48 | 000,000,000 | ---D | C] -- C:\Users\Sheets\.android
[2013/12/04 22:13:47 | 000,000,000 | ---D | C] -- C:\Users\Sheets\AppData\Local\cache
[2013/12/04 22:13:46 | 000,000,000 | ---D | C] -- C:\Users\Sheets\AppData\Roaming\newnext.me
[2013/12/04 22:13:46 | 000,000,000 | ---D | C] -- C:\Users\Sheets\Desktop\Documents\Mobogenie
[2013/12/04 22:13:46 | 000,000,000 | ---D | C] -- C:\Users\Sheets\AppData\Local\Mobogenie
[2013/12/04 22:11:46 | 000,000,000 | ---D | C] -- C:\Users\Sheets\AppData\Local\SwvUpdater
[2013/12/04 22:01:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maximum Converter
[2013/12/04 22:00:34 | 000,000,000 | ---D | C] -- C:\Users\Sheets\AppData\Local\SearchProtect
[2013/12/04 21:59:58 | 000,000,000 | ---D | C] -- C:\Users\Sheets\AppData\Local\VisualBeeClient
[2013/12/04 21:59:15 | 000,000,000 | ---D | C] -- C:\Users\Sheets\AppData\Local\VisualBeeExe
[2013/12/04 21:58:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ViewPassword
[2013/12/04 21:58:45 | 000,000,000 | ---D | C] -- C:\Users\Sheets\AppData\Local\GreatArcadeHits
[2013/12/04 21:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\TubeDimmer
[2013/12/04 21:22:18 | 000,000,000 | ---D | C] -- C:\Users\Sheets\AppData\Roaming\MyWordTool
[2013/12/04 21:22:10 | 000,000,000 | ---D | C] -- C:\Users\Sheets\AppData\Local\TNT2
[2013/12/04 21:21:23 | 000,000,000 | ---D | C] -- C:\Users\Sheets\AppData\Roaming\Mozilla
[2013/12/04 20:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2013/12/03 17:43:01 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/02 12:59:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sheets\Desktop\OTL.exe
[2014/01/02 12:55:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/02 12:55:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/02 12:55:21 | 2800,771,072 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/01 15:33:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/01 15:32:43 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/01 12:24:14 | 000,000,454 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Sheets.job
[2014/01/01 12:09:12 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/01 12:09:12 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/23 20:41:43 | 000,002,263 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/23 20:39:58 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/23 20:39:58 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/20 22:49:40 | 000,152,268 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/12/19 23:33:54 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/12/19 23:27:39 | 000,002,515 | ---- | M] () -- C:\Users\Sheets\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2013/12/19 23:27:39 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2013/12/19 23:09:31 | 000,001,095 | ---- | M] () -- C:\Users\Sheets\Desktop\Documents\Documents - Shortcut.lnk
[2013/12/19 23:00:00 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\Regwork.job
[2013/12/19 20:42:03 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/12/19 20:42:03 | 000,001,935 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/12/12 12:45:00 | 000,798,046 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/12 12:45:00 | 000,674,044 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/12 12:45:00 | 000,126,220 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/11 21:58:16 | 000,364,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/04 22:00:36 | 000,000,000 | ---- | M] () -- C:\END
[2013/12/03 17:45:05 | 000,786,624 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/23 20:41:43 | 000,002,263 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/23 20:40:51 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/23 20:40:44 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/20 22:49:40 | 000,152,268 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/12/19 23:33:54 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/12/19 23:27:39 | 000,002,515 | ---- | C] () -- C:\Users\Sheets\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2013/12/19 23:27:39 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2013/12/19 23:27:39 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2013/12/19 23:09:31 | 000,001,095 | ---- | C] () -- C:\Users\Sheets\Desktop\Documents\Documents - Shortcut.lnk
[2013/12/04 20:38:29 | 000,001,935 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/12/04 20:38:29 | 000,001,935 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/12/03 17:45:05 | 000,786,624 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/27 19:59:49 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2013/01/21 03:54:24 | 000,007,605 | ---- | C] () -- C:\Users\Sheets\AppData\Local\Resmon.ResmonCfg
[2012/09/03 15:37:03 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/05/29 11:22:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/03/19 11:26:44 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/19 11:26:44 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/19 11:26:43 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/02/29 14:57:48 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:07F6D9E4

< End of report >


Thanks,
Rob
  • 0

Advertisements

#2
pystryker
Posted 02 January 2014 - 09:25 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.

Please note: I am currently in training and all my fixes must be approved by my teacher before being posted. This gives you the advantage of having two people working to solve your problems.

Before we get started, I have a few things I need to go over with you

  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please subscribe to this topic. By subscribing, the board will notify you when a new reply is added to your topic. You can find instructions on how to do that by clicking here.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  • Please remember, the fixes are for your machine and your machine ONLY!



Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)

Now, let's get started, shall we? :thumbsup:



Hello :) There should be another log called Extras.txt that was produced from your initial run of OTL. It will be located in the same place as where you ran OTL from, in this case C:\Users\Sheets\Desktop. Please post that log in your next reply. I'm currently working on a fix for your machine and will post when it is approved. :)

Things I need to see in your next post:

Extras.txt Log
  • 0

#3
robkbriggs
Posted 02 January 2014 - 09:58 PM

robkbriggs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
Hello,

Here is the Extras.txt Log

OTL Extras logfile created on: 1/2/2014 1:00:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sheets\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 48.79% Memory free
6.95 Gb Paging File | 5.01 Gb Available in Paging File | 71.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.66 Gb Total Space | 392.09 Gb Free Space | 87.59% Space Free | Partition Type: NTFS
Drive D: | 6.78 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: SHEETS-PC | User Name: Sheets | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DBED5B6-D3F6-4980-94F0-DD0B8B0A934F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{18A27885-0465-4134-8B60-B514BE885084}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{19AF02E9-68BB-4523-8406-3BA08F300BF9}" = rport=139 | protocol=6 | dir=out | app=system |
"{1DB56B89-D41A-4068-88EC-50BDE2B3DF45}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{25B94A7E-94D4-4E28-9192-63669A11F35A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{37B12D3E-FC66-4103-B0C0-A3EBB78BB77F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{37B836C5-5AFD-45E7-B4DD-92F8CC7427CC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3ED2F87C-EEB6-4B70-BE7E-54EBC1E4FF9B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3EFCAA49-E489-41A9-A3B8-FC3F6665892B}" = rport=445 | protocol=6 | dir=out | app=system |
"{53BF3194-2631-4893-A4D9-79EAB6CAC8A3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{56C6872C-645F-41F1-B70E-D3EE5E59A137}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5781377E-4DF9-4CFF-943B-3557B785BA6E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{58AE6FED-A951-42EC-B06A-A58F832F5B10}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8F659537-935C-47FA-B1F2-823BA502B65E}" = lport=139 | protocol=6 | dir=in | app=system |
"{9CC2A265-2AB4-4215-895F-95F6DA355424}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9CF65444-1AED-4E87-A2CF-F331C232C85A}" = lport=138 | protocol=17 | dir=in | app=system |
"{ABF96B88-A474-4594-8105-AB6FEDBE3791}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AC6F611E-E332-4367-9E2E-428618A04B45}" = lport=137 | protocol=17 | dir=in | app=system |
"{D6321D97-07CD-410E-AF2A-B4EA61558A25}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D6DF3179-6A24-4C47-8D68-8A05CC048A3F}" = rport=138 | protocol=17 | dir=out | app=system |
"{DFA5754D-02AE-47A8-9914-9ED5C1F7A84B}" = rport=137 | protocol=17 | dir=out | app=system |
"{E4FD701A-EBBB-40C0-8FAF-66D1974DEE16}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{FCDD134E-19FB-4615-9151-8513C65B9A99}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C6C902-D637-45AA-AFF9-835A111E28C1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{021192B3-E856-475A-A6EB-493297B8170F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{0A05140B-CE2B-4FCD-B1BE-DE8DE1C4BA97}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\mvp\musicplayer.exe |
"{0A424FBC-0FBA-465C-9DBB-0C70B566B92C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{13FE63D5-EB12-4000-8EBE-67C6A70B1CB4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{167599D7-BEB4-4AE1-80BD-60E37F6FE7AA}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{1A08FB2A-A8F0-42F2-A04D-13E24024E4B0}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{1E64027D-1137-4F99-A490-802819D2DA37}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{207DA1A8-6AA3-445D-841D-8218FAA72C3C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{283BE48D-ACE6-4AC1-A498-283C45D73944}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2F852994-92F5-411E-A64E-D27997C32310}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{37705E6E-F499-4318-BC74-2AEA529FAA31}" = protocol=1 | dir=in | [email protected],-28543 |
"{417DA23F-7A0C-42AC-A0F7-2296B8AD822C}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{4E6D3B23-DF31-475A-96BC-CC9871198046}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{556DB84E-6531-4915-A5A0-D25F2F04C611}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{56D5564A-9F4A-47DF-9C31-C9B67E4CF358}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{588496FD-E02B-4B28-91B5-A14C7023253F}" = protocol=58 | dir=in | [email protected],-28545 |
"{5C02C35E-7C81-4209-9372-67DADC66E67A}" = protocol=6 | dir=out | app=system |
"{6A64243D-17EF-4CBB-B198-26A31E63119D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{6CEEF997-EE30-4A43-996A-F7EFB29D7718}" = protocol=1 | dir=out | [email protected],-28544 |
"{6DEFF320-79C3-45F8-9E68-FFD4D4A6B4D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6FDAF873-1E1C-423C-BD46-ACED9BC8699F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{7AD49FF8-5D96-4888-849A-A14041C29C70}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{84A807E3-E193-44A9-BA9A-6E3CDEDBE0F9}" = protocol=17 | dir=in | app=c:\program files\trend micro\titanium\uiframework\uiwinmgr.exe |
"{917630BE-2DC3-44A8-AC5F-928C5AAB64F0}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{929F8894-90B5-4DE3-8840-4DA767036C0E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{94CFA426-3C4D-46DD-B979-12F787416D24}" = protocol=6 | dir=in | app=c:\users\sheets\appdata\local\temp\smallinstaller\installfiles\ccdd.exe |
"{9600AEE7-2C80-4CA5-BABD-421046EE54BE}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\movie\playmovie.exe |
"{9948C400-8AFD-46F8-BD42-21DF310015B7}" = protocol=6 | dir=in | app=c:\program files\trend micro\titanium\uiframework\uiwinmgr.exe |
"{A52A537F-DF20-44B2-84F7-E1E035FB0D14}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ABC91164-2130-4C84-BC49-770893B3D6E5}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{B0A43A75-0CF4-4116-A146-CD14B414CB16}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{B9F6DA38-11DC-4875-A157-699AFEFC7D6C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BE5DDE28-0F3D-462D-93CB-D4D97C047F60}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C2DF4349-56D2-48C8-B7D8-3DB457E24C25}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\mvp\videoplayer.exe |
"{C4D69F71-D894-4217-8495-683926446E3C}" = protocol=58 | dir=out | [email protected],-28546 |
"{C4E18F25-DF8B-49A9-9B5F-0E37541087D2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C6F75EBF-420A-45F4-B3DC-42A5C1A5B762}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{C7C881B6-6801-4042-98E2-BEBD3283DED8}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{CA8FE96F-E9A0-47CB-9E6C-6F4E630BC266}" = protocol=17 | dir=in | app=c:\users\sheets\appdata\local\temp\smallinstaller\installfiles\ccdd.exe |
"{CFF3B8AB-8383-4C33-97AD-3E566AD66CA0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D7038036-84D5-4F5D-8262-9DF813192A51}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{D75D9317-EA2E-4077-B26A-415E40E69EEF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E1EB6898-3220-46A9-98B1-6F4916BE2989}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{E40CD225-B794-490C-A2B0-AFAFB5B7509B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E871DC40-CEA6-4CD5-AF6C-547296F1D4B8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F270764F-72B7-4FBF-A64C-AF57B896F664}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F314FF42-B4BD-4C74-A2C5-33F86B202C93}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{F433F888-8C01-4902-BC59-6E8A378732BC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{23A405DB-F098-4E91-942F-ECAEC00955E3}C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe" = protocol=6 | dir=in | app=c:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe |
"TCP Query User{334F0548-6E3C-45D7-9D34-00866C6A3E48}C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe" = protocol=6 | dir=in | app=c:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe |
"TCP Query User{C095BE40-F130-4D15-B7FB-4BFD1105BB3B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{4BD939EE-E4C3-4AE4-989D-17302134A796}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{CD82926E-C79F-44D8-9503-8B8BF2AE1028}C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe" = protocol=17 | dir=in | app=c:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe |
"UDP Query User{F8941D87-FD73-4D99-8109-15C505FA0D18}C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe" = protocol=17 | dir=in | app=c:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4E8D1AAE-509F-46DE-AAB4-CE9BCABA2D35}" = Acer Instant Update Service
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E015E15-F7AD-3379-523F-AD63C0CB9E71}" = AMD Steady Video Plug-In
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62E6051B-4F18-9268-763B-23E131A0A5B1}" = AMD Media Foundation Decoders
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{73F8D91A-4000-BC49-A0C5-71509805AAAA}" = ccc-utility64
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{842FF751-9CA6-98F0-290E-76C88D735193}" = AMD Accelerated Video Transcoding
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 2.053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium 2012
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{CBD4E655-EFE1-D727-4E9D-6367F8E8FC7C}" = AMD Catalyst Install Manager
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"McAfee Security Scan" = McAfee Security Scan Plus

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D851833-DCBB-6570-7FC6-06D3442A01CB}" = CCC Help Portuguese
"{1E7AA2BF-0E20-5733-0994-111DFDDAF24D}" = CCC Help Turkish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341104EB-D2D9-7C26-E17C-4CBB1B59DA37}" = CCC Help Spanish
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DACCBE2-A1EB-1337-FDEC-B3D277690B22}" = CCC Help Czech
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3F844DE3-A717-AA83-F0BE-E2C940F0A82E}" = CCC Help Japanese
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{45C164A8-E43E-4E1C-B532-C49729ACEDFE}" = Catalyst Control Center - Branding
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{64171C22-95F2-92A1-437C-892DE2A42844}" = CCC Help Hungarian
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68E5134C-10A2-E9B1-3CBB-EDD87FD02354}" = CCC Help Chinese Traditional
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7CF512C3-FF18-9ADA-ECA4-298E73E62F5F}" = CCC Help Chinese Standard
"{7CF7902A-9010-DB73-FBBF-EFB2A0C435F4}" = Catalyst Control Center Localization All
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8246B2BC-A423-3CE6-5F2C-9F1EAAC9ECF0}" = CCC Help Thai
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{86385196-B463-C42A-A486-DA6C0EF81A9C}" = CCC Help Russian
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F421531-ACA0-59BB-95F1-572225B93890}" = CCC Help Italian
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A12AE95E-FF09-F492-845C-23A8F38C784C}" = CCC Help Finnish
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A3471115-7E11-A7A4-0511-F214481F055C}" = CCC Help Swedish
"{A3AD65CC-B2CE-49da-AE4E-CC2ECF4EC0F8}" = clear.fi SDK - MVP 2
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.8) MUI
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{C63B4584-A385-940D-8264-C29D5DAB34E9}" = CCC Help Greek
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C765D9B7-68D8-99F9-E7FE-568784B64141}" = CCC Help Korean
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CBBC93DE-8CDD-0C8C-EA6A-13097E672736}" = CCC Help Polish
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1780C29-BFC4-E32F-2F1E-43E2026F91C7}" = CCC Help Norwegian
"{D1AAA953-E1A7-9970-A384-423E4CEE9180}" = Catalyst Control Center InstallProxy
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45E9A9A-EC6E-4663-57D6-AAC4DA5A2A40}" = CCC Help German
"{DACF12B0-0D50-6F52-5605-396E8C2D3EA1}" = CCC Help Danish
"{DAF7BB88-6392-40aa-A714-8392C4BDBD2C}" = clear.fi SDK- Movie 2
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
"{E9DF7F74-090E-F930-3908-1F060726B653}" = AMD VISION Engine Control Center
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F4070149-9D51-0C31-8CD4-C6A6CE8D6063}" = Catalyst Control Center Graphics Previews Common
"{F537C008-DD88-3898-43E9-BC68460BF38D}" = CCC Help English
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF14AAE0-CA9A-D354-EC92-FCC8796FA691}" = CCC Help Dutch
"{FFF1D557-6EA0-EB44-A7DB-871414FF21AB}" = CCC Help French
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Files Opened" = Files Opened
"Google Chrome" = Google Chrome
"Identity Card" = Identity Card
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"LManager" = Launch Manager
"NSS" = Norton Security Scan
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"RealPlayer 16.0" = RealPlayer
"TubeDimmer" = Tube Dimmer
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0ae96460-9766-4906-adf0-0cf9e9e95769" = Zuma's Revenge
"WTA-0b603e50-b14c-48f4-8fba-4bd9ae221b32" = Jewel Match 3
"WTA-1d6c6e94-45a3-4ee9-bb52-cb62fa37518f" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-1f10e6e8-e314-4f4d-b6ba-52155aa4e49a" = Plants vs. Zombies - Game of the Year
"WTA-2e2da379-fe51-479c-ae28-7d6b01333d3e" = Tales of Lagoona
"WTA-37c886af-7c02-432b-bcb4-cac8f41a9465" = FATE
"WTA-39627212-69fc-496a-b191-7fc5d089a1f2" = Final Drive: Nitro
"WTA-3e27f70e-f606-4c57-8e7b-10024bdb96d8" = Polar Bowler
"WTA-46bd62e6-c47c-4f6c-805b-948d9c7aded7" = Governor of Poker 2 Premium Edition
"WTA-4b92efcf-7eb9-4744-a0d0-7cc6131a56f1" = Bejeweled 3
"WTA-4c46ef4a-8f6f-4dc8-90a0-408c1a6d4100" = Agatha Christie - Death on the Nile
"WTA-57e7fdb4-9142-4b1b-8893-fa30900cd101" = Dora's World Adventure
"WTA-5bd2cf05-61dd-4f4e-8a57-65b876fc36f7" = Cradle of Rome 2
"WTA-764c195c-5edb-4945-8fd6-b89f58eaf1a8" = Penguins!
"WTA-df02ec97-e243-4df5-a49e-8c2ebf1f3a11" = Polar Golfer
"WTA-e17315ed-3520-4ad3-8853-9f65f7b6f77e" = Chuzzle Deluxe
"WTA-e33c70ec-fa62-4f31-9eb4-0f8aa34b76f3" = Torchlight
"WTA-fdc103aa-9c13-4575-85bd-a18518a261f3" = Chronicles of Albian
"WTA-fedd8730-9a69-459a-8096-d9bf8c8d7d5d" = Virtual Villagers 5 - New Believers

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8031433C-19AA-43EE-9EA3-D057E226CB8A}" = FindWide.com
"Consumer Input Software" = Consumer Input Software (remove only)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/4/2013 11:43:20 PM | Computer Name = Sheets-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SendoriSvc.exe, version: 2.0.16.0, time
stamp: 0x52530d8e Faulting module name: DynLib.dll, version: 2.0.16.0, time stamp:
0x52530d81 Exception code: 0xc0000005 Fault offset: 0x000119a4 Faulting process id:
0x1738 Faulting application start time: 0x01cef16c1232c017 Faulting application path:
C:\Program Files (x86)\Sendori\SendoriSvc.exe Faulting module path: C:\Program Files
(x86)\Sendori\DynLib.dll Report Id: 61e4568b-5d5f-11e3-bc89-b815526c780c

Error - 12/4/2013 11:44:51 PM | Computer Name = Sheets-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SendoriSvc.exe, version: 2.0.16.0, time
stamp: 0x52530d8e Faulting module name: DynLib.dll, version: 2.0.16.0, time stamp:
0x52530d81 Exception code: 0xc0000005 Fault offset: 0x000119a4 Faulting process id:
0x107c Faulting application start time: 0x01cef16c4854beec Faulting application path:
C:\Program Files (x86)\Sendori\SendoriSvc.exe Faulting module path: C:\Program Files
(x86)\Sendori\DynLib.dll Report Id: 97ffa694-5d5f-11e3-bc89-b815526c780c

Error - 12/4/2013 11:46:22 PM | Computer Name = Sheets-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SendoriSvc.exe, version: 2.0.16.0, time
stamp: 0x52530d8e Faulting module name: DynLib.dll, version: 2.0.16.0, time stamp:
0x52530d81 Exception code: 0xc0000005 Fault offset: 0x000119a4 Faulting process id:
0x1fe4 Faulting application start time: 0x01cef16c7e683ef1 Faulting application path:
C:\Program Files (x86)\Sendori\SendoriSvc.exe Faulting module path: C:\Program Files
(x86)\Sendori\DynLib.dll Report Id: ce1c5601-5d5f-11e3-bc89-b815526c780c

Error - 12/4/2013 11:47:53 PM | Computer Name = Sheets-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SendoriSvc.exe, version: 2.0.16.0, time
stamp: 0x52530d8e Faulting module name: DynLib.dll, version: 2.0.16.0, time stamp:
0x52530d81 Exception code: 0xc0000005 Fault offset: 0x000119a4 Faulting process id:
0x1de8 Faulting application start time: 0x01cef16cb4aecd26 Faulting application path:
C:\Program Files (x86)\Sendori\SendoriSvc.exe Faulting module path: C:\Program Files
(x86)\Sendori\DynLib.dll Report Id: 0459faf7-5d60-11e3-bc89-b815526c780c

Error - 12/4/2013 11:48:23 PM | Computer Name = Sheets-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SET2914.tmp, version: 11.0.0.28844, time
stamp: 0x4250bcf6 Faulting module name: SET2914.tmp, version: 11.0.0.28844, time
stamp: 0x4250bcf6 Exception code: 0xc0000005 Fault offset: 0x0000742e Faulting process
id: 0x1b4c Faulting application start time: 0x01cef16cd8a93c75 Faulting application
path: C:\Users\Sheets\AppData\Local\Temp\SET2914.tmp Faulting module path: C:\Users\Sheets\AppData\Local\Temp\SET2914.tmp
Report
Id: 166670f7-5d60-11e3-bc89-b815526c780c

Error - 12/4/2013 11:48:32 PM | Computer Name = Sheets-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SET4BDF.tmp, version: 11.0.0.28844, time
stamp: 0x4250bcf6 Faulting module name: SET4BDF.tmp, version: 11.0.0.28844, time
stamp: 0x4250bcf6 Exception code: 0xc0000005 Fault offset: 0x0000742e Faulting process
id: 0x1308 Faulting application start time: 0x01cef16cddf86e30 Faulting application
path: C:\Users\Sheets\AppData\Local\Temp\SET4BDF.tmp Faulting module path: C:\Users\Sheets\AppData\Local\Temp\SET4BDF.tmp
Report
Id: 1bb80413-5d60-11e3-bc89-b815526c780c

Error - 12/4/2013 11:48:38 PM | Computer Name = Sheets-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SET646E.tmp, version: 11.0.0.28844, time
stamp: 0x4250bcf6 Faulting module name: SET646E.tmp, version: 11.0.0.28844, time
stamp: 0x4250bcf6 Exception code: 0xc0000005 Fault offset: 0x0000742e Faulting process
id: 0x1d9c Faulting application start time: 0x01cef16ce1abd1dc Faulting application
path: C:\Users\Sheets\AppData\Local\Temp\SET646E.tmp Faulting module path: C:\Users\Sheets\AppData\Local\Temp\SET646E.tmp
Report
Id: 1f64439e-5d60-11e3-bc89-b815526c780c

Error - 12/4/2013 11:48:45 PM | Computer Name = Sheets-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SET7D99.tmp, version: 11.0.0.28844, time
stamp: 0x4250bcf6 Faulting module name: SET7D99.tmp, version: 11.0.0.28844, time
stamp: 0x4250bcf6 Exception code: 0xc0000005 Fault offset: 0x0000742e Faulting process
id: 0x1ad8 Faulting application start time: 0x01cef16ce58a0e4e Faulting application
path: C:\Users\Sheets\AppData\Local\Temp\SET7D99.tmp Faulting module path: C:\Users\Sheets\AppData\Local\Temp\SET7D99.tmp
Report
Id: 2344e16f-5d60-11e3-bc89-b815526c780c

Error - 12/4/2013 11:49:26 PM | Computer Name = Sheets-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SendoriSvc.exe, version: 2.0.16.0, time
stamp: 0x52530d8e Faulting module name: DynLib.dll, version: 2.0.16.0, time stamp:
0x52530d81 Exception code: 0xc0000005 Fault offset: 0x000119a4 Faulting process id:
0x1584 Faulting application start time: 0x01cef16cec750e18 Faulting application path:
C:\Program Files (x86)\Sendori\SendoriSvc.exe Faulting module path: C:\Program Files
(x86)\Sendori\DynLib.dll Report Id: 3c2b8688-5d60-11e3-bc89-b815526c780c

Error - 12/4/2013 11:50:03 PM | Computer Name = Sheets-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SETADCD.tmp, version: 11.0.0.28844, time
stamp: 0x4250bcf6 Faulting module name: SETADCD.tmp, version: 11.0.0.28844, time
stamp: 0x4250bcf6 Exception code: 0xc0000005 Fault offset: 0x0000742e Faulting process
id: 0x89c Faulting application start time: 0x01cef16d13fc07bc Faulting application
path: C:\Users\Sheets\AppData\Local\Temp\SETADCD.tmp Faulting module path: C:\Users\Sheets\AppData\Local\Temp\SETADCD.tmp
Report
Id: 51b93c3e-5d60-11e3-bc89-b815526c780c

[ SendoriLogs Events ]
Error - 12/5/2013 1:24:41 AM | Computer Name = Sheets-PC | Source = SendoriLog | ID = 99
Description = on service stopRetrieving the COM class factory for component with
CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error:
80070424.

[ System Events ]
Error - 12/13/2013 5:21:04 AM | Computer Name = Sheets-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 252.

Error - 12/19/2013 10:19:58 PM | Computer Name = Sheets-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 252.

Error - 12/19/2013 10:19:58 PM | Computer Name = Sheets-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 252.

Error - 12/19/2013 10:19:58 PM | Computer Name = Sheets-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 252.

Error - 12/19/2013 10:19:58 PM | Computer Name = Sheets-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 252.

Error - 12/19/2013 10:19:59 PM | Computer Name = Sheets-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 252.

Error - 12/19/2013 10:19:59 PM | Computer Name = Sheets-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 252.

Error - 12/19/2013 10:19:59 PM | Computer Name = Sheets-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 252.

Error - 12/19/2013 10:20:00 PM | Computer Name = Sheets-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 252.

Error - 12/23/2013 10:46:52 PM | Computer Name = Sheets-PC | Source = DCOM | ID = 10010
Description =


< End of report >
  • 0

#4
pystryker
Posted 02 January 2014 - 10:07 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Ok, thank you. :) I'll get to work on this immediately. :thumbsup:
  • 0

#5
pystryker
Posted 03 January 2014 - 06:40 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello, we have some work to do, so let's get started. :)



Step 1: Change Chrome's Homepage and Disable Plugins


We need to change your homepage in Chrome. Please follow the instructions below.

  • Open Chrome and type this in the address bar: chrome:settings
  • When the Settings page opens, look under On Startup and then click Open a specific set of pages and click Set Pages
  • When the window opens, type in any page you wish as your new start page.
  • Once you have typed in your new home page, close the window.


Disable Chrome Plugins

There are some plugins in Chrome that need to be disabled, please follow the instructions below to disable them.

Start Chrome and type this into the address bar: chrome:plugins

This will display a page of all the installed plugins. Please disable the plugins in the list below by clicking the word Disable under each one.

If one of the plugins I've asked you to remove is not in the list, don't worry about it. Just move to the next one in the list. :)

Items to Disable

npAPI Ghost

npAPI Plugin



Step 2: Program Uninstalls


Please uninstall the following programs from the computer. If one of the program on the list doesn't appear in the Installed Programs, don't worry about it and move on to the next one.

Yontoo 2.053

Tube Dimmer

Findwide


Step 3: OTL Fix


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)

  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

Posted Image

:Commands
[createrestorepoint]

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=04/12/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.findwi...6CB8A}&serpv=22
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=04/12/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=04/12/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://search.findwide.com/?guid={ [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=04/12/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=04/12/2013
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=04/12/2013
IE - HKCU\..\SearchScopes\547FC3B25EFA415F8D5CE62D2D036DFB: "URL" = http://search.findwi...k={searchTerms}
FF - HKCU\Software\MozillaPlugins\@tightropeinteractive.com/Plugin: C:\Users\Sheets\AppData\Local\TNT2\2.0.0.1663\npTNT2.dll (Findwide)
FF - HKCU\Software\MozillaPlugins\@tnt2ghost.com/Plugin: C:\Users\Sheets\AppData\Local\TNT2\2.0.0.1663\npTNT2ghost.dll (Findwide)
[2013/12/05 20:35:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sheets\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]
O2 - BHO: (Tube Dimmer) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\TubeDimmer\IE\common.dll (Creative Island Media, LLC)
O2 - BHO: (MyWordTool) - {45470599-8237-486D-87B5-E89CD6AED154} - C:\Users\Sheets\AppData\Roaming\MyWordTool\temp.dat File not found
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Consumer Input\dca-bho.dll (Compete, Inc.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - {503984BC-61A4-4C3C-A69E-FDAFC8D09934} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:HKU - HKCU\..\Toolbar\WebBrowser: (FindWide Toolbar) - {503984BC-61A4-4C3C-A69E-FDAFC8D09934} - C:\Users\Sheets\AppData\Local\TNT2\Profiles\10743\passport.dll (Findwide)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: nearlovingsbend.net ([www] http in Trusted sites)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261070~1.41\{c16c1~1\browse~1.dll) - File not found
O33 - MountPoints2\{7e4d1cbc-a9ae-11e1-958d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\ShelExec.exe index.html
[2013/12/04 22:13:46 | 000,000,000 | ---D | C] -- C:\Users\Sheets\Desktop\Documents\Mobogenie
[2013/12/04 22:13:46 | 000,000,000 | ---D | C] -- C:\Users\Sheets\AppData\Local\Mobogenie
[2013/12/04 22:11:46 | 000,000,000 | ---D | C] -- C:\Users\Sheets\AppData\Local\SwvUpdater
[2013/12/04 22:01:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maximum Converter
[2013/12/04 22:00:34 | 000,000,000 | ---D | C] -- C:\Users\Sheets\AppData\Local\SearchProtect
[2013/12/04 21:59:58 | 000,000,000 | ---D | C] -- C:\Users\Sheets\AppData\Local\VisualBeeClient
[2013/12/04 21:59:15 | 000,000,000 | ---D | C] -- C:\Users\Sheets\AppData\Local\VisualBeeExe
[2013/12/04 21:58:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ViewPassword
[2013/12/04 21:58:45 | 000,000,000 | ---D | C] -- C:\Users\Sheets\AppData\Local\GreatArcadeHits
[2013/12/04 21:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\TubeDimmer
[2013/12/04 21:22:18 | 000,000,000 | ---D | C] -- C:\Users\Sheets\AppData\Roaming\MyWordTool
[2013/12/04 21:22:10 | 000,000,000 | ---D | C] -- C:\Users\Sheets\AppData\Local\TNT2
[2013/12/04 22:00:36 | 000,000,000 | ---- | M] () -- C:\END
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:07F6D9E4

:Files
C:\Users\Sheets\AppData\Roaming\Yontoo
C:\Program Files (x86)\Yontoo
C:\Users\Sheets\AppData\Local\TNT2
C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjllbogbaogimpilgdginhalhhbmhiob
C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb
C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c

:Commands
[emptytemp]
[resethosts]


  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.



Step 3: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


Posted Image

  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
  • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
This report is also saved at C:\AdwCleaner[R0].txt


Step 4: Junkware Removal Tool


Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Step 5: OTL Quick Scan


  • Start OTL and this time click the Quick Scan button
  • OTL will scan your system and produce one log when finished.
  • Please post that log in your next reply.


Things I need to see in your next post:

OTL Fix Log

AdwCleaner Log

Junkware Removal Tool Log

OTL Quick Scan Log

How is the computer running now?
  • 0

#6
robkbriggs
Posted 03 January 2014 - 01:20 PM

robkbriggs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
Hello,

The three programs do not want to uninstall. Tube Dimmer and Findwide both do nothing when I try to unistall them, and the Yontoo program comes back with

C:\PROGRA~3\TARMAI~1\{889DF~1\Setup.dat

Error 2 While loading archive:
The system cannot find the file specified

Would you like me to continue on to the OTL Fix, or do we want to get these programs uninstalled first?

Thanks,
Rob
  • 0

#7
pystryker
Posted 03 January 2014 - 01:23 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello :)

Go ahead and proceed with the rest of the steps. :thumbsup:
  • 0

#8
robkbriggs
Posted 03 January 2014 - 02:39 PM

robkbriggs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
Will do, I'll report back this afternoon.
  • 0

#9
pystryker
Posted 03 January 2014 - 04:19 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

Will do, I'll report back this afternoon.


:thumbsup:
  • 0

#10
robkbriggs
Posted 03 January 2014 - 08:59 PM

robkbriggs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
Okay,
Got all of that done.

OTL Fix Log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tightropeinteractive.com/Plugin\ deleted successfully.
C:\Users\Sheets\AppData\Local\TNT2\2.0.0.1663\npTNT2.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tnt2ghost.com/Plugin\ deleted successfully.
C:\Users\Sheets\AppData\Local\TNT2\2.0.0.1663\npTNT2ghost.dll moved successfully.
C:\Users\Sheets\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\Sheets\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Sheets\AppData\Roaming\Mozilla\Firefox\extensions\[email protected] folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}\ deleted successfully.
C:\ProgramData\TubeDimmer\IE\common.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45470599-8237-486D-87B5-E89CD6AED154}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45470599-8237-486D-87B5-E89CD6AED154}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}\ deleted successfully.
C:\Program Files (x86)\Consumer Input\dca-bho.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
C:\Program Files (x86)\Yontoo\YontooIEClient.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{503984BC-61A4-4C3C-A69E-FDAFC8D09934} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{503984BC-61A4-4C3C-A69E-FDAFC8D09934}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{503984BC-61A4-4C3C-A69E-FDAFC8D09934}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nearlovingsbend.net\www\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\browse~1\261070~1.41\{c16c1~1\browse~1.dll deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e4d1cbc-a9ae-11e1-958d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e4d1cbc-a9ae-11e1-958d-806e6f6e6963}\ not found.
File D:\ShelExec.exe index.html not found.
C:\Users\Sheets\Desktop\Documents\Mobogenie folder moved successfully.
C:\Users\Sheets\AppData\Local\Mobogenie\Version\OldVersion folder moved successfully.
C:\Users\Sheets\AppData\Local\Mobogenie\Version\NewVersion folder moved successfully.
C:\Users\Sheets\AppData\Local\Mobogenie\Version\CacheVersion folder moved successfully.
C:\Users\Sheets\AppData\Local\Mobogenie\Version folder moved successfully.
C:\Users\Sheets\AppData\Local\Mobogenie\driver folder moved successfully.
C:\Users\Sheets\AppData\Local\Mobogenie\Download\Video folder moved successfully.
C:\Users\Sheets\AppData\Local\Mobogenie\Download\Picture folder moved successfully.
C:\Users\Sheets\AppData\Local\Mobogenie\Download\Music folder moved successfully.
C:\Users\Sheets\AppData\Local\Mobogenie\Download\Apk folder moved successfully.
C:\Users\Sheets\AppData\Local\Mobogenie\Download folder moved successfully.
C:\Users\Sheets\AppData\Local\Mobogenie\device folder moved successfully.
C:\Users\Sheets\AppData\Local\Mobogenie\Data folder moved successfully.
C:\Users\Sheets\AppData\Local\Mobogenie\backup folder moved successfully.
C:\Users\Sheets\AppData\Local\Mobogenie folder moved successfully.
C:\Users\Sheets\AppData\Local\SwvUpdater folder moved successfully.
C:\Program Files (x86)\Maximum Converter folder moved successfully.
C:\Users\Sheets\AppData\Local\SearchProtect\SearchProtect\rep folder moved successfully.
C:\Users\Sheets\AppData\Local\SearchProtect\SearchProtect\Logs folder moved successfully.
C:\Users\Sheets\AppData\Local\SearchProtect\SearchProtect folder moved successfully.
C:\Users\Sheets\AppData\Local\VisualBeeClient\Domain folder moved successfully.
C:\Users\Sheets\AppData\Local\VisualBeeClient folder moved successfully.
C:\Users\Sheets\AppData\Local\VisualBeeExe\GuideFiles folder moved successfully.
C:\Users\Sheets\AppData\Local\VisualBeeExe\Dic-Eng folder moved successfully.
C:\Users\Sheets\AppData\Local\VisualBeeExe folder moved successfully.
C:\Program Files (x86)\ViewPassword folder moved successfully.
C:\Users\Sheets\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content folder moved successfully.
C:\Users\Sheets\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome folder moved successfully.
C:\Users\Sheets\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49} folder moved successfully.
C:\Users\Sheets\AppData\Local\GreatArcadeHits folder moved successfully.
C:\ProgramData\TubeDimmer\IE folder moved successfully.
C:\ProgramData\TubeDimmer\Firefox\chrome\content folder moved successfully.
C:\ProgramData\TubeDimmer\Firefox\chrome folder moved successfully.
C:\ProgramData\TubeDimmer\Firefox folder moved successfully.
C:\ProgramData\TubeDimmer\Chrome\unzip folder moved successfully.
C:\ProgramData\TubeDimmer\Chrome folder moved successfully.
C:\ProgramData\TubeDimmer folder moved successfully.
C:\Users\Sheets\AppData\Roaming\MyWordTool folder moved successfully.
C:\Users\Sheets\AppData\Local\TNT2\Profiles\10743 folder moved successfully.
C:\Users\Sheets\AppData\Local\TNT2\Profiles folder moved successfully.
C:\Users\Sheets\AppData\Local\TNT2\Common folder moved successfully.
C:\Users\Sheets\AppData\Local\TNT2\2.0.0.1663 folder moved successfully.
C:\Users\Sheets\AppData\Local\TNT2 folder moved successfully.
C:\END moved successfully.
ADS C:\ProgramData\Temp:07F6D9E4 deleted successfully.
========== FILES ==========
C:\Users\Sheets\AppData\Roaming\Yontoo\dat\update folder moved successfully.
C:\Users\Sheets\AppData\Roaming\Yontoo\dat folder moved successfully.
Folder move failed. C:\Users\Sheets\AppData\Roaming\Yontoo scheduled to be moved on reboot.
C:\Program Files (x86)\Yontoo folder moved successfully.
File\Folder C:\Users\Sheets\AppData\Local\TNT2 not found.
C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjllbogbaogimpilgdginhalhhbmhiob\1.25.6_0\icons\actions folder moved successfully.
C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjllbogbaogimpilgdginhalhhbmhiob\1.25.6_0\icons folder moved successfully.
C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjllbogbaogimpilgdginhalhhbmhiob\1.25.6_0\extensionData folder moved successfully.
C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjllbogbaogimpilgdginhalhhbmhiob\1.25.6_0 folder moved successfully.
C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjllbogbaogimpilgdginhalhhbmhiob folder moved successfully.
C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.43_0 folder moved successfully.
C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb folder moved successfully.
C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_1 folder moved successfully.
C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc folder moved successfully.
C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0 folder moved successfully.
C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh folder moved successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Sheets\Desktop\cmd.bat deleted successfully.
C:\Users\Sheets\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\Sheets\Desktop\cmd.bat deleted successfully.
C:\Users\Sheets\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Sheets
->Temp folder emptied: 73207158 bytes
->Temporary Internet Files folder emptied: 3854438598 bytes
->Google Chrome cache emptied: 195541010 bytes
->Apple Safari cache emptied: 71930880 bytes
->Flash cache emptied: 216573 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1906480 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 960207890 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95202 bytes
RecycleBin emptied: 657701536 bytes

Total Files Cleaned = 5,546.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 01032014_202627

Files\Folders moved on Reboot...
C:\Users\Sheets\AppData\Roaming\Yontoo folder moved successfully.
C:\Users\Sheets\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Sheets\AppData\Local\Temp\MMDUtl.log moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\LMutilps32.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


AdwCleaner Log

# AdwCleaner v3.016 - Report created 03/01/2014 at 20:41:50
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sheets - SHEETS-PC
# Running from : C:\Users\Sheets\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Yontoo Desktop Updater

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\w3i
Folder Deleted : C:\Program Files (x86)\goforfiles
Folder Deleted : C:\Program Files (x86)\internethelper3.1
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Users\Sheets\AppData\Local\apn
Folder Deleted : C:\Users\Sheets\AppData\Local\Searchprotect
Folder Deleted : C:\Users\Sheets\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Sheets\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Sheets\AppData\LocalLow\internethelper3.1
Folder Deleted : C:\Users\Sheets\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Sheets\AppData\Roaming\DealPly
Folder Deleted : C:\Users\Sheets\AppData\Roaming\goforfiles
Folder Deleted : C:\Users\Sheets\AppData\Roaming\strongvault
Folder Deleted : C:\Users\Sheets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Deleted : C:\Users\Sheets\Desktop\Documents\PC Health Kit
File Deleted : C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ojcgaoafcmbadjkfdippkdddgkeaipbn_0.localstorage

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-api.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor
Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1
Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca
Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca.1
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bho
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Deal Vault_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Deal Vault_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\deal vault-bg_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\deal vault-bg_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Deal Vault-InternalInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Deal Vault-InternalInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKCU\Software\f68b88b73dec47
Key Deleted : HKLM\SOFTWARE\f68b88b73dec47
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3101810
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_zineth_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_zineth_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DBBBC528-9C8C-4051-9187-ED6F01A457C9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C8758BC4-4581-48C7-BA38-C1A650477AE9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\CompeteInc
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\GoforFiles
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [13232 octets] - [03/01/2014 20:40:36]
AdwCleaner[S0].txt - [12774 octets] - [03/01/2014 20:41:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12835 octets] ##########



JRT Log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Home Premium x64
Ran by Sheets on Fri 01/03/2014 at 20:44:42.79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dynconie.dynconieobject
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dynconie.dynconieobject.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1700485059-1765992052-1143048148-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111981166}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111981166}



~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\regwork.job



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\regwork"
Successfully deleted: [Folder] "C:\Program Files (x86)\consumer input"
Successfully deleted: [Folder] "C:\Program Files (x86)\regwork"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Sheets\appdata\local\{034B0D7F-5ED5-4D92-B01A-1528A50B9607}
Successfully deleted: [Empty Folder] C:\Users\Sheets\appdata\local\{046B6BD9-633F-498C-9EFE-052CAE71CA37}
Successfully deleted: [Empty Folder] C:\Users\Sheets\appdata\local\{14E3AFF8-3D53-4ED8-B00D-581F743FDEA5}
Successfully deleted: [Empty Folder] C:\Users\Sheets\appdata\local\{167BEDCC-968C-432C-AB7C-DC8C2800F8EF}
Successfully deleted: [Empty Folder] C:\Users\Sheets\appdata\local\{20464750-893D-477E-97E2-45E29F8259A5}
Successfully deleted: [Empty Folder] C:\Users\Sheets\appdata\local\{2FE12CB6-2166-40B7-92FE-50AF77156E81}
Successfully deleted: [Empty Folder] C:\Users\Sheets\appdata\local\{34DA781E-0B51-4819-92AF-DD173430D520}
Successfully deleted: [Empty Folder] C:\Users\Sheets\appdata\local\{410769F0-E326-4D95-845E-26F349CAF4EB}
Successfully deleted: [Empty Folder] C:\Users\Sheets\appdata\local\{43FA3CBC-7A50-4096-9416-6796AF01E7B2}
Successfully deleted: [Empty Folder] C:\Users\Sheets\appdata\local\{46061BF2-11F9-4728-BF7A-9177DD9EB2C2}
Successfully deleted: [Empty Folder] C:\Users\Sheets\appdata\local\{4644E34F-78A0-458B-B12C-E77722006816}
Successfully deleted: [Empty Folder] C:\Users\Sheets\appdata\local\{4B12D271-00DA-4C22-A62F-842A14C2797E}
Successfully deleted: [Empty Folder] C:\Users\Sheets\appdata\local\{502799C1-0C31-4D26-B8FB-240FD8695347}
Successfully deleted: [Empty Folder] C:\Users\Sheets\appdata\local\{6387A264-3909-4559-A0F6-6DFB1F557A69}
Successfully deleted: [Empty Folder] C:\Users\Sheets\appdata\local\{63E1A45E-0558-40A2-BF81-DCF682442D3C}
Successfully deleted: [Empty Folder] C:\Users\Sheets\appdata\local\{737624CA-D9BD-4646-AD11-44C0FC6DD739}
Successfully deleted: [Empty Folder] C:\Users\Sheets\appdata\local\{80503743-A242-4F5A-AABF-6103BCECDC41}
Successfully deleted: [Empty Folder] C:\Users\Sheets\appdata\local\{80FB28CD-1172-4887-B466-2CFAD10B456B}
Successfully deleted: [Empty Folder] C:\Users\Sheets\appdata\local\{94463966-6587-450E-B05B-1A58D83BD825}
Successfully deleted: [Empty Folder] C:\Users\Sheets\appdata\local\{94B842CA-2427-4FD0-8973-073C48C655DA}
Successfully deleted: [Empty Folder] C:\Users\Sheets\appdata\local\{983B9460-0D92-4DA7-882D-DC08308E165A}
Successfully deleted: [Empty Folder] C:\Users\Sheets\appdata\local\{9D0B2E84-CB8B-4047-9FBB-CB6081A1CCD5}
Successfully deleted: [Empty Folder] C:\Users\Sheets\appdata\local\{BC9377B5-950B-465C-98B9-FB43E38C8A23}
Successfully deleted: [Empty Folder] C:\Users\Sheets\appdata\local\{CB0B0D03-2999-4355-9961-08316F80A04C}
Successfully deleted: [Empty Folder] C:\Users\Sheets\appdata\local\{D2EC825B-3815-4422-833B-879C4D0381EF}
Successfully deleted: [Empty Folder] C:\Users\Sheets\appdata\local\{D6614ED6-5E02-4F42-8B3E-E013CA885817}
Successfully deleted: [Empty Folder] C:\Users\Sheets\appdata\local\{D67E307E-26B0-40A8-B2FC-50049B0F2C30}
Successfully deleted: [Empty Folder] C:\Users\Sheets\appdata\local\{D8E46A79-1B4F-4050-BEA6-7344443E5CD7}
Successfully deleted: [Empty Folder] C:\Users\Sheets\appdata\local\{DDD52863-C294-49E2-82AC-E0CC40110DF6}
Successfully deleted: [Empty Folder] C:\Users\Sheets\appdata\local\{DE761742-88F6-4751-8432-B46ED49E23A2}
Successfully deleted: [Empty Folder] C:\Users\Sheets\appdata\local\{ECBBD189-311B-4516-9B0D-C28401D0BD18}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/03/2014 at 20:52:50.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


OTL Quick Scan Log

OTL logfile created on: 1/3/2014 8:55:02 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sheets\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 66.49% Memory free
6.95 Gb Paging File | 5.54 Gb Available in Paging File | 79.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.66 Gb Total Space | 396.42 Gb Free Space | 88.55% Space Free | Partition Type: NTFS

Computer Name: SHEETS-PC | User Name: Sheets | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/02 12:59:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sheets\Desktop\OTL.exe
PRC - [2013/09/21 14:50:14 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/09/02 14:35:59 | 000,829,392 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/08/14 14:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/23 03:33:48 | 000,419,408 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2012/03/23 03:33:46 | 000,355,920 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2012/03/23 03:33:46 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2012/03/23 03:33:44 | 001,105,488 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2012/02/29 07:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2012/01/05 15:22:10 | 000,256,536 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/02 14:35:56 | 000,410,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppgooglenaclpluginchrome.dll
MOD - [2013/09/02 14:35:54 | 004,053,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll
MOD - [2013/09/02 14:35:04 | 000,709,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
MOD - [2013/09/02 14:35:03 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libegl.dll
MOD - [2013/09/02 14:35:01 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2013/11/26 03:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/09/06 11:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/29 00:41:26 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/02/07 18:53:48 | 000,871,296 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2012/02/06 18:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/12/23 20:39:58 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 18:41:08 | 000,240,736 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/08/14 14:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/05/29 11:28:01 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/03/23 03:33:46 | 000,355,920 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2012/02/29 07:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2012/01/05 15:22:10 | 000,256,536 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/24 21:01:12 | 000,107,048 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2012/09/24 21:00:36 | 000,077,184 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2012/09/24 21:00:00 | 000,173,504 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/29 01:01:58 | 010,819,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/02/28 23:41:08 | 000,328,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/02/07 05:01:00 | 003,538,432 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/02/07 00:03:06 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2012/02/07 00:03:06 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2012/01/31 22:54:56 | 000,031,872 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd)
DRV:64bit: - [2012/01/13 02:05:56 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/12/05 01:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/10/25 09:16:46 | 000,219,776 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/10/25 09:16:46 | 000,102,528 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/08/02 14:33:16 | 000,105,744 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2011/07/13 23:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/13 23:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...D&ocid=U147DDHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{203B2710-1CE1-4635-B762-C84DA7DC576B}: "URL" = http://search.yahoo....petb&type=10743
IE - HKCU\..\SearchScopes\{CBFDE2B3-738B-43FB-A7C8-A1452645F66E}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\547FC3B25EFA415F8D5CE62D2D036DFB: "URL" = http://search.findwi...k={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension [2013/12/05 20:35:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2013/12/05 20:34:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/21 14:50:59 | 000,000,000 | ---D | M]

[2013/12/05 20:35:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sheets\AppData\Roaming\Mozilla\Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: FindWide (Enabled)
CHR - default_search_provider: search_url = http://search.findwi...k={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: npAPI Plugin (Disabled) = C:\Users\Sheets\AppData\Local\TNT2\2.0.0.1663\npTNT2.dll
CHR - plugin: npAPI Ghost Plugin (Disabled) = C:\Users\Sheets\AppData\Local\TNT2\2.0.0.1663\npTNT2ghost.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Google Docs = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Google Drive = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: RealDownloader = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: Google Wallet = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

O1 HOSTS File: ([2014/01/03 20:31:56 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O3 - HKLM\..\Toolbar: (no name) - {503984BC-61A4-4C3C-A69E-FDAFC8D09934} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {503984BC-61A4-4C3C-A69E-FDAFC8D09934} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B1795718-5055-4E08-A010-42D54443B441} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BB45EF8E-1E36-4535-A017-EC908FB1E335} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6479D562-7292-4C80-888A-6A3EF5D8C9B4}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/07/21 21:13:47 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/03 20:44:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/03 20:40:34 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/03 20:39:55 | 001,036,305 | ---- | C] (Thisisu) -- C:\Users\Sheets\Desktop\JRT.exe
[2014/01/03 20:26:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/02 12:59:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sheets\Desktop\OTL.exe
[2013/12/23 20:41:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/12/23 20:40:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/12/19 23:33:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/12/19 23:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/12/19 23:27:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2013/12/19 23:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/12/19 23:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/12/19 20:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2013/12/19 20:56:56 | 002,212,176 | ---- | C] (ELAN Microelectronics Corp.) -- C:\Windows\ETDUninst.dll
[2013/12/19 20:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/12/19 20:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2013/12/05 20:25:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/12/04 22:13:48 | 000,000,000 | ---D | C] -- C:\Users\Sheets\.android
[2013/12/04 22:13:47 | 000,000,000 | ---D | C] -- C:\Users\Sheets\AppData\Local\cache
[2013/12/04 22:13:46 | 000,000,000 | ---D | C] -- C:\Users\Sheets\AppData\Roaming\newnext.me
[2013/12/04 21:21:23 | 000,000,000 | ---D | C] -- C:\Users\Sheets\AppData\Roaming\Mozilla

========== Files - Modified Within 30 Days ==========

[2014/01/03 20:53:10 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/03 20:52:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/03 20:50:25 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/03 20:50:25 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/03 20:42:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/03 20:42:49 | 2800,771,072 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/03 20:40:03 | 001,036,305 | ---- | M] (Thisisu) -- C:\Users\Sheets\Desktop\JRT.exe
[2014/01/03 20:38:53 | 001,233,962 | ---- | M] () -- C:\Users\Sheets\Desktop\adwcleaner.exe
[2014/01/03 20:31:56 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/01/03 20:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/02 12:59:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sheets\Desktop\OTL.exe
[2014/01/01 12:24:14 | 000,000,454 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Sheets.job
[2013/12/23 20:41:43 | 000,002,263 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/20 22:49:40 | 000,152,268 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/12/19 23:33:54 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/12/19 23:27:39 | 000,002,515 | ---- | M] () -- C:\Users\Sheets\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2013/12/19 23:27:39 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2013/12/19 23:09:31 | 000,001,095 | ---- | M] () -- C:\Users\Sheets\Desktop\Documents\Documents - Shortcut.lnk
[2013/12/19 20:42:03 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/12/19 20:42:03 | 000,001,935 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/12/12 12:45:00 | 000,798,046 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/12 12:45:00 | 000,674,044 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/12 12:45:00 | 000,126,220 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/11 21:58:16 | 000,364,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2014/01/03 20:38:44 | 001,233,962 | ---- | C] () -- C:\Users\Sheets\Desktop\adwcleaner.exe
[2013/12/23 20:41:43 | 000,002,263 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/23 20:40:51 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/23 20:40:44 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/20 22:49:40 | 000,152,268 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/12/19 23:33:54 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/12/19 23:27:39 | 000,002,515 | ---- | C] () -- C:\Users\Sheets\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2013/12/19 23:27:39 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2013/12/19 23:27:39 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2013/12/19 23:09:31 | 000,001,095 | ---- | C] () -- C:\Users\Sheets\Desktop\Documents\Documents - Shortcut.lnk
[2013/12/03 17:45:05 | 000,786,624 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/27 19:59:49 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2013/01/21 03:54:24 | 000,007,605 | ---- | C] () -- C:\Users\Sheets\AppData\Local\Resmon.ResmonCfg
[2012/09/03 15:37:03 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/05/29 11:22:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/03/19 11:26:44 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/19 11:26:44 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/19 11:26:43 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/02/29 14:57:48 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/30 22:06:44 | 000,000,000 | ---D | M] -- C:\Users\Sheets\AppData\Roaming\Atari
[2013/02/28 16:34:44 | 000,000,000 | ---D | M] -- C:\Users\Sheets\AppData\Roaming\clear.fiMVPSDK20
[2013/09/29 22:57:25 | 000,000,000 | ---D | M] -- C:\Users\Sheets\AppData\Roaming\FloodLightGames
[2013/10/01 21:26:23 | 000,000,000 | ---D | M] -- C:\Users\Sheets\AppData\Roaming\Free Download Manager
[2013/09/26 23:58:04 | 000,000,000 | ---D | M] -- C:\Users\Sheets\AppData\Roaming\iWing
[2012/09/05 17:18:59 | 000,000,000 | ---D | M] -- C:\Users\Sheets\AppData\Roaming\Leadertech
[2013/12/04 23:11:53 | 000,000,000 | ---D | M] -- C:\Users\Sheets\AppData\Roaming\newnext.me
[2012/09/02 20:28:21 | 000,000,000 | ---D | M] -- C:\Users\Sheets\AppData\Roaming\Screensaver
[2012/09/03 19:26:42 | 000,000,000 | ---D | M] -- C:\Users\Sheets\AppData\Roaming\WildTangent
[2012/09/03 18:40:52 | 000,000,000 | ---D | M] -- C:\Users\Sheets\AppData\Roaming\Windows Live Writer
[2013/09/27 06:32:54 | 000,000,000 | ---D | M] -- C:\Users\Sheets\AppData\Roaming\YoudaGames

========== Purity Check ==========



< End of report >


Thanks,
Rob
  • 0

Advertisements

#11
pystryker
Posted 04 January 2014 - 11:23 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
:thumbsup: I've submitted what I want to do next for approval. As soon as I get that, I'll post it for you. :)
  • 0

#12
robkbriggs
Posted 04 January 2014 - 06:40 PM

robkbriggs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
Great, Thanks!

As far as how the laptop is running, it seems to be doing fine.
  • 0

#13
pystryker
Posted 04 January 2014 - 06:46 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

Great, Thanks!

As far as how the laptop is running, it seems to be doing fine.


:thumbsup: Good to hear!
  • 0

#14
pystryker
Posted 05 January 2014 - 06:11 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hi :)

Just a note, I haven't forgotten you. I'm waiting for approval, and it's been a busy weekend on the forums, sorry for the delay. :)
  • 0

#15
robkbriggs
Posted 05 January 2014 - 07:13 PM

robkbriggs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
No Worries, Thank You for taking the time to help out. :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP