Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I may have malware on my PC [Solved]


  • This topic is locked This topic is locked

#1
d_may

d_may

    Member

  • Member
  • PipPip
  • 55 posts
Geeks to Go .

Thank you,
I have used your OTL with a volenteer before.
I have downloaded and ran OTL
Ready to follow No know infections or error codes.
  • 0

Advertisements


#2
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi and welcome back. :)

Could you please post the contents of OTL.txt and Extras.txt from the OTL scan.

What symptoms do you have that make you think that you have malware?
  • 0

#3
d_may

d_may

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
The reason I am coming here today is that I changed from DSL (ATT) to UVerse (ATT)

At my age (60) it's hard to stay up with the latest trends, and may clean out the garbage.
The flowing is the post you requested (OTL)

5.99 Gb Total Physical Memory | 4.71 Gb Available Physical Memory | 78.57% Memory free
11.98 Gb Paging File | 9.51 Gb Available in Paging File | 79.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.50 Gb Total Space | 480.46 Gb Free Space | 82.48% Space Free | Partition Type: NTFS
Drive D: | 13.67 Gb Total Space | 2.20 Gb Free Space | 16.05% Space Free | Partition Type: NTFS

Computer Name: DALE-PC | User Name: Dale | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/11 12:17:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dale\Downloads\OTL.exe
PRC - [2013/12/26 10:49:34 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/12/26 10:49:34 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/12/20 22:50:00 | 001,168,896 | ---- | M] (Spotify Ltd) -- C:\Users\Dale\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/12/20 11:25:43 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/12/16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
PRC - [2013/12/11 10:15:35 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
PRC - [2013/12/07 17:17:49 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/06/05 12:40:50 | 000,173,192 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/04/01 22:28:28 | 000,342,528 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/05/23 07:11:32 | 000,157,016 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe
PRC - [2009/10/20 13:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/09/12 16:43:03 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2009/08/28 12:53:00 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/04 12:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/04 12:00:20 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/20 11:25:43 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/12/11 10:15:34 | 016,242,056 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
MOD - [2013/10/28 21:12:13 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2009/08/28 12:52:58 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/12/26 10:49:34 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/11/26 03:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/10 16:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/10/10 08:39:57 | 000,224,840 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2013/08/26 02:29:48 | 000,460,288 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService64)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/12/03 19:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2013/12/20 11:25:43 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/12/16 19:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/12/11 10:15:35 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/05 12:40:50 | 000,173,192 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/04/01 22:28:28 | 000,342,528 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe -- (pcServiceHost)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/05/23 07:11:32 | 000,157,016 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe -- (YNanoService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/12 16:43:03 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/04 12:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/26 10:49:42 | 000,079,672 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2013/12/26 10:49:37 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/12/26 10:49:37 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2013/12/26 10:49:37 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/12/26 10:49:37 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/10/28 21:12:14 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/10/28 21:12:14 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/10/14 10:22:35 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/10/10 08:26:56 | 000,883,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/13 01:59:50 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2012/03/13 01:59:50 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 02:18:10 | 000,402,024 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtenic64.sys -- (RTLE8023x64)
DRV:64bit: - [2012/02/01 15:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/07/22 10:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 15:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/01/26 16:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/09/02 02:09:34 | 000,221,696 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/03/29 06:20:03 | 000,033,280 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HPZius12.sys -- (HPZius12)
DRV:64bit: - [2006/03/29 06:20:02 | 000,269,824 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HPZid412.sys -- (HPZid412)
DRV - [2012/03/13 01:59:50 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/03/13 01:59:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files (x86)\TurboTax\Basic 2012\32bit\local\dlg\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{1C3F3665-8DF0-495B-852E-3665C2624002}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{5E22D6BD-163F-454E-B391-FB6EB419F995}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files (x86)\TurboTax\Basic 2012\32bit\local\dlg\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{1C3F3665-8DF0-495B-852E-3665C2624002}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files (x86)\TurboTax\Basic 2012\32bit\local\dlg\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {FE809C08-B738-4C7C-A235-53274EF76E8D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{5E22D6BD-163F-454E-B391-FB6EB419F995}: "URL" = http://www.bing.com/...E11SR&pc=HPDTDF
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{C79BF1BF-72F6-4415-AFD7-717B71B259C4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{FE809C08-B738-4C7C-A235-53274EF76E8D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: clearConsole%40penzil.com:1.10
FF - prefs.js..extensions.enabledAddons: feedly%40devhd:16.0.528
FF - prefs.js..extensions.enabledAddons: foobar%40unnecessarilylongurl.com:2.0.1
FF - prefs.js..extensions.enabledAddons: newtabgoogle%40graememcc.co.uk:1.0.2
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2011.70
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dale\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Dale\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dale\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dale\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dale\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Dale\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/22 06:26:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/12/31 10:35:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/20 11:25:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/20 11:25:37 | 000,000,000 | ---D | M]

[2009/10/30 16:09:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dale\AppData\Roaming\Mozilla\Extensions
[2013/12/18 10:14:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions
[2013/08/28 22:02:21 | 000,000,000 | ---D | M] (AccelerateTab) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]
[2013/12/18 10:14:27 | 000,059,886 | ---- | M] () (No name found) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]
[2013/06/26 20:59:42 | 000,027,050 | ---- | M] () (No name found) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]
[2013/07/08 21:40:23 | 000,041,010 | ---- | M] () (No name found) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]
[2013/04/12 09:07:25 | 000,019,225 | ---- | M] () (No name found) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]
[2009/10/28 14:08:58 | 000,002,186 | ---- | M] () -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\searchplugins\bing.xml
[2013/08/28 22:02:04 | 000,000,904 | ---- | M] () -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\searchplugins\yahoo.xml
[2013/12/20 11:25:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/20 11:25:36 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak2
[2013/12/20 11:25:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/20 11:25:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/31 10:35:13 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010/06/25 17:49:15 | 000,466,944 | ---- | M] (Invenda Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcolPM460.dll
[2013/01/22 06:25:56 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2007/03/09 17:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.yahoo.com/
CHR - Extension: No name found = C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: No name found = C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/20 11:50:08 | 000,000,698 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Dale\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect121.cab (GMNRev Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23910CEA-C965-46E4-B5BA-3D11043DE351}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/26 10:49:42 | 000,079,672 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2013/12/21 18:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/12/20 11:25:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/13 00:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

========== Files - Modified Within 30 Days ==========

[2014/01/11 12:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/11 11:22:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/10 22:54:27 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/08 23:26:14 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/08 23:26:14 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/08 23:23:41 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/08 23:23:41 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/08 23:23:41 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/08 23:18:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/08 23:18:44 | 529,182,719 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/31 10:35:48 | 000,001,968 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/12/28 17:07:02 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDale.job
[2013/12/26 10:49:42 | 000,079,672 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2013/12/26 10:49:37 | 001,034,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/12/26 10:49:37 | 000,422,216 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2013/12/26 10:49:37 | 000,334,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/12/26 10:49:37 | 000,207,904 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/12/26 10:49:37 | 000,078,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/12/26 10:49:36 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/12/25 00:40:15 | 000,002,633 | ---- | M] () -- C:\Users\Dale\Application Data\Microsoft\Internet Explorer\Quick Launch\HP MediaSmart.lnk
[2013/12/25 00:40:15 | 000,002,609 | ---- | M] () -- C:\Users\Public\Desktop\HP MediaSmart.lnk
[2013/12/21 18:08:05 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

========== Files Created - No Company Name ==========

[2013/08/28 22:02:20 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2012/11/22 11:05:17 | 000,005,263 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/28 10:31:26 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/12/07 18:21:57 | 000,000,774 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/12/07 16:49:25 | 000,017,408 | ---- | C] () -- C:\Users\Dale\AppData\Local\WebpageIcons.db
[2010/05/23 21:01:21 | 000,004,608 | ---- | C] () -- C:\Users\Dale\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/02 13:11:13 | 000,007,622 | ---- | C] () -- C:\Users\Dale\AppData\Local\Resmon.ResmonCfg
[2009/10/19 14:15:12 | 000,061,224 | ---- | C] () -- C:\Users\Dale\GoToAssistDownloadHelper.exe
[2009/09/18 15:00:19 | 000,000,000 | ---- | C] () -- C:\Users\Dale\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:07BF512B

< End of report >
extas on next post-----
  • 0

#4
d_may

d_may

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
OTL Extras logfile created on: 1/11/2014 12:17:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dale\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.71 Gb Available Physical Memory | 78.57% Memory free
11.98 Gb Paging File | 9.51 Gb Available in Paging File | 79.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.50 Gb Total Space | 480.46 Gb Free Space | 82.48% Space Free | Partition Type: NTFS
Drive D: | 13.67 Gb Total Space | 2.20 Gb Free Space | 16.05% Space Free | Partition Type: NTFS

Computer Name: DALE-PC | User Name: Dale | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{685D6669-44D2-4E43-A4D8-05FDC9DC55DF}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\motive\pcservicehost.exe |
"{E7A2E421-AE50-46B6-89DD-A76A299C91A7}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\motive\pcservicehost.exe |
"TCP Query User{1CFA8479-0042-4E93-96B7-01F42AD0CB02}C:\users\dale\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\dale\appdata\roaming\spotify\spotify.exe |
"TCP Query User{9EE7D9C9-ABA7-4DD2-AA0F-E22E8F187A38}C:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"UDP Query User{B0F33070-36D4-481B-AAB4-734AF4119E46}C:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"UDP Query User{B2DB5CCD-76FE-4292-8525-0D75A97160F1}C:\users\dale\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\dale\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86417045FF}" = Java 7 Update 45 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D33F6F0-4D90-484D-A1D9-09AE791CCBD9}" = Eraser 6.0.9.2343
"{4B97502B-795A-4E12-9A93-E824772156A7}" = HP Deskjet & Photosmart Printer Driver Software 13.0 Rel. A
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5F240DB8-0D74-4F13-86C3-929760392A8D}" = HP Remote Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170450}" = Java SE Development Kit 7 Update 45 (64-bit)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{84481A87-2316-4923-8FAB-3BA8CA29323D}" = WinPatrol
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}" = HP MediaSmart SmartMenu
"{D617DF82-6046-44EB-AD4A-D3423319E12C}" = Geosense for Windows
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}" = Microsoft IntelliType Pro 7.1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
"ATT-SST-UversePortal" = AT&T Portal
"CCleaner" = CCleaner
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Registry First Aid_is1" = Registry First Aid

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{0412CCFF-BFAC-83D8-44FB-3BE60F05FCF8}" = Amazon MP3 Uploader
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{290CA856-3737-4874-864B-BA142F4823C8}_is1" = HP MediaSmart Demo
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{360022A4-9339-426B-8F36-1465CBAEABC0}" = D7300
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{42D10994-A566-495D-A5E7-D0C6B5C6B35C}" = HP Product Detection
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{56D4499E-AC3E-4B8D-91C9-C700C148C44B}" = Google Drive
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{6009F2FC-EC56-4e28-B91C-0BA5104D6419}" = SF_CDA_Software
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{784BEA84-FA66-4B19-BB80-7B545F248AC6}" = HP Total Care Setup
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B5A3A53-1F50-4831-9922-4C30C80417AB}" = TurboTax 2012 wokiper
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9718521B-A345-4ad9-A52B-74D1435FB708}" = SF_CDA_ProductContext
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A6558E2A-FAF9-4570-AA49-6328D0354517}" = ASPCA Reminder by We-Care.com v4.1.21.1
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B84739A3-F943-47E4-95D8-96381EF5AC48}" = HP Customer Experience Enhancements
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F859EACD-283B-449C-AD10-9EC74E824FB9}" = Marine Aquarium
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}" = Bing Bar
"7-Zip 9.20" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"AIM_7" = AIM 7
"Amazon Kindle For PC" = Amazon Kindle For PC
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"AT&T Yahoo! Activation" = AT&T Yahoo! Activation
"AU11_is1" = Advanced Uninstaller PRO - Version 11
"Avast" = avast! Free Antivirus
"CleanMem" = CleanMem
"CleanUp!" = CleanUp!
"com.amazon.music.uploader" = Amazon MP3 Uploader
"Driver Booster_is1" = Driver Booster
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Remote Solution" = HP Remote Solution
"ImgBurn" = ImgBurn
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 26.0 (x86 en-GB)" = Mozilla Firefox 26.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mplayer" = Mplayer 0.6.9
"RealPlayer 16.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.92
"TurboTax 2012" = TurboTax 2012
"twkmastr1_is1" = TweakMASTER
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! NanoClient" = Yahoo! Axis
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AIM" = AIM for Windows
"Amazon Kindle" = Amazon Kindle
"MusicManager" = Music Manager
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Spotify" = Spotify
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/8/2014 1:46:04 PM | Computer Name = Dale-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/9/2014 1:19:01 AM | Computer Name = Dale-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/9/2014 1:41:12 AM | Computer Name = Dale-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 1/10/2014 12:38:28 AM | Computer Name = Dale-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 1/10/2014 2:31:48 AM | Computer Name = Dale-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\Python\Lib\distutils\command\wininst-8_d.exe".
Dependent
Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/10/2014 2:31:54 AM | Computer Name = Dale-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/10/2014 1:39:58 PM | Computer Name = Dale-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 1/11/2014 5:17:33 AM | Computer Name = Dale-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\Python\Lib\distutils\command\wininst-8_d.exe".
Dependent
Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/11/2014 5:17:36 AM | Computer Name = Dale-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/11/2014 12:20:22 PM | Computer Name = Dale-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ Spybot - Search and Destroy Events ]
Error - 12/30/2012 8:43:45 PM | Computer Name = Dale-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 1/3/2013 1:17:11 AM | Computer Name = Dale-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 1/4/2013 12:04:33 PM | Computer Name = Dale-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 1/4/2013 12:06:18 PM | Computer Name = Dale-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 1/9/2013 8:13:13 AM | Computer Name = Dale-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 1/23/2013 3:11:26 PM | Computer Name = Dale-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 1/23/2013 3:49:43 PM | Computer Name = Dale-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 10/5/2013 8:13:18 AM | Computer Name = Dale-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 10/5/2013 8:36:50 AM | Computer Name = Dale-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 1/1/2014 10:25:03 AM | Computer Name = Dale-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

[ System Events ]
Error - 1/11/2014 4:07:26 AM | Computer Name = Dale-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 1/11/2014 5:59:34 AM | Computer Name = Dale-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Listener service depends on the Server service which
failed to start because of the following error: %%1058

Error - 1/11/2014 11:43:45 AM | Computer Name = Dale-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 1/11/2014 11:43:45 AM | Computer Name = Dale-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Listener service depends on the Server service which
failed to start because of the following error: %%1058

Error - 1/11/2014 11:43:47 AM | Computer Name = Dale-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 1/11/2014 11:43:52 AM | Computer Name = Dale-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 1/11/2014 12:19:31 PM | Computer Name = Dale-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 1/11/2014 12:34:32 PM | Computer Name = Dale-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 1/11/2014 1:13:11 PM | Computer Name = Dale-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 1/11/2014 1:18:23 PM | Computer Name = Dale-PC | Source = WMPNetworkSvc | ID = 866300
Description =


< End of report >
(OTL) extras----------
  • 0

#5
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
You're computer is fairly clean, not much to do.


Step 1: Uninstalls.

Please uninstall the following programs via the Programs and Features menu of the Control Panel.
  • Registry First Aid -> We don't recommend using registry fixing programs because they generally produce no improvement and can cause your computer to become unbootable.

Step 2: Run OTL fix.

Start OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Commands
    [createrestorepoint]
    
    :OTL
    
    [2013/08/28 22:02:21 | 000,000,000 | ---D | M] (AccelerateTab) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • Post the log it produces in your next reply.

Step 3: Run JRT.


Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4: Run aswMBR.

Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Things I need in your next reply:
  • OTL fix log
  • JRT log
  • aswMBR log
  • How is your computer running now? Any more alerts?

  • 0

#6
d_may

d_may

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\zh-TW folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\zh-CN folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\vi folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\uk folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\tr folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\th folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\te folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\ta folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\sw folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\sv folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\sr folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\sl folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\sk folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\ru folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\ro folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\pt_PT folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\pt_BR folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\pl folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\no folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\nl folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\ms folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\mr folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\lv folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\lt folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\ko folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\kn folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\ja folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\it folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\id folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\hu folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\hr folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\hi folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\he folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\gu folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\fr folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\fil folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\fi folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\fa folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\et folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\es - 419 folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\es folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\en-US folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\en-GB folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\en folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\el folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\de folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\da folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\cs folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\ca folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\bn folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\bg folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale\ar folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\locale folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\images\bg folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\images folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected] folder moved successfully.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.

OTL by OldTimer - Version 3.2.69.0 log created on 01132014_114330
  • 0

#7
d_may

d_may

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Dale on Mon 01/13/2014 at 11:49:21.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Dale\appdata\local\{1D6C3131-E111-4950-8641-9247F40D5900}
Successfully deleted: [Empty Folder] C:\Users\Dale\appdata\local\{5F29B41A-1557-4850-BAC3-44990821DFEA}
Successfully deleted: [Empty Folder] C:\Users\Dale\appdata\local\{92246C78-6F58-4978-A125-A6573B64DC84}



~~~ FireFox

Successfully deleted the following from C:\Users\Dale\AppData\Roaming\mozilla\firefox\profiles\8dticc2f.default\prefs.js

user_pref("extensions.AMAZONNEW_NS_PH.searchconf", "{\n \"google\" : {\n \"urlexp\" : \"hxxp(s)?:\\\\/\\\\/www\\\\.google\\\\..*\\\\/.*[?#&]q=([^&]+)\",\n \"rankometer\
Emptied folder: C:\Users\Dale\AppData\Roaming\mozilla\firefox\profiles\8dticc2f.default\minidumps [19 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/13/2014 at 11:57:18.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#8
d_may

d_may

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-01-13 12:02:16
-----------------------------
12:02:16.010 OS Version: Windows x64 6.1.7601 Service Pack 1
12:02:16.010 Number of processors: 2 586 0x170A
12:02:16.012 ComputerName: DALE-PC UserName: Dale
12:02:17.199 Initialize success
12:02:20.129 AVAST engine defs: 14011300
12:02:35.503 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:02:35.508 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 8
12:02:35.686 Disk 0 MBR read successfully
12:02:35.691 Disk 0 MBR scan
12:02:35.700 Disk 0 unknown MBR code
12:02:35.706 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 596475 MB offset 63
12:02:35.745 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 14001 MB offset 1221582600
12:02:35.817 Disk 0 scanning C:\Windows\system32\drivers
12:02:44.162 Service scanning
12:03:01.941 Modules scanning
12:03:01.957 Disk 0 trace - called modules:
12:03:01.984 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:03:01.989 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80083d4060]
12:03:01.994 3 CLASSPNP.SYS[fffff88000db643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800726f050]
12:03:02.890 AVAST engine scan C:\Windows
12:03:05.531 AVAST engine scan C:\Windows\system32
12:05:14.189 AVAST engine scan C:\Windows\system32\drivers
12:05:25.702 AVAST engine scan C:\Users\Dale
12:12:54.437 AVAST engine scan C:\ProgramData
12:15:17.973 Scan finished successfully
12:17:20.527 Disk 0 MBR has been saved successfully to "C:\Users\Dale\Desktop\MBR.dat"
12:17:20.527 The log file has been saved successfully to "C:\Users\Dale\Desktop\aswMBR.txt"



Seems to be running fine, (Thank you)
Thinking of getting rid of Bing Desktop. (don't use anymore)
Instructions please.
  • 0

#9
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Do you want to remove Bing Bar (toolbar) as well?

First remove them from the Programs and Features menu of the Control Panel, then run another OTL quickscan and I'll remove any remnants.
  • 0

#10
d_may

d_may

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
uninstalled Bing desktop only, reran scan:

OTL logfile created on: 1/13/2014 10:34:36 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dale\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.35 Gb Available Physical Memory | 72.56% Memory free
11.98 Gb Paging File | 9.26 Gb Available in Paging File | 77.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.50 Gb Total Space | 478.90 Gb Free Space | 82.22% Space Free | Partition Type: NTFS
Drive D: | 13.67 Gb Total Space | 2.20 Gb Free Space | 16.05% Space Free | Partition Type: NTFS

Computer Name: DALE-PC | User Name: Dale | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/11 12:17:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dale\Downloads\OTL.exe
PRC - [2013/12/26 10:49:34 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/12/26 10:49:34 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/12/20 22:50:00 | 001,168,896 | ---- | M] (Spotify Ltd) -- C:\Users\Dale\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/12/20 11:25:43 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/12/16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
PRC - [2013/12/11 10:15:35 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
PRC - [2013/12/07 17:17:49 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/04/01 22:28:28 | 000,342,528 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/05/23 07:11:32 | 000,157,016 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe
PRC - [2009/10/20 13:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/09/12 16:43:03 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2009/08/28 12:53:00 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/04 12:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/04 12:00:20 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/20 11:25:43 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/12/11 10:15:34 | 016,242,056 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
MOD - [2013/10/28 21:12:13 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2009/08/28 12:52:58 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/12/26 10:49:34 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/11/26 03:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/10 16:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/10/10 08:39:57 | 000,224,840 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2013/08/26 02:29:48 | 000,460,288 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService64)
SRV:64bit: - [2013/07/26 06:48:28 | 000,230,416 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe -- (NitroReaderDriverReadSpool3)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/12/03 19:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2013/12/20 11:25:43 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/12/16 19:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/12/11 10:15:35 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/04/01 22:28:28 | 000,342,528 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe -- (pcServiceHost)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/05/23 07:11:32 | 000,157,016 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe -- (YNanoService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/12 16:43:03 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/04 12:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/26 10:49:42 | 000,079,672 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2013/12/26 10:49:37 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/12/26 10:49:37 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2013/12/26 10:49:37 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/12/26 10:49:37 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/10/28 21:12:14 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/10/28 21:12:14 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/10/14 10:22:35 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/10/10 08:26:56 | 000,883,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/13 01:59:50 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2012/03/13 01:59:50 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 02:18:10 | 000,402,024 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtenic64.sys -- (RTLE8023x64)
DRV:64bit: - [2012/02/01 15:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/07/22 10:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 15:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/01/26 16:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/09/02 02:09:34 | 000,221,696 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/03/29 06:20:03 | 000,033,280 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HPZius12.sys -- (HPZius12)
DRV:64bit: - [2006/03/29 06:20:02 | 000,269,824 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HPZid412.sys -- (HPZid412)
DRV - [2012/03/13 01:59:50 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/03/13 01:59:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files (x86)\TurboTax\Basic 2012\32bit\local\dlg\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{1C3F3665-8DF0-495B-852E-3665C2624002}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{5E22D6BD-163F-454E-B391-FB6EB419F995}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files (x86)\TurboTax\Basic 2012\32bit\local\dlg\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{1C3F3665-8DF0-495B-852E-3665C2624002}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files (x86)\TurboTax\Basic 2012\32bit\local\dlg\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {FE809C08-B738-4C7C-A235-53274EF76E8D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{5E22D6BD-163F-454E-B391-FB6EB419F995}: "URL" = http://www.bing.com/...E11SR&pc=HPDTDF
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{C79BF1BF-72F6-4415-AFD7-717B71B259C4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{FE809C08-B738-4C7C-A235-53274EF76E8D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: clearConsole%40penzil.com:1.10
FF - prefs.js..extensions.enabledAddons: feedly%40devhd:16.0.528
FF - prefs.js..extensions.enabledAddons: foobar%40unnecessarilylongurl.com:2.0.1
FF - prefs.js..extensions.enabledAddons: newtabgoogle%40graememcc.co.uk:1.0.2
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2011.70
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dale\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Dale\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dale\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dale\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dale\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Dale\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/22 06:26:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/12/31 10:35:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/20 11:25:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/20 11:25:37 | 000,000,000 | ---D | M]

[2009/10/30 16:09:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dale\AppData\Roaming\Mozilla\Extensions
[2014/01/13 11:44:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions
[2013/12/18 10:14:27 | 000,059,886 | ---- | M] () (No name found) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]
[2013/06/26 20:59:42 | 000,027,050 | ---- | M] () (No name found) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]
[2013/07/08 21:40:23 | 000,041,010 | ---- | M] () (No name found) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]
[2013/04/12 09:07:25 | 000,019,225 | ---- | M] () (No name found) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]
[2009/10/28 14:08:58 | 000,002,186 | ---- | M] () -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\searchplugins\bing.xml
[2013/08/28 22:02:04 | 000,000,904 | ---- | M] () -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\searchplugins\yahoo.xml
[2013/12/20 11:25:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/20 11:25:36 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak2
[2013/12/20 11:25:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/20 11:25:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/31 10:35:13 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010/06/25 17:49:15 | 000,466,944 | ---- | M] (Invenda Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcolPM460.dll
[2013/01/22 06:25:56 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2007/03/09 17:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.yahoo.com/
CHR - Extension: No name found = C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: No name found = C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/20 11:50:08 | 000,000,698 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Dale\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect121.cab (GMNRev Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23910CEA-C965-46E4-B5BA-3D11043DE351}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/13 11:43:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/11 18:41:51 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\Nitro
[2014/01/11 18:41:51 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\FileOpen
[2014/01/11 18:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen
[2014/01/11 18:41:34 | 000,029,712 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
[2014/01/11 18:41:34 | 000,017,936 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll
[2014/01/11 18:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro
[2014/01/11 18:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro
[2014/01/11 18:41:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro
[2014/01/11 18:41:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro
[2014/01/11 18:31:08 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\Downloaded Installations
[2013/12/26 10:49:42 | 000,079,672 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2013/12/21 18:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/12/20 11:25:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2014/01/13 22:33:24 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/13 22:32:56 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/13 22:32:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/12 18:35:32 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/12 18:35:32 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/12 18:34:17 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/12 18:34:17 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/12 18:34:17 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/12 18:28:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/12 18:27:53 | 529,182,719 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/11 18:41:31 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\Nitro Reader.lnk
[2013/12/31 10:35:48 | 000,001,968 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/12/28 17:07:02 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDale.job
[2013/12/26 10:49:42 | 000,079,672 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2013/12/26 10:49:37 | 001,034,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/12/26 10:49:37 | 000,422,216 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2013/12/26 10:49:37 | 000,334,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/12/26 10:49:37 | 000,207,904 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/12/26 10:49:37 | 000,078,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/12/26 10:49:36 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/12/25 00:40:15 | 000,002,633 | ---- | M] () -- C:\Users\Dale\Application Data\Microsoft\Internet Explorer\Quick Launch\HP MediaSmart.lnk
[2013/12/25 00:40:15 | 000,002,609 | ---- | M] () -- C:\Users\Public\Desktop\HP MediaSmart.lnk
[2013/12/21 18:08:05 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

========== Files Created - No Company Name ==========

[2014/01/11 18:41:31 | 000,002,499 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 3.lnk
[2014/01/11 18:41:31 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\Nitro Reader.lnk
[2013/08/28 22:02:20 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2012/11/22 11:05:17 | 000,005,263 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/28 10:31:26 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/12/07 18:21:57 | 000,000,774 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/12/07 16:49:25 | 000,017,408 | ---- | C] () -- C:\Users\Dale\AppData\Local\WebpageIcons.db
[2010/05/23 21:01:21 | 000,004,608 | ---- | C] () -- C:\Users\Dale\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/02 13:11:13 | 000,007,622 | ---- | C] () -- C:\Users\Dale\AppData\Local\Resmon.ResmonCfg
[2009/10/19 14:15:12 | 000,061,224 | ---- | C] () -- C:\Users\Dale\GoToAssistDownloadHelper.exe
[2009/09/18 15:00:19 | 000,000,000 | ---- | C] () -- C:\Users\Dale\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/09/03 08:12:33 | 000,000,000 | -HSD | M] -- C:\Users\Dale\AppData\Roaming\.#
[2010/12/17 16:51:18 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\acccore
[2009/10/30 16:09:24 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Amazon
[2013/10/28 21:17:58 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\AVAST Software
[2011/08/09 13:03:13 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Azureus
[2010/01/26 21:22:04 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/01 07:25:04 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\com.amazon.music.uploader
[2014/01/11 18:31:08 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Downloaded Installations
[2010/06/25 17:49:15 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\E-centives
[2014/01/11 18:41:51 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\FileOpen
[2011/06/07 20:02:08 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\GARMIN
[2012/07/26 08:03:53 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\GrabPro
[2013/12/06 12:57:26 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Image Zone Express
[2010/06/10 18:31:28 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\ImgBurn
[2013/10/28 20:09:33 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\IObit
[2009/11/16 17:41:34 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Marine Aquarium 3
[2014/01/11 18:41:51 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Nitro
[2013/09/10 20:55:47 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Oracle
[2012/08/23 14:38:58 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Orbit
[2011/03/22 18:38:09 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\PCHC
[2009/10/30 16:09:31 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\PictureMover
[2011/08/01 13:24:40 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\PrepLogic
[2009/10/30 16:09:31 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Printer Info Cache
[2012/07/26 08:04:08 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\ProgSense
[2012/07/24 20:33:04 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\QFX Software
[2010/02/22 12:33:25 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Skinux
[2013/12/27 00:42:01 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Spotify
[2009/10/30 16:09:31 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Template
[2009/10/30 16:09:31 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\WinBatch
[2010/11/13 16:46:45 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Windows Live Writer
[2010/01/28 23:16:42 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\WinPatrol
[2013/12/15 18:28:43 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\wsInspector
[2011/08/01 13:23:32 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\{EF919EB7-5731-485D-A184-B934F68FB5FB}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:07BF512B

< End of report >
  • 0

#11
d_may

d_may

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Now I uninstalled the Bing Toolbar: reran Quick Scan:

OTL logfile created on: 1/13/2014 10:45:16 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dale\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.09 Gb Available Physical Memory | 68.21% Memory free
11.98 Gb Paging File | 9.27 Gb Available in Paging File | 77.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.50 Gb Total Space | 479.01 Gb Free Space | 82.23% Space Free | Partition Type: NTFS
Drive D: | 13.67 Gb Total Space | 2.20 Gb Free Space | 16.05% Space Free | Partition Type: NTFS

Computer Name: DALE-PC | User Name: Dale | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/11 12:17:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dale\Downloads\OTL.exe
PRC - [2013/12/26 10:49:34 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/12/26 10:49:34 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/12/20 22:50:00 | 001,168,896 | ---- | M] (Spotify Ltd) -- C:\Users\Dale\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/12/20 11:25:43 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/12/07 17:17:49 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/04/01 22:28:28 | 000,342,528 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/05/23 07:11:32 | 000,157,016 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe
PRC - [2009/10/20 13:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/09/12 16:43:03 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2009/08/28 12:53:00 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/04 12:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/04 12:00:20 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/20 11:25:43 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/10/28 21:12:13 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2009/08/28 12:52:58 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/12/26 10:49:34 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/11/26 03:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/10 16:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/10/10 08:39:57 | 000,224,840 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2013/08/26 02:29:48 | 000,460,288 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService64)
SRV:64bit: - [2013/07/26 06:48:28 | 000,230,416 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe -- (NitroReaderDriverReadSpool3)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/12/03 19:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2013/12/20 11:25:43 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/11 10:15:35 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/04/01 22:28:28 | 000,342,528 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe -- (pcServiceHost)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/05/23 07:11:32 | 000,157,016 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe -- (YNanoService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/12 16:43:03 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/04 12:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/26 10:49:42 | 000,079,672 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2013/12/26 10:49:37 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/12/26 10:49:37 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2013/12/26 10:49:37 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/12/26 10:49:37 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/10/28 21:12:14 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/10/28 21:12:14 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/10/14 10:22:35 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/10/10 08:26:56 | 000,883,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/13 01:59:50 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2012/03/13 01:59:50 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 02:18:10 | 000,402,024 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtenic64.sys -- (RTLE8023x64)
DRV:64bit: - [2012/02/01 15:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/07/22 10:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 15:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/01/26 16:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/09/02 02:09:34 | 000,221,696 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/03/29 06:20:03 | 000,033,280 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HPZius12.sys -- (HPZius12)
DRV:64bit: - [2006/03/29 06:20:02 | 000,269,824 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HPZid412.sys -- (HPZid412)
DRV - [2012/03/13 01:59:50 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/03/13 01:59:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files (x86)\TurboTax\Basic 2012\32bit\local\dlg\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{1C3F3665-8DF0-495B-852E-3665C2624002}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{5E22D6BD-163F-454E-B391-FB6EB419F995}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files (x86)\TurboTax\Basic 2012\32bit\local\dlg\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{1C3F3665-8DF0-495B-852E-3665C2624002}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files (x86)\TurboTax\Basic 2012\32bit\local\dlg\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {FE809C08-B738-4C7C-A235-53274EF76E8D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{5E22D6BD-163F-454E-B391-FB6EB419F995}: "URL" = http://www.bing.com/...E11SR&pc=HPDTDF
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{C79BF1BF-72F6-4415-AFD7-717B71B259C4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{FE809C08-B738-4C7C-A235-53274EF76E8D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: clearConsole%40penzil.com:1.10
FF - prefs.js..extensions.enabledAddons: feedly%40devhd:16.0.528
FF - prefs.js..extensions.enabledAddons: foobar%40unnecessarilylongurl.com:2.0.1
FF - prefs.js..extensions.enabledAddons: newtabgoogle%40graememcc.co.uk:1.0.2
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2011.70
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dale\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Dale\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dale\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dale\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dale\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Dale\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/22 06:26:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/12/31 10:35:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/20 11:25:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/20 11:25:37 | 000,000,000 | ---D | M]

[2009/10/30 16:09:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dale\AppData\Roaming\Mozilla\Extensions
[2014/01/13 11:44:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions
[2013/12/18 10:14:27 | 000,059,886 | ---- | M] () (No name found) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]
[2013/06/26 20:59:42 | 000,027,050 | ---- | M] () (No name found) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]
[2013/07/08 21:40:23 | 000,041,010 | ---- | M] () (No name found) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]
[2013/04/12 09:07:25 | 000,019,225 | ---- | M] () (No name found) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\extensions\[email protected]
[2009/10/28 14:08:58 | 000,002,186 | ---- | M] () -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\searchplugins\bing.xml
[2013/08/28 22:02:04 | 000,000,904 | ---- | M] () -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\8dticc2f.default\searchplugins\yahoo.xml
[2013/12/20 11:25:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/20 11:25:36 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak2
[2013/12/20 11:25:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/20 11:25:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/31 10:35:13 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010/06/25 17:49:15 | 000,466,944 | ---- | M] (Invenda Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcolPM460.dll
[2013/01/22 06:25:56 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2007/03/09 17:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.yahoo.com/
CHR - Extension: No name found = C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: No name found = C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/20 11:50:08 | 000,000,698 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Dale\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect121.cab (GMNRev Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23910CEA-C965-46E4-B5BA-3D11043DE351}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/13 11:43:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/11 18:41:51 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\Nitro
[2014/01/11 18:41:51 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\FileOpen
[2014/01/11 18:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen
[2014/01/11 18:41:34 | 000,029,712 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
[2014/01/11 18:41:34 | 000,017,936 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll
[2014/01/11 18:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro
[2014/01/11 18:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro
[2014/01/11 18:41:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro
[2014/01/11 18:41:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro
[2014/01/11 18:31:08 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\Downloaded Installations
[2013/12/26 10:49:42 | 000,079,672 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2013/12/21 18:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/12/20 11:25:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2014/01/13 22:43:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/13 22:33:24 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/13 22:32:56 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/12 18:35:32 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/12 18:35:32 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/12 18:34:17 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/12 18:34:17 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/12 18:34:17 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/12 18:28:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/12 18:27:53 | 529,182,719 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/11 18:41:31 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\Nitro Reader.lnk
[2013/12/31 10:35:48 | 000,001,968 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/12/28 17:07:02 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDale.job
[2013/12/26 10:49:42 | 000,079,672 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2013/12/26 10:49:37 | 001,034,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/12/26 10:49:37 | 000,422,216 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2013/12/26 10:49:37 | 000,334,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/12/26 10:49:37 | 000,207,904 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/12/26 10:49:37 | 000,078,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/12/26 10:49:36 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/12/25 00:40:15 | 000,002,633 | ---- | M] () -- C:\Users\Dale\Application Data\Microsoft\Internet Explorer\Quick Launch\HP MediaSmart.lnk
[2013/12/25 00:40:15 | 000,002,609 | ---- | M] () -- C:\Users\Public\Desktop\HP MediaSmart.lnk
[2013/12/21 18:08:05 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

========== Files Created - No Company Name ==========

[2014/01/11 18:41:31 | 000,002,499 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 3.lnk
[2014/01/11 18:41:31 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\Nitro Reader.lnk
[2013/08/28 22:02:20 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2012/11/22 11:05:17 | 000,005,263 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/28 10:31:26 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/12/07 18:21:57 | 000,000,774 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/12/07 16:49:25 | 000,017,408 | ---- | C] () -- C:\Users\Dale\AppData\Local\WebpageIcons.db
[2010/05/23 21:01:21 | 000,004,608 | ---- | C] () -- C:\Users\Dale\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/02 13:11:13 | 000,007,622 | ---- | C] () -- C:\Users\Dale\AppData\Local\Resmon.ResmonCfg
[2009/10/19 14:15:12 | 000,061,224 | ---- | C] () -- C:\Users\Dale\GoToAssistDownloadHelper.exe
[2009/09/18 15:00:19 | 000,000,000 | ---- | C] () -- C:\Users\Dale\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/09/03 08:12:33 | 000,000,000 | -HSD | M] -- C:\Users\Dale\AppData\Roaming\.#
[2010/12/17 16:51:18 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\acccore
[2009/10/30 16:09:24 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Amazon
[2013/10/28 21:17:58 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\AVAST Software
[2011/08/09 13:03:13 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Azureus
[2010/01/26 21:22:04 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/01 07:25:04 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\com.amazon.music.uploader
[2014/01/11 18:31:08 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Downloaded Installations
[2010/06/25 17:49:15 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\E-centives
[2014/01/11 18:41:51 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\FileOpen
[2011/06/07 20:02:08 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\GARMIN
[2012/07/26 08:03:53 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\GrabPro
[2013/12/06 12:57:26 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Image Zone Express
[2010/06/10 18:31:28 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\ImgBurn
[2013/10/28 20:09:33 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\IObit
[2009/11/16 17:41:34 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Marine Aquarium 3
[2014/01/11 18:41:51 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Nitro
[2013/09/10 20:55:47 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Oracle
[2012/08/23 14:38:58 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Orbit
[2011/03/22 18:38:09 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\PCHC
[2009/10/30 16:09:31 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\PictureMover
[2011/08/01 13:24:40 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\PrepLogic
[2009/10/30 16:09:31 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Printer Info Cache
[2012/07/26 08:04:08 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\ProgSense
[2012/07/24 20:33:04 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\QFX Software
[2010/02/22 12:33:25 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Skinux
[2013/12/27 00:42:01 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Spotify
[2009/10/30 16:09:31 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Template
[2009/10/30 16:09:31 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\WinBatch
[2010/11/13 16:46:45 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Windows Live Writer
[2010/01/28 23:16:42 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\WinPatrol
[2013/12/15 18:28:43 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\wsInspector
[2011/08/01 13:23:32 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\{EF919EB7-5731-485D-A184-B934F68FB5FB}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:07BF512B

< End of report >
  • 0

#12
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Looks to have gotten rid of it pretty well. Let's update and check for any leftovers.


Step 1: Run SecurityCheck

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 2: Run MBAM.
  • Open Malwarebytes and update the definitions.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Things I need in your next reply:
  • SecurityCheck log
  • MBAM log
  • Any outstanding problems?

  • 0

#13
d_may

d_may

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Results of screen317's Security Check version 0.99.79
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
Adobe Flash Player 12.0.0.43 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox (26.0)
Google Chrome 31.0.1650.57
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
------------------------------------------------------------------------


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.16.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Dale :: DALE-PC [administrator]

1/15/2014 11:20:55 PM
mbam-log-2014-01-15 (23-20-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229138
Time elapsed: 5 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0

--------------------------------

No problems to report, Thanks! Dale

DM
  • 0

#14
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Congratulations, d_may :). Your computer now appears to be clean. Please complete the followings steps to finalize the cleaning process.

Please update these programs, as old versions pose a security risk.
  • Adobe Flash -> You can get the latest version here.
  • Adobe Reader -> You have the latest version, but if you haven't done the below, I recommend it.

    I would recommend securing Adobe Reader against the latest exploits as follows:

  • Launch Adobe Reader.
  • Click on Edit and select Preferences.
  • On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
  • Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
  • Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
  • Click the OK button.

Clean up OTL:
  • Open OTL and select the "CleanUp" button.
  • Allow the computer to reboot.
  • Any logs or removal tools left over can be deleted now. If ESET is still installed, you can uninstall it from the "Programs and Features" menu in the control panel.

Delete possibly infected restore points. Your computer may have saved a restore point while it was infected, so we need to delete the old restore points and create a new, clean one.

First set up a new, clean restore point:
  • Open System by clicking the Start button, right-clicking Computer, and then clicking Properties.
  • In the left pane, click System protection. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Click the System Protection tab, and then click Create.
  • In the System Protection dialog box, type a description, and then click Create.

Then delete the old, infected ones:
  • Go Start > All Programs > Accessories > System Tools
  • Right click Disc Cleanup and select run as administrator
  • Then select the more options tab
  • Select system restore and shadow copies "Clean up"
  • Follow the prompts

Empty temp files. I would recommend doing this every so often to free up some space on your computer.

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Ensure that Windows is always updated. Keeping Windows updated is very important to prevent security vulnerabilities. I recommend turning on automatic updates following the instructions below:
  • First, click on Start and click onAll Programs, then Windows Update.
  • Click on Change Settings in the left pane and then check the option for Automatic Updates.

Always ensure that your firewall and anti-virus program are updated and running. These are your first line of defense against infection.

Make sure that you keep all of your programs updated. Out-of-date programs can make your computer more vulnerable to infection. Software manufacturers release updates to fix security problems as they are discovered. Secunia Personal Software Inspector, free to download here, is a good program that will scan your computer looking for programs that need to be updated.

This article has good information about how computers get infected. You can read it for good tips on staying clean and safe.
  • 0

#15
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP