Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

slow computer [Solved]

Started by LUCYR , Feb 23 2014 01:04 PM

  • This topic is locked This topic is locked

#1
LUCYR
Posted 23 February 2014 - 01:04 PM

LUCYR

    Member

  • Member
  • PipPip
  • 18 posts
Hello,
This forum was able to clean my husbands computer and hopefully mine. For some reason my computer is running very slow and I think it is infected here is the OTC scan thank you for any help!

OTL logfile created on: 23/02/2014 10:41:02 AM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lucille\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 3.83 Gb Available Physical Memory | 47.89% Memory free
16.00 Gb Paging File | 10.93 Gb Available in Paging File | 68.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.70 Gb Total Space | 504.81 Gb Free Space | 73.62% Space Free | Partition Type: NTFS
Drive D: | 12.84 Gb Total Space | 2.30 Gb Free Space | 17.91% Space Free | Partition Type: NTFS

Computer Name: LUCILLE-PC | User Name: Lucille | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/06 05:28:30 | 004,529,440 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
PRC - [2014/02/06 05:28:30 | 002,981,152 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
PRC - [2014/02/06 05:28:30 | 002,360,608 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2014/01/14 17:07:04 | 000,045,568 | ---- | M] (Parallel Lines Development, LLC) -- C:\ProgramData\InternetUpdater\InternetUpdaterService.exe
PRC - [2014/01/02 16:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lucille\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/20 22:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/18 13:55:48 | 000,486,264 | ---- | M] (Updater) -- C:\ProgramData\Updater\updater.exe
PRC - [2013/12/18 13:55:48 | 000,429,944 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
PRC - [2013/12/18 13:55:48 | 000,429,944 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
PRC - [2013/12/18 13:55:48 | 000,429,944 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/31 13:57:08 | 001,646,216 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2013/03/24 13:59:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lucille\Downloads\OTL.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/06 15:30:00 | 001,446,760 | ---- | M] (Garmin) -- C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2010/11/27 00:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/08/17 19:26:38 | 000,560,848 | ---- | M] (CrossLoop Inc) -- C:\Users\Lucille\AppData\Local\CrossLoop\CrossLoopService.exe
PRC - [2009/08/23 00:00:00 | 000,091,432 | ---- | M] (Sage) -- C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
PRC - [2009/08/23 00:00:00 | 000,029,992 | ---- | M] (Sage) -- C:\Program Files (x86)\winsim\ConnectionManager\SimplyConnectionManager.exe
PRC - [2009/06/04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/26 00:36:13 | 000,656,896 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2008/11/20 09:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/08/12 12:15:28 | 000,257,880 | ---- | M] (Creative Home) -- C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2009 Deluxe\Planner\PLNRnote.exe
PRC - [2008/03/19 22:45:36 | 001,675,264 | ---- | M] (D-Link) -- C:\Program Files (x86)\D-Link\D-Link Wireless N DWA-130\AirNCFG.exe
PRC - [2007/01/19 11:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/12 03:40:12 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll
MOD - [2014/02/12 03:33:31 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll
MOD - [2014/02/12 03:33:30 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\b34b348a9935338b1282fd0c9309eb1f\System.ServiceProcess.ni.dll
MOD - [2014/02/12 03:33:16 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/12 03:33:14 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\fe1942c05eda4f9744f80afb4ae76a2d\System.Data.ni.dll
MOD - [2014/02/12 03:33:06 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll
MOD - [2014/02/12 03:32:53 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 03:32:47 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 03:32:45 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f9bb7cc29930815b098e26853962c1de\UIAutomationTypes.ni.dll
MOD - [2014/02/12 03:32:45 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\549aa924ef5af7232f4024eb6f8cb97a\UIAutomationProvider.ni.dll
MOD - [2014/02/12 03:32:45 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\4f5069e6497e5e6a381ab6aadf05d6a5\Accessibility.ni.dll
MOD - [2014/02/12 03:32:44 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll
MOD - [2014/02/12 03:32:34 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/12 03:32:30 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 03:32:26 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/12 03:32:25 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 03:32:19 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/02/12 03:20:01 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\0b3183eeac22e034ed297d097fc47c2a\System.Xml.Linq.ni.dll
MOD - [2014/02/12 03:19:41 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a28fe7d4df167fe5453cc3c88d47b9da\System.Xaml.ni.dll
MOD - [2014/02/12 03:05:57 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\45e63104256087753ec12d80aa9d63f9\PresentationFramework.ni.dll
MOD - [2014/02/12 03:05:44 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3dbf2597f018307116e430779dee1b50\PresentationCore.ni.dll
MOD - [2014/02/12 03:05:42 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6c0a2ddd1714e1862b373b16dff0a0c0\System.Windows.Forms.ni.dll
MOD - [2014/02/12 03:05:36 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\160e7d2a4646a2c2ecebeebda047bfaf\System.Core.ni.dll
MOD - [2014/02/12 03:05:34 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\024ca8f559c9f8805d303638e67b1377\WindowsBase.ni.dll
MOD - [2014/02/12 03:05:34 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\35c1def2cf6f5e3b85f35ca25a8a8162\System.Drawing.ni.dll
MOD - [2014/02/12 03:05:33 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\56af718db5fe3b683c0ddc1cb72beadb\System.Xml.ni.dll
MOD - [2014/02/12 03:05:31 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3d93a2a47c82b4868b31808de1cb3d09\PresentationFramework.Aero.ni.dll
MOD - [2014/02/12 03:05:30 | 000,751,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\75bfff662ae01617df78f2670112755d\System.Security.ni.dll
MOD - [2014/02/12 03:05:29 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\12305e59a4b6cd8e42c690a50e7d71af\System.ni.dll
MOD - [2014/02/12 03:05:24 | 014,418,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\80d081165de90a556f312bde48c1dc48\mscorlib.ni.dll
MOD - [2014/01/21 20:57:02 | 000,037,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2014/01/02 16:45:04 | 003,558,400 | ---- | M] () -- C:\Users\Lucille\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 15:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Lucille\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/04 17:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/01/22 21:24:55 | 000,062,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\Simply.ConnectionManagerService\15.0.0.1__bfd98eaca3f932d5\Simply.ConnectionManagerService.dll
MOD - [2009/07/15 16:51:04 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/07/15 16:51:02 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/07/15 16:50:58 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/07/15 16:50:56 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/07/15 16:50:56 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/07/15 16:50:54 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/07/15 16:50:52 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/07/15 16:50:44 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/05/26 00:36:13 | 000,656,896 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
MOD - [2007/12/11 15:36:00 | 000,245,760 | ---- | M] () -- C:\Windows\SysWOW64\WlanApp.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/06 02:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/05/15 15:24:10 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014/02/20 16:28:32 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/06 07:27:58 | 000,036,392 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2014/02/06 05:28:30 | 002,360,608 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2014/01/14 17:07:04 | 000,045,568 | ---- | M] (Parallel Lines Development, LLC) [Auto | Running] -- C:\ProgramData\InternetUpdater\InternetUpdaterService.exe -- (InternetUpdater)
SRV - [2013/12/20 22:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/01 11:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/08/17 19:26:38 | 000,560,848 | ---- | M] (CrossLoop Inc) [Auto | Running] -- C:\Users\Lucille\AppData\Local\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2010/07/21 08:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:\Users\Lucille\AppData\Local\CrossLoop\tvnserver.exe -- (tvnserver)
SRV - [2010/04/17 11:01:09 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/23 00:00:00 | 000,029,992 | ---- | M] (Sage) [Auto | Running] -- C:\Program Files (x86)\winsim\ConnectionManager\SimplyConnectionManager.exe -- (Simply Accounting Database Connection Manager)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/05/22 10:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/05/31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/02/12 03:30:31 | 000,056,616 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\syvvmybm.sys -- (syvvmybm)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/11 20:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/20 07:05:02 | 000,059,048 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SNTUSB64.SYS -- (SNTUSB64)
DRV:64bit: - [2010/07/21 15:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/07 17:18:58 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2009/09/17 07:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 06:31:42 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/29 01:00:00 | 000,116,752 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 10:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/25 04:38:20 | 000,966,144 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/05/15 16:02:04 | 005,957,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/05/20 17:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{21F34268-63E5-4FCD-B6DB-A8E8360F612D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{3F63E795-6EC4-4668-8712-0FF1975092F6}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{21F34268-63E5-4FCD-B6DB-A8E8360F612D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{3F63E795-6EC4-4668-8712-0FF1975092F6}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Lucille\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{161D0D11-7CB3-4A9D-A485-0B19BC1FE8AC}: "URL" = http://websearch.ask...23-8E2BA2C30F25
IE - HKCU\..\SearchScopes\{21F34268-63E5-4FCD-B6DB-A8E8360F612D}: "URL" = http://www.bing.com/...E11SR&pc=HPDTDF
IE - HKCU\..\SearchScopes\{3F63E795-6EC4-4668-8712-0FF1975092F6}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADRA_enCA370
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Lucille\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Lucille\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Lucille\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lucille\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lucille\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/29 06:39:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/29 06:39:12 | 000,000,000 | ---D | M]

[2014/02/10 11:34:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucille\AppData\Roaming\Mozilla\Firefox\extensions
[2014/02/10 11:34:38 | 000,000,000 | ---D | M] (Websteroids) -- C:\Users\Lucille\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Lucille\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.23.42079_0\
CHR - Extension: No name found = C:\Users\Lucille\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: No name found = C:\Users\Lucille\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: No name found = C:\Users\Lucille\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: No name found = C:\Users\Lucille\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: No name found = C:\Users\Lucille\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.53_0\
CHR - Extension: No name found = C:\Users\Lucille\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: No name found = C:\Users\Lucille\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: No name found = C:\Users\Lucille\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Websteroids) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\Websteroids\IE\common.dll (Creative Island Media, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ConnectionManager] C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe (Sage)
O4 - HKLM..\Run: [D-Link D-Link Wireless N DWA-130] C:\Program Files (x86)\D-Link\D-Link Wireless N DWA-130\AirNCFG.exe (D-Link)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [Opevof] "C:\Users\Lucille\AppData\Roaming\Enzako\ryfoz.exe" File not found
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Lucille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lucille\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Lucille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUplden-ca.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.16 64.59.150.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58971045-C8DD-4C62-92E9-AE5F8B7B25E7}: DhcpNameServer = 64.71.255.198 64.71.255.253
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8918A3B4-8B80-41CA-94DA-4899E85C468E}: DhcpNameServer = 64.59.144.16 64.59.150.132
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Conduit)
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/21 07:11:55 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Local\{47D76706-20EF-46BC-B794-664D9D9AAC35}
[2014/02/13 01:51:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SearchProtect
[2014/02/11 16:41:27 | 000,000,000 | ---D | C] -- C:\Users\Lucille\Documents\Jones Serpentine sewing machine
[2014/02/11 16:21:47 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Local\{76B347DA-A20F-4E2B-BB94-9134A5CD4FBD}
[2014/02/10 11:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\InternetUpdater
[2014/02/10 11:34:45 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Local\SearchProtect
[2014/02/10 11:34:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/02/10 11:34:41 | 000,000,000 | ---D | C] -- C:\ProgramData\RHelpers
[2014/02/10 11:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Updater
[2014/02/10 11:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Websteroids
[2014/02/10 11:34:36 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2014/02/10 11:34:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2014/02/10 11:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Manuals Finder
[2014/02/10 11:33:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Manuals Finder
[2014/02/09 19:40:37 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Roaming\Mozilla
[2014/02/06 18:58:03 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Roaming\Itwywa
[2014/02/06 18:44:35 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Roaming\Matyvi
[2014/02/06 14:47:42 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Roaming\Enzako
[2014/02/06 10:39:10 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Roaming\Zuhyrywa
[2014/02/06 06:44:22 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Roaming\Ibdeyqby
[2014/02/06 02:49:26 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Roaming\Neavfoim
[2014/02/05 22:41:19 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Roaming\Ahhucoyn
[2014/02/05 18:46:12 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Roaming\Xypeqi
[2014/02/05 14:45:47 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Roaming\Lopoyho
[2014/02/05 13:36:06 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Roaming\Dohuawmi
[2014/02/02 00:53:58 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Local\{C3CD1C4C-3FCF-4EBE-9FD9-CDF0070D5D02}
[2014/01/28 16:34:32 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Local\{AF055F58-9CBC-4B43-8410-1888DFA30E24}
[2014/01/27 10:05:02 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Local\{DB807744-12CB-4EA5-B3CB-DB44C52B70B4}
[2014/01/25 20:29:03 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Local\{8F6CCC46-A5AC-4F12-8AAD-A8924223E274}
[2014/01/25 02:57:12 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Local\{245921F8-4FAC-4F08-B6C0-FDB3461518E0}
[4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/23 10:45:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3472568841-1174150532-69183956-1000UA1ce77efabf53454.job
[2014/02/23 10:30:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/23 10:28:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/23 10:00:00 | 000,000,812 | ---- | M] () -- C:\Windows\tasks\Security Center Update - 1817549869.job
[2014/02/23 10:00:00 | 000,000,808 | ---- | M] () -- C:\Windows\tasks\Security Center Update - 1144510978.job
[2014/02/23 08:30:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cec69d91e59d.job
[2014/02/22 18:00:02 | 000,000,500 | ---- | M] () -- C:\Windows\tasks\Foresight Software Registration3.job
[2014/02/22 15:45:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3472568841-1174150532-69183956-1000Core1ce77efabd17faf.job
[2014/02/22 09:25:26 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\PC Helper 360.job
[2014/02/21 11:59:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLucille.job
[2014/02/21 07:17:38 | 003,317,697 | ---- | M] () -- C:\Users\Lucille\Documents\Collingwood appraisal 2014.pdf
[2014/02/18 16:06:53 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/18 16:06:53 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/18 01:03:01 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Foresight Software Update3.job
[2014/02/12 07:50:35 | 000,001,944 | ---- | M] () -- C:\Users\Lucille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series.lnk
[2014/02/12 03:32:51 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/12 03:32:51 | 000,664,548 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/12 03:32:51 | 000,125,284 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/12 03:26:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/12 03:26:52 | 2146,873,343 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/12 03:10:39 | 000,764,774 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/10 11:34:39 | 000,001,971 | ---- | M] () -- C:\Users\Lucille\Desktop\Sync Folder.lnk
[2014/02/10 11:34:36 | 000,001,099 | ---- | M] () -- C:\Users\Lucille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/02/10 11:34:36 | 000,001,089 | ---- | M] () -- C:\Users\Lucille\Desktop\MyPC Backup.lnk
[2014/02/10 11:33:43 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\Manuals Finder.lnk
[2014/02/05 13:36:07 | 000,012,326 | ---- | M] () -- C:\Users\Lucille\AppData\Local\dlsfscvo
[2014/02/05 13:35:04 | 000,068,260 | ---- | M] () -- C:\Users\Lucille\AppData\Local\ottujgmv
[2014/02/05 13:34:01 | 000,000,000 | ---- | M] () -- C:\Users\Lucille\AppData\Roaming\SharedSettings.ccs
[2014/02/03 21:26:37 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/03 14:02:36 | 004,521,989 | ---- | M] () -- C:\Users\Lucille\Documents\Husky Rent analysis 2014.pdf
[2014/01/31 11:23:42 | 000,065,290 | ---- | M] () -- C:\Users\Lucille\Documents\Husky offer 2014.pdf
[2014/01/31 11:22:57 | 000,065,290 | ---- | M] () -- C:\Users\Lucille\Desktop\2177.pdf
[2014/01/31 11:03:08 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2014/01/27 13:09:46 | 000,642,691 | ---- | M] () -- C:\Users\Lucille\Documents\Scan0001.pdf
[2014/01/24 16:27:36 | 000,401,461 | ---- | M] () -- C:\Users\Lucille\Documents\tension_guide_by_Alex_Askaroff_www.sewalot.com.pdf
[2014/01/24 16:27:19 | 000,412,926 | ---- | M] () -- C:\Users\Lucille\Desktop\tension_guide_by_Alex_Askaroff_www.sewalot.com.pdf
[4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/21 07:17:38 | 003,317,697 | ---- | C] () -- C:\Users\Lucille\Documents\Collingwood appraisal 2014.pdf
[2014/02/10 11:34:39 | 000,001,971 | ---- | C] () -- C:\Users\Lucille\Desktop\Sync Folder.lnk
[2014/02/10 11:34:36 | 000,001,099 | ---- | C] () -- C:\Users\Lucille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/02/10 11:34:36 | 000,001,089 | ---- | C] () -- C:\Users\Lucille\Desktop\MyPC Backup.lnk
[2014/02/10 11:33:43 | 000,001,983 | ---- | C] () -- C:\Users\Public\Desktop\Manuals Finder.lnk
[2014/02/06 22:36:59 | 000,077,824 | ---- | C] () -- C:\Users\Lucille\AppData\Local\cgrnxdwc.exe
[2014/02/06 18:58:03 | 000,000,812 | ---- | C] () -- C:\Windows\tasks\Security Center Update - 1817549869.job
[2014/02/06 18:44:36 | 000,000,808 | ---- | C] () -- C:\Windows\tasks\Security Center Update - 1144510978.job
[2014/02/05 13:36:07 | 000,012,326 | ---- | C] () -- C:\Users\Lucille\AppData\Local\dlsfscvo
[2014/02/05 13:35:04 | 000,068,260 | ---- | C] () -- C:\Users\Lucille\AppData\Local\ottujgmv
[2014/02/05 13:34:01 | 000,000,000 | ---- | C] () -- C:\Users\Lucille\AppData\Roaming\SharedSettings.ccs
[2014/02/03 14:02:36 | 004,521,989 | ---- | C] () -- C:\Users\Lucille\Documents\Husky Rent analysis 2014.pdf
[2014/01/31 11:23:42 | 000,065,290 | ---- | C] () -- C:\Users\Lucille\Documents\Husky offer 2014.pdf
[2014/01/31 11:22:57 | 000,065,290 | ---- | C] () -- C:\Users\Lucille\Desktop\2177.pdf
[2014/01/27 13:09:45 | 000,642,691 | ---- | C] () -- C:\Users\Lucille\Documents\Scan0001.pdf
[2014/01/24 16:27:35 | 000,401,461 | ---- | C] () -- C:\Users\Lucille\Documents\tension_guide_by_Alex_Askaroff_www.sewalot.com.pdf
[2014/01/24 16:27:15 | 000,412,926 | ---- | C] () -- C:\Users\Lucille\Desktop\tension_guide_by_Alex_Askaroff_www.sewalot.com.pdf
[2014/01/23 15:37:31 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/04/01 09:49:50 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-LUCILLE-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2012/06/27 06:19:09 | 001,498,458 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpIMG_1616.1
[2012/06/27 06:19:05 | 003,336,067 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpIMG_1616.0
[2012/06/27 06:19:05 | 001,476,688 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpIMG_1616.JPG
[2012/06/27 06:18:07 | 000,612,425 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpIMG_1615.0
[2012/06/27 06:18:07 | 000,609,452 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpIMG_1615.JPG
[2012/06/19 08:34:32 | 000,757,382 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpPHOTO.JPG
[2012/06/18 20:49:03 | 001,824,193 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpPHOTO (1).0
[2012/06/18 20:49:03 | 000,666,190 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpPHOTO (1).JPG
[2012/06/18 20:46:49 | 002,033,083 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpPHOTO.0
[2012/01/09 15:43:15 | 000,055,986 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpIMG_4458[1].JPG
[2011/09/22 22:23:55 | 000,749,710 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpIMG_1547.0
[2011/09/22 22:23:55 | 000,651,155 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpIMG_1547.JPG
[2011/07/30 11:43:43 | 001,263,963 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpIMG_1048.JPG
[2011/07/30 11:42:18 | 000,917,919 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpIMG_1050.JPG
[2011/06/19 14:03:13 | 000,006,242 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpDAD N LAURA.0
[2011/06/19 14:03:13 | 000,006,227 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpDAD N LAURA.JPG
[2011/05/23 12:24:13 | 000,001,854 | ---- | C] () -- C:\Users\Lucille\AppData\Roaming\GhostObjGAFix.xml
[2011/01/19 13:31:25 | 002,089,630 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpIMG_0490.0
[2011/01/19 13:31:25 | 000,880,725 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpIMG_0490.JPG
[2010/09/13 12:42:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/06 17:04:20 | 000,000,000 | ---- | C] () -- C:\Users\Lucille\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/02/06 22:39:32 | 000,000,000 | ---D | M] -- C:\Users\Lucille\AppData\Roaming\Ahhucoyn
[2014/02/06 22:39:32 | 000,000,000 | ---D | M] -- C:\Users\Lucille\AppData\Roaming\Dohuawmi
[2013/04/03 19:34:50 | 000,000,000 | ---D | M] -- C:\Users\Lucille\AppData\Roaming\DriverCure
[2014/02/12 17:04:19 | 000,000,000 | ---D | M] -- C:\Users\Lucille\AppData\Roaming\Dropbox
[2014/02/12 03:26:49 | 000,000,000 | ---D | M] -- C:\Users\Lucille\AppData\Roaming\Enzako
[2013/04/03 19:34:50 | 000,000,000 | ---D | M] -- C:\Users\Lucille\AppData\Roaming\Foresight Software
[2012/10/01 14:31:54 | 000,000,000 | ---D | M] -- C:\Users\Lucille\AppData\Roaming\GARMIN
[2014/02/06 22:39:32 | 000,000,000 | ---D | M] -- C:\Users\Lucille\AppData\Roaming\Ibdeyqby
[2014/02/06 18:58:03 | 000,000,000 | ---D | M] -- C:\Users\Lucille\AppData\Roaming\Itwywa
[2014/02/06 22:39:32 | 000,000,000 | ---D | M] -- C:\Users\Lucille\AppData\Roaming\Lopoyho
[2014/02/06 18:44:35 | 000,000,000 | ---D | M] -- C:\Users\Lucille\AppData\Roaming\Matyvi
[2014/02/06 22:39:32 | 000,000,000 | ---D | M] -- C:\Users\Lucille\AppData\Roaming\Neavfoim
[2010/11/04 18:30:27 | 000,000,000 | ---D | M] -- C:\Users\Lucille\AppData\Roaming\Research In Motion
[2010/01/06 17:04:21 | 000,000,000 | ---D | M] -- C:\Users\Lucille\AppData\Roaming\Template
[2013/04/01 10:07:52 | 000,000,000 | ---D | M] -- C:\Users\Lucille\AppData\Roaming\TuneUp Software
[2010/01/03 20:50:56 | 000,000,000 | ---D | M] -- C:\Users\Lucille\AppData\Roaming\WildTangent
[2010/03/08 07:47:27 | 000,000,000 | ---D | M] -- C:\Users\Lucille\AppData\Roaming\WinBatch
[2012/06/27 05:57:57 | 000,000,000 | ---D | M] -- C:\Users\Lucille\AppData\Roaming\Windows Live Writer
[2014/02/06 22:39:32 | 000,000,000 | ---D | M] -- C:\Users\Lucille\AppData\Roaming\Xypeqi
[2014/02/06 22:39:32 | 000,000,000 | ---D | M] -- C:\Users\Lucille\AppData\Roaming\Zuhyrywa

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
pystryker
Posted 24 February 2014 - 09:24 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you

  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please subscribe to this topic. By subscribing, the board will notify you when a new reply is added to your topic. You can find instructions on how to do that by clicking here.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.

  • Please read through my instructions carefully and completely before executing them.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  • Please remember, the fixes are for your machine and your machine ONLY!



Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)

Now, let's get started, shall we? :thumbsup:


Hi, I notice that you've run OTL 6 times, and was curious as to the reason. Also, there should be another log called Extras.txt that was produced from the first run of OTL. Please post that log in your next reply. I'd like you to run the scan below, and post the log it will produce along with the Extras.txt log.


  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.

Posted Image

  • Click the Scan button to begin the scan.

Posted Image

  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit

Things I need to see in your next post

Extras.txt log

aswMBR Log
  • 0

#3
LUCYR
Posted 25 February 2014 - 07:35 AM

LUCYR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi Pystryker , thank you for your help.
The reason you see downloads of OTL before is my husband downloaded it to send it to you and was having trouble getting it. unfortunately I can not seem to locate the file " Extras.txt log " Can you tell me how to bring it up? here is the other log you requested.
When I down loaded this file it asked me if I wanted to install Avast antivirus, I did not, was this correct?

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-02-25 05:20:09
-----------------------------
05:20:09.181 OS Version: Windows x64 6.1.7601 Service Pack 1
05:20:09.181 Number of processors: 4 586 0x170A
05:20:09.181 ComputerName: LUCILLE-PC UserName: Lucille
05:20:12.925 Initialize success
05:22:03.127 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
05:22:03.127 Disk 0 Vendor: ST375052 HP34 Size: 715404MB BusType: 8
05:22:03.221 Disk 0 MBR read successfully
05:22:03.221 Disk 0 MBR scan
05:22:03.221 Disk 0 unknown MBR code
05:22:03.237 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
05:22:03.237 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 702155 MB offset 206848
05:22:03.268 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13147 MB offset 1438220288
05:22:03.299 Disk 0 scanning C:\Windows\system32\drivers
05:22:10.506 Service scanning
05:22:22.909 Modules scanning
05:22:22.909 Disk 0 trace - called modules:
05:22:22.925 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
05:22:22.925 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800867a060]
05:22:23.440 3 CLASSPNP.SYS[fffff8800125243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007fd0050]
05:22:23.440 Scan finished successfully
05:22:40.367 Disk 0 MBR has been saved successfully to "C:\Users\Lucille\Desktop\MBR.dat"
05:22:40.367 The log file has been saved successfully to "C:\Users\Lucille\Desktop\aswMBR.txt"

Edited by LUCYR, 25 February 2014 - 07:50 AM.

  • 0

#4
pystryker
Posted 25 February 2014 - 07:43 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello :)

You can find the Extras.txt log in the same location where OTL was run from. In this case, here: C:\Users\Lucille\Downloads. Also, please move OTL.exe to your desktop. It works better from there. :thumbsup:
  • 0

#5
LUCYR
Posted 25 February 2014 - 08:05 AM

LUCYR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi , I looked into the downloads the only think I can find there is the OTL.ext and the OTL.txt , I moved the OTL.ext to desktop and the OTL.txt is what I posted . I must be missing something cant find the
Extras.txt log? Not sure if I accidently deleted it?
  • 0

#6
pystryker
Posted 25 February 2014 - 08:54 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Ok, no worries. :) I'll get to work on these, but it will be evening before I can post my instructions to begin cleaning. :thumbsup:
  • 0

#7
pystryker
Posted 25 February 2014 - 07:16 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello, we have some work to do, so let's get started. :)


Step 1: Upload File to VirusTotal for Scanning

We have a file that needs some further investigation and analysis. I can find no information on the file listed below and we need to upload it for scanning.


  • Please go to VirusTotal.org by clicking here
  • Please click on Choose File
  • When the window opens, navigate to the location listed in the box below and select file that is listed in that location.

    C:\Users\Lucille\AppData\Local\cgrnxdwc.exe

  • Once you have selected the file, click the blue Scan It! button.
  • VirusTotal will scan the file and produce a report for you. Please post the report in your next reply.



Step 2: OTL Fix

Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)

  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

Posted Image

:Commands
[createrestorepoint]

:OTL
SRV - [2014/02/06 07:27:58 | 000,036,392 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2014/02/06 05:28:30 | 002,360,608 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
IE:64bit: - HKLM\..\SearchScopes\{3F63E795-6EC4-4668-8712-0FF1975092F6}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE - HKLM\..\SearchScopes\{3F63E795-6EC4-4668-8712-0FF1975092F6}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{161D0D11-7CB3-4A9D-A485-0B19BC1FE8AC}: "URL" = http://websearch.ask...23-8E2BA2C30F25
IE - HKCU\..\SearchScopes\{3F63E795-6EC4-4668-8712-0FF1975092F6}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
[2014/02/10 11:34:38 | 000,000,000 | ---D | M] (Websteroids) -- C:\Users\Lucille\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]
O2 - BHO: (Websteroids) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\Websteroids\IE\common.dll (Creative Island Media, LLC)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)
O4 - HKCU..\Run: [Opevof] "C:\Users\Lucille\AppData\Roaming\Enzako\ryfoz.exe" File not found
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)
O4 - Startup: C:\Users\Lucille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Conduit)
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
[2014/02/13 01:51:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SearchProtect
[2014/02/10 11:34:45 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Local\SearchProtect
[2014/02/10 11:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Websteroids
[2014/02/10 11:34:36 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2014/02/10 11:34:36 | 000,001,099 | ---- | M] () -- C:\Users\Lucille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/02/10 11:34:36 | 000,001,089 | ---- | M] () -- C:\Users\Lucille\Desktop\MyPC Backup.lnk

:Files
C:\Program Files (x86)\SearchProtect
C:\ProgramData\InternetUpdater
C:\ProgramData\Updater
C:\ProgramData\RHelpers
C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\MyPC Backup
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c

:Commands
[emptytemp]
[resethosts]



  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Step 3: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


Posted Image

  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, "Pending, uncheck elements you don't want to remove."
    click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
  • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
This report is also saved at C:\AdwCleaner[R0].txt

Step 4: Junkware Removal Tool


Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Step 5: OTL Quick Scan


  • Start OTL and this time click the Quick Scan button
  • OTL will scan your system and produce one log when finished.
  • Please post that log in your next reply.


Things I need to see in your next post:

VirusTotal Results

OTL Fix Log

AdwCleaner Log

Junkware Removal Tool Log

OTL Quick Scan Log

Question: How is the computer running now?
  • 0

#8
LUCYR
Posted 25 February 2014 - 08:22 PM

LUCYR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Got a little problem with the VirusTotal.org when I go to C:\Users\Lucille\AppData\Local\This file is not there cgrnxdwc.exe. Most of the files are a lot longer than this one and there is nothing in there with even a portion of this file in it should I skip this part and continue with the rest?
  • 0

#9
pystryker
Posted 25 February 2014 - 08:32 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Yes, proceed with the rest of the steps. :thumbsup:
  • 0

#10
LUCYR
Posted 25 February 2014 - 08:50 PM

LUCYR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Here is the OTL file
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret < :OTL> in the current context!
Error: Unable to interpret < SRV - [2014/02/06 07:27:58 | 000,036,392 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)> in the current context!
Error: Unable to interpret < SRV - [2014/02/06 05:28:30 | 002,360,608 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)> in the current context!
Error: Unable to interpret < IE:64bit: - HKLM\..\SearchScopes\{3F63E795-6EC4-4668-8712-0FF1975092F6}: "URL" = http://www.ask.com/w...&l=dis&o=cahpd> in the current context!
Error: Unable to interpret < IE - HKLM\..\SearchScopes\{3F63E795-6EC4-4668-8712-0FF1975092F6}: "URL" = http://www.ask.com/w...&l=dis&o=cahpd> in the current context!
Error: Unable to interpret < IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)> in the current context!
Error: Unable to interpret < IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}> in the current context!
Error: Unable to interpret < IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...chTerms}&SSPV=> in the current context!
Error: Unable to interpret < IE - HKCU\..\SearchScopes\{161D0D11-7CB3-4A9D-A485-0B19BC1FE8AC}: "URL" = http://websearch.ask...3-8E2BA2C30F25> in the current context!
Error: Unable to interpret < IE - HKCU\..\SearchScopes\{3F63E795-6EC4-4668-8712-0FF1975092F6}: "URL" = http://www.ask.com/w...&l=dis&o=cahpd> in the current context!
Error: Unable to interpret < [2014/02/10 11:34:38 | 000,000,000 | ---D | M] (Websteroids) -- C:\Users\Lucille\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]> in the current context!
Error: Unable to interpret < O2 - BHO: (Websteroids) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\Websteroids\IE\common.dll (Creative Island Media, LLC)> in the current context!
Error: Unable to interpret < O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)> in the current context!
Error: Unable to interpret < O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)> in the current context!
Error: Unable to interpret < O4 - HKLM..\Run: [] File not found> in the current context!
Error: Unable to interpret < O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)> in the current context!
Error: Unable to interpret < O4 - HKLM..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)> in the current context!
Error: Unable to interpret < O4 - HKCU..\Run: [Opevof] "C:\Users\Lucille\AppData\Roaming\Enzako\ryfoz.exe" File not found> in the current context!
Error: Unable to interpret < O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found> in the current context!
Error: Unable to interpret < O4 - HKCU..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)> in the current context!
Error: Unable to interpret < O4 - Startup: C:\Users\Lucille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)> in the current context!
Error: Unable to interpret < O1364bit: - gopher Prefix: missing> in the current context!
Error: Unable to interpret < O13 - gopher Prefix: missing> in the current context!
Error: Unable to interpret < O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Conduit)> in the current context!
Error: Unable to interpret < O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)> in the current context!
Error: Unable to interpret < [2014/02/13 01:51:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SearchProtect> in the current context!
Error: Unable to interpret < [2014/02/10 11:34:45 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Local\SearchProtect> in the current context!
Error: Unable to interpret < [2014/02/10 11:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Websteroids> in the current context!
Error: Unable to interpret < [2014/02/10 11:34:36 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup> in the current context!
Error: Unable to interpret < [2014/02/10 11:34:36 | 000,001,099 | ---- | M] () -- C:\Users\Lucille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk> in the current context!
Error: Unable to interpret < [2014/02/10 11:34:36 | 000,001,089 | ---- | M] () -- C:\Users\Lucille\Desktop\MyPC Backup.lnk> in the current context!
Error: Unable to interpret < :Files> in the current context!
Error: Unable to interpret < C:\Program Files (x86)\SearchProtect> in the current context!
Error: Unable to interpret < C:\ProgramData\InternetUpdater> in the current context!
Error: Unable to interpret < C:\ProgramData\Updater> in the current context!
Error: Unable to interpret < C:\ProgramData\RHelpers> in the current context!
Error: Unable to interpret < C:\Program Files (x86)\Ask.com> in the current context!
Error: Unable to interpret < C:\Program Files (x86)\MyPC Backup> in the current context!
Error: Unable to interpret < netsh advfirewall reset /c> in the current context!
Error: Unable to interpret < netsh advfirewall set allprofiles state on /c > in the current context!
Error: Unable to interpret < :Commands> in the current context!

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lucille
->Temp folder emptied: 1328042873 bytes
->Temporary Internet Files folder emptied: 746196804 bytes
->Java cache emptied: 1 bytes
->Google Chrome cache emptied: 6213152 bytes
->Flash cache emptied: 69626 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 139639584 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 853439905 bytes

Total Files Cleaned = 2,931.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 02252014_183531

Files\Folders moved on Reboot...
C:\Users\Lucille\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Lucille\AppData\Local\Temp\~DF0EB7E1C83FC31348.TMP not found!
File\Folder C:\Users\Lucille\AppData\Local\Temp\~DF6F500633FF3AD4C6.TMP not found!
File\Folder C:\Users\Lucille\AppData\Local\Temp\~DF79155F1D1B2671C1.TMP not found!
File\Folder C:\Users\Lucille\AppData\Local\Temp\~DFB082F5A8624BD87F.TMP not found!
File\Folder C:\Users\Lucille\AppData\Local\Temp\~DFB490A6E3D347B078.TMP not found!
File\Folder C:\Users\Lucille\AppData\Local\Temp\~DFC49BC51E05499E65.TMP not found!
File\Folder C:\Users\Lucille\AppData\Local\Temp\~DFF4384A7D170A3016.TMP not found!
File\Folder C:\Users\Lucille\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{B598427F-B69D-47CC-91CB-EE95EF1B8F95}.tmp not found!
File\Folder C:\Users\Lucille\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B0A6B533-A4DB-47CC-ADFF-59D28EDCE05D}.tmp not found!
File move failed. C:\Users\Lucille\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

junkware

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Lucille on 25/02/2014 at 19:09:30.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dynconie.dynconieobject
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dynconie.dynconieobject.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{161D0D11-7CB3-4A9D-A485-0B19BC1FE8AC}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{038C7218-3BFF-437A-B7D6-8813F1B191A0}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{042135EF-027A-48C3-9ABB-0C500F94B5A4}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{07C3EF9C-AA40-46FF-96D8-AFC0BA99C510}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{08850C18-6647-4116-87FB-7A7DA22CF865}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{089F6156-82D4-47B0-8A43-BE74A8F61343}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{09C8C44B-8F82-4869-9348-EC98D185BA5B}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{0B93742B-2EEE-4F4A-98C0-724DC66E88D5}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{0C8EECDC-7B5F-4E8E-8624-E13E638BDBBB}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{0DACF6B6-F21D-491A-9F11-291C86888E60}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{0E2B7BEA-E381-4680-8322-74DB4AC9C6E8}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{0EC6FA62-747C-4523-9F91-DF250B8496D4}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{10DD7880-D4BC-4E0C-A232-9258B8333C0E}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{12EC4977-40B2-42E4-958A-56AB023F60A2}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{139A3529-39AA-4D25-86C3-57590D554C4C}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{13D8C3F6-DECF-4FC5-9CC8-586F6E0F4AB1}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{1BB27F0A-6A87-4BBD-A263-F5F474115CD2}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{1C7A0E9F-B8CA-4C77-AAF9-B62A06C3301F}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{1D1C8B8F-4496-4F17-9657-879C363571C6}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{20837D5D-1C34-4133-BC8B-401A2AA16A0B}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{20C33E01-98C7-40B8-A20C-2387BC600B8B}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{2100CC0E-E4B9-4259-A624-F19A4ADE5260}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{211F14E3-9DE3-40FF-952B-92767787C626}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{22AB7068-3276-4B4F-BD48-ABE897EB9C5B}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{23373002-894C-40EE-8072-92323F498777}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{244843E7-BED4-4D6E-A7F9-EECF2E810B44}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{245921F8-4FAC-4F08-B6C0-FDB3461518E0}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{24BC78C9-726A-4EDE-9638-D79AD2898E42}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{252453BA-16AA-4367-8076-D16A341D223B}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{28CF198C-D44F-4D84-9479-434213C60233}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{29A89F59-DCAB-4B08-B079-4C35197A02FA}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{2C12FADF-F372-4466-A170-0F7F7F24625E}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{2CC0139B-22C4-47D9-B7FC-AF159FCDBA09}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{2CC3C8BB-0588-44C0-A07F-8DCE10EB64FB}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{2D982DA8-C945-4CB1-BFB5-5CE15F952BDA}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{2DD7D3E0-617A-40F9-B370-F917E5B30579}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{2E4166E3-D8C5-4833-8F85-7791A7517093}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{2E92C12F-F720-45DE-B27B-DBE836F1E3FD}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{2ED6AA39-989D-4E67-863C-EA6991BED80F}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{2F1D5F98-779D-40FF-9F45-0769A09EFDF8}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{322B9D84-843A-4D75-B3D5-DEE4075F2C54}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{34DD8351-758E-4A9D-8A44-23A60ED531B7}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{355AECD0-0C4B-41D4-B335-72CFD3C67924}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{36B6B7E4-E4C9-430C-AE6F-03806B48F9B0}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{36D6082E-F8C5-408C-8FE2-92E3F57AE85D}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{387582CA-11FE-44FD-88FA-709F9B0BC987}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{39B8D859-0B3D-4766-9836-E6FDED014417}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{3C75159E-8FDE-45C1-837F-4A81975C3764}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{42DB9321-8584-4A10-82FA-6E241F04E48A}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{430E94AF-4954-4FE5-BF44-598BDE98FD6B}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{45DCEEBD-1D99-4A67-A7A5-C6C19193E374}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{47D76706-20EF-46BC-B794-664D9D9AAC35}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{47DA62BF-998D-44B0-B6DE-A521BD0F7879}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{48B0190F-7167-4361-A789-090F6AF0D1C7}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{4A35DAB5-34D3-4F85-9BBA-D534BEA4C621}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{4A4CA490-8EE5-4748-BEE5-C202AB5B2F29}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{4CE5898B-883E-4263-B24C-83F41D55832E}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{4FB87C02-0FF2-4C27-9CE4-43B3B083B0AA}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{5126EE78-A2B7-4775-A520-FE220856E0FE}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{5169025C-5621-4796-989D-AF2A0652C0A6}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{52BA2C99-48D0-4067-AB34-92817F0DDB25}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{532BBDFD-D026-45BB-9B62-C46EFB48B5BD}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{53871771-B78C-4319-A1D1-499DE741837D}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{53AD0C66-41F9-452A-8BC3-3338127967C1}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{54505B01-0EFA-4769-90EB-766515565954}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{55ACE38C-CB3F-4392-9B5A-DE3FAFA1E9E2}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{56A87FB2-61F5-4A7B-932E-40CA9F7F3177}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{56D6F55A-F1FC-4287-9604-9D61667AD481}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{58A2013A-CA57-4652-8165-D76BEAD7ADCA}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{590D621C-E4E4-49BB-8BAF-E774F7D13507}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{59D2EADD-3073-413A-883F-474F8996D8A8}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{5A73F0B4-9DE8-46B5-B5D1-81EEB599D9C4}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{5C54B74A-C42F-4562-9867-F8C4366797C8}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{5CCA738F-643D-4DBA-9B88-47117D9E9A95}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{5E4FAB85-C1CE-4FB6-8A56-FF3F8293C18A}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{6146968C-0035-4AA7-A194-4307FD5B37D2}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{620E9212-9834-4A2D-9594-70B1D14BA159}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{62B6B11F-4D11-4887-97FA-F9D7309CD8BC}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{62E508AC-F1E1-42A1-AD53-0520A81537B5}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{6B0C8D2A-93D6-45DB-9948-BC4B50DA43A2}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{6B45D921-D70E-4A1A-95FD-BC0E3567344B}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{6C2E48A8-CB13-4A3D-A3CA-D6180DED68C8}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{6E7632CE-279A-4FD8-BD21-A6F6456D2393}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{709E71BF-C62B-49DB-A194-A6617F89FB76}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{72E26DC9-87B6-499A-80C8-8251631FCD63}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{735EC1F5-8EB3-4240-A03B-DCE3255E99B3}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{75771BDD-73C2-42BD-AC5A-06E71D73A20D}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{76B347DA-A20F-4E2B-BB94-9134A5CD4FBD}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{76D91CFB-7E85-4741-9235-39C6F9FFC9D6}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{77834932-D9C5-4242-A2AF-7F890896F5FD}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{7793F0A2-A143-41D8-B9D1-43072FF8640B}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{77B33924-6B96-4975-8E46-97F25FEA95C3}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{7807A86A-E64D-4914-A8CD-903BDFD62E20}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{78377CB8-F6BB-4596-9C54-4E54C953A661}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{79CCB0A6-14F3-4E93-96B4-EFC9505DC7CB}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{7AEF1372-5D34-4B79-9EE9-50711213656C}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{7C5A7C9D-5276-496A-BDE8-027829A017F7}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{7F571E53-1014-4345-BDA2-55B4F22EEAB1}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{83C2F07F-5313-4B4C-92C1-3F828E3CEA57}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{855D8734-329A-4453-85EE-72B9CB361447}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{86188B98-0354-45EF-B3D3-F4872CEA1D09}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{86C237F3-AC0E-4652-8A5C-AFAA95266404}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{875C6164-4AC9-4AB4-92D2-D7D8044C5D56}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{8A9F5571-B4A3-4D8C-BE61-50A1B409D7C1}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{8B7B0DBE-F4CE-4261-AE93-2B90CEE749E5}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{8CBDBE65-5F19-4F50-952F-F3D423C6CC3D}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{8EEC4441-1C3C-4C09-B839-31EFDCEDD38A}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{8F64DE41-ED64-4628-A377-2200954324C5}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{8F6CCC46-A5AC-4F12-8AAD-A8924223E274}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{8FF7B569-251C-4298-BFD3-6E06B6B5FCF1}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{90E72275-E8EA-4EF3-868C-A6BCB4A4DCF9}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{91816236-3525-4E72-9CEC-5BDC6E9EF560}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{93F10831-EC4C-4AFF-A9D1-4F334117B186}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{96C03A6E-9552-4CAC-B441-1B5A4F00DE5B}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{96DDF3EC-7737-47ED-9E92-9B3C9C5D441E}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{984C31AB-B720-4761-B1ED-41B1A7528B85}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{988DCF29-DA58-4407-BDDA-0DEE43046786}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{9A3BB326-9430-4BED-B27A-B9A898ACD00D}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{9A420D2D-B5E3-4A9F-B8AD-ECD88C59BEC7}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{9A9E7D7B-ECA1-46AA-8AB1-4B7367BC06E9}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{9AB37CF4-3F75-4037-B873-61B2254AD386}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{9F54794B-71FB-467C-B737-99C5BBBFFD77}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{A58A3096-FAE9-4283-867B-17DD0D12435D}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{A72DDBC5-211F-4678-B201-E44323694C1B}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{A7904877-186F-4CA3-9D35-DC486D1E2BDD}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{A9D250F1-D949-441D-89CE-D8955867A1DD}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{AA3BEB0A-A26F-42FA-8068-4E8479B8AFA6}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{ABE593B1-A577-4FD6-BEAB-C86178371FA0}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{AC656D1B-FDE4-4D6F-9C3B-0EF8A1C00C82}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{AD59D986-969C-47E2-8B4E-79AD578A1D38}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{AF055F58-9CBC-4B43-8410-1888DFA30E24}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{AF0C2167-A48A-41A9-BA89-4317DE02CA8D}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{AF4BED70-D8EB-403E-A712-F04CD86EDC31}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{AF7F457E-2FD6-4140-918A-D97A79703479}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{B39CBDC4-9998-49A7-927D-0C6AE5CC62DD}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{B83CEDFE-47F3-4260-BA7E-1A5F36B60B40}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{B8616AEF-A81E-4AB0-8335-E574B9074579}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{B8E09641-015E-409E-BB35-3D53DE2929B2}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{B9121A14-7E6E-4CE8-A656-E27EDDC025E4}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{BA0A1758-BF90-409F-8DE3-364AD516A09B}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{BAE754CB-E955-4343-B55C-E4915536CBDE}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{BB3CF338-B98E-458C-A72C-5CDFACC2DA38}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{BB5FBB2D-63A5-422C-A77C-B0E1568381B0}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{BC850F39-7600-4D4F-85D4-0FA2516B91F5}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{BCBCB16D-1CF3-40EA-BB1A-DA7EE32493DB}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{BE1E511E-3845-46C0-A0A8-81FF9B584F22}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{BE8BC001-D31C-4BAB-8855-B07B1EC4DD15}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{C08EC047-7FA5-4300-89C7-331306C1DEBD}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{C0C9C3B0-3F57-4CE6-BD65-EC3E6CD03287}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{C15402C7-1E56-488B-A8ED-F26A3DAF7D32}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{C2D2C797-EC42-4F22-92CE-EFFBCDFBEA68}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{C2E12D58-2D90-43BB-92E8-5093276824E8}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{C3CD1C4C-3FCF-4EBE-9FD9-CDF0070D5D02}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{C3E4F294-7C9E-4F5B-82E6-4857996FE19B}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{C42C1830-AC8B-4743-9D89-FB02D43B534C}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{C460AE31-F862-41AB-BFCD-D241B39CA301}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{C548DD95-6408-4AD0-9562-F99CC228F694}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{C560B747-2A44-402B-A8E9-A94FA384A3BE}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{C5A6CA09-3F5E-4D70-96CA-D366BE6D5A86}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{C5CEF0CB-C634-461D-B3A4-EC7C8662010F}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{C6C3F4EE-3178-4A84-99B8-99C0A496D4B6}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{C818FB6B-10D4-428B-ACA5-44299832658E}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{C83BFF12-2CA3-42E0-9DAB-D9BDEDEA77D7}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{C88F81F8-C640-43A5-A4E5-CEB287A93DC6}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{CD57DA6D-335F-4904-8002-ACC88CF5B15E}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{CDD76961-A535-4ACC-843A-536CDCA8BF8F}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{D1908CD8-52AB-414B-A71A-D5624BA10DC3}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{D3FAEEEF-247C-462E-A027-1F1ED7FD20D5}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{D45B86C4-637C-46FD-822D-5D01FEDB1357}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{D49F6412-52B9-47FB-B4CA-2887B1EF5B37}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{D593010F-0FE9-48B0-9AE1-4E36A9D36E0E}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{D648B92C-C2F9-4419-AC0E-1F26DEC79680}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{D6FA17C7-FF2C-4375-AC00-85B42B6BEDD0}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{D8E29871-7CF0-4D3D-94A1-1B91ED992CDB}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{D9ED5052-F99B-4177-9499-E77CE52CE46A}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{DA7FED66-4D72-45CE-912D-FBF8F09D939B}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{DAE2546C-EFD5-4820-A896-B10CEF1E6FF6}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{DB807744-12CB-4EA5-B3CB-DB44C52B70B4}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{DB9D15D1-0B0F-4FCD-A47D-5FD5EC3FB056}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{DBA8CA3F-3CD5-4FFE-930F-93854AF8902B}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{DC0BA7C9-B758-4A55-80C2-93C59441A611}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{DC3271A1-2CE2-4D0C-A1D6-8D2E5E01B8A9}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{DD00C319-FD8C-452D-BDE6-A1FB0CC73C9A}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{DEECC14A-82CA-4C72-A22C-0AEDDA3933FE}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{DFE5305D-BFD0-4773-A3F6-6D50334D5C78}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{E002583A-F561-4640-ADD1-04A088EC9E9C}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{E0EA5392-C6F8-4372-AFF2-8F97B76490C8}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{E0FB6B45-B6AD-46C4-AA3C-5C0F102E4D45}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{E32B2DD2-170C-4C0F-BF72-99B6F905B465}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{E37F82BC-AAB0-42A1-9AFF-287705386052}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{E591FD45-B3A7-4441-B5EF-4E20907BF9E6}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{E595B95B-8D4A-4E0F-B41B-84B9D3C05897}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{E794C5A9-D2CD-4D05-85C5-D0585E97ECF2}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{E9EDAD1B-9BB0-4650-9AC5-3622A5DE37BD}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{EAE1920E-3D74-4265-A101-860CC2025117}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{EB09FBA4-541F-4A78-852F-B31BA0B02383}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{EB89646A-1745-41DB-A5F0-811D187E8B08}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{ED480939-E868-40D1-8196-ECAF9743F888}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{EF0D9257-A68A-401A-BB47-56621B1B83E0}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{EF4B1E2D-9EB0-40B5-9FFE-2BCC1FE1DA9A}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{F1D1137B-FFE0-4C31-8E8D-5EDADE2B42D4}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{F26BF9E4-655D-4B1B-82BD-C62F99D374E6}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{F40DFE80-BE97-4DDE-B538-21355361F371}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{F5C479F3-1B37-42BB-B1AC-B443110DCC92}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{F5DAA388-EA5B-4BEC-BB6B-9054CAFDFB71}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{F7229379-7E99-47FB-8362-66F364850DB6}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{F8B19C4E-636A-4D1E-953A-9D68CB73F6D9}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{F90A6CBE-7ED2-41F1-B15D-35D6A1ABDD59}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{FA2636DA-2DA9-4B76-A779-55C3BA1F0B3C}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{FA58F8F0-049C-4CEC-9AFB-10974E4C5A1C}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{FB962D9C-84BA-40D8-BAC2-5B75659DEB16}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{FBD7CE76-C847-4D21-8930-564147EDB884}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{FC3310BA-EA7F-4F97-9258-D735CE9DF24E}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{FE99320B-99CC-4304-9CD1-768BCD218F75}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{FEDFD3B9-E922-49F5-82A2-B61AD151FDF6}
Successfully deleted: [Empty Folder] C:\Users\Lucille\appdata\local\{FF9E2F39-5ACF-4B27-9CDD-F74468C15F05}



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Lucille\appdata\local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Successfully deleted: [Folder] C:\Users\Lucille\appdata\local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/02/2014 at 19:16:39.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL
OTL logfile created on: 25/02/2014 7:22:10 PM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lucille\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 5.95 Gb Available Physical Memory | 74.42% Memory free
16.00 Gb Paging File | 13.62 Gb Available in Paging File | 85.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.70 Gb Total Space | 508.48 Gb Free Space | 74.15% Space Free | Partition Type: NTFS
Drive D: | 12.84 Gb Total Space | 2.30 Gb Free Space | 17.91% Space Free | Partition Type: NTFS

Computer Name: LUCILLE-PC | User Name: Lucille | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/14 17:07:04 | 000,045,568 | ---- | M] (Parallel Lines Development, LLC) -- C:\ProgramData\InternetUpdater\InternetUpdaterService.exe
PRC - [2014/01/02 16:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lucille\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/20 22:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/14 05:26:30 | 000,309,328 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/24 13:59:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lucille\Downloads\OTL.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/06 15:30:00 | 001,446,760 | ---- | M] (Garmin) -- C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2010/11/27 00:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/08/17 19:26:38 | 000,560,848 | ---- | M] (CrossLoop Inc) -- C:\Users\Lucille\AppData\Local\CrossLoop\CrossLoopService.exe
PRC - [2009/08/23 00:00:00 | 000,091,432 | ---- | M] (Sage) -- C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
PRC - [2009/08/23 00:00:00 | 000,029,992 | ---- | M] (Sage) -- C:\Program Files (x86)\winsim\ConnectionManager\SimplyConnectionManager.exe
PRC - [2009/08/05 12:45:22 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/07/23 19:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/06/04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/26 00:36:13 | 000,656,896 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2008/11/20 09:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/08/12 12:15:28 | 000,257,880 | ---- | M] (Creative Home) -- C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2009 Deluxe\Planner\PLNRnote.exe
PRC - [2008/03/19 22:45:36 | 001,675,264 | ---- | M] (D-Link) -- C:\Program Files (x86)\D-Link\D-Link Wireless N DWA-130\AirNCFG.exe
PRC - [2007/01/19 11:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/25 03:15:39 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\49d7f498821498b3d5e9fe5bafceba41\System.Xml.Linq.ni.dll
MOD - [2014/02/25 03:15:12 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75537eea06d1200805de72f3f7751091\UIAutomationTypes.ni.dll
MOD - [2014/02/25 03:15:10 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\19156dbc54c3ded7ba00c53d19b6ee96\PresentationFramework-SystemXml.ni.dll
MOD - [2014/02/25 03:15:10 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\64c51ef21713c34883a839dd202ff655\PresentationFramework-SystemXmlLinq.ni.dll
MOD - [2014/02/25 03:06:02 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a2eb039301af47660eebc7566ce02b9c\PresentationFramework.ni.dll
MOD - [2014/02/25 03:05:49 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\ae01d58bd1cb283ec7b603919e2a8fb3\PresentationFramework.Aero.ni.dll
MOD - [2014/02/25 03:05:45 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\639f444db9491d25b5d158531e1f7d9b\System.Xaml.ni.dll
MOD - [2014/02/25 03:05:44 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b9fe579783a35b57dd7e69375f35e239\PresentationCore.ni.dll
MOD - [2014/02/25 03:05:40 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\05ca0ca95b6fcc0d710b63b6200cc178\System.Windows.Forms.ni.dll
MOD - [2014/02/25 03:05:37 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d91f3556f8011a5d48e1448e3fa8df9e\System.Xml.ni.dll
MOD - [2014/02/25 03:05:36 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\4e69f1e7d86d79012db2d7e0dadc8880\System.Core.ni.dll
MOD - [2014/02/25 03:05:35 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\27ca661a959d853d190b567343d7ef05\System.Security.ni.dll
MOD - [2014/02/25 03:05:33 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef90aeb894485d14b249d102309b6df3\WindowsBase.ni.dll
MOD - [2014/02/25 03:05:32 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c4477b3ce64d0d612d1ab0dba425b77f\System.Drawing.ni.dll
MOD - [2014/02/25 03:05:30 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\79f6324a598a7c4446a4a1168be7c4b1\System.ni.dll
MOD - [2014/02/25 03:05:23 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\045c9588954c3662d542b53f4462268b\mscorlib.ni.dll
MOD - [2014/02/12 03:40:12 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll
MOD - [2014/02/12 03:33:31 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll
MOD - [2014/02/12 03:33:30 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\b34b348a9935338b1282fd0c9309eb1f\System.ServiceProcess.ni.dll
MOD - [2014/02/12 03:33:16 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/12 03:33:14 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\fe1942c05eda4f9744f80afb4ae76a2d\System.Data.ni.dll
MOD - [2014/02/12 03:33:06 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll
MOD - [2014/02/12 03:32:53 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 03:32:47 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 03:32:45 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f9bb7cc29930815b098e26853962c1de\UIAutomationTypes.ni.dll
MOD - [2014/02/12 03:32:44 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll
MOD - [2014/02/12 03:32:34 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/12 03:32:30 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 03:32:26 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/12 03:32:25 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 03:32:19 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/01/21 20:57:02 | 000,037,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2014/01/02 16:45:04 | 003,558,400 | ---- | M] () -- C:\Users\Lucille\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 15:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Lucille\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/04 17:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/01/22 21:24:55 | 000,062,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\Simply.ConnectionManagerService\15.0.0.1__bfd98eaca3f932d5\Simply.ConnectionManagerService.dll
MOD - [2009/08/05 12:45:22 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/07/15 16:51:04 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/07/15 16:51:02 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/07/15 16:50:58 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/07/15 16:50:56 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/07/15 16:50:56 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/07/15 16:50:54 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/07/15 16:50:52 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/07/15 16:50:44 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/05/26 00:36:13 | 000,656,896 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
MOD - [2007/12/11 15:36:00 | 000,245,760 | ---- | M] () -- C:\Windows\SysWOW64\WlanApp.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/06 02:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/05/15 15:24:10 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014/02/20 16:28:32 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/14 17:07:04 | 000,045,568 | ---- | M] (Parallel Lines Development, LLC) [Auto | Running] -- C:\ProgramData\InternetUpdater\InternetUpdaterService.exe -- (InternetUpdater)
SRV - [2013/12/20 22:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/01 11:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/08/17 19:26:38 | 000,560,848 | ---- | M] (CrossLoop Inc) [Auto | Running] -- C:\Users\Lucille\AppData\Local\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2010/07/21 08:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:\Users\Lucille\AppData\Local\CrossLoop\tvnserver.exe -- (tvnserver)
SRV - [2010/04/17 11:01:09 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/23 00:00:00 | 000,029,992 | ---- | M] (Sage) [Auto | Running] -- C:\Program Files (x86)\winsim\ConnectionManager\SimplyConnectionManager.exe -- (Simply Accounting Database Connection Manager)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/05/22 10:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/05/31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/11 20:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/20 07:05:02 | 000,059,048 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SNTUSB64.SYS -- (SNTUSB64)
DRV:64bit: - [2010/07/21 15:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/07 17:18:58 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2009/09/17 07:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 06:31:42 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/29 01:00:00 | 000,116,752 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 10:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/25 04:38:20 | 000,966,144 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/05/15 16:02:04 | 005,957,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/05/20 17:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{21F34268-63E5-4FCD-B6DB-A8E8360F612D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{3F63E795-6EC4-4668-8712-0FF1975092F6}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{21F34268-63E5-4FCD-B6DB-A8E8360F612D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{3F63E795-6EC4-4668-8712-0FF1975092F6}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Lucille\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{21F34268-63E5-4FCD-B6DB-A8E8360F612D}: "URL" = http://www.bing.com/...E11SR&pc=HPDTDF
IE - HKCU\..\SearchScopes\{3F63E795-6EC4-4668-8712-0FF1975092F6}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADRA_enCA370
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Lucille\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Lucille\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Lucille\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lucille\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lucille\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/29 06:39:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/29 06:39:12 | 000,000,000 | ---D | M]

[2014/02/10 11:34:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucille\AppData\Roaming\Mozilla\Firefox\extensions
[2014/02/10 11:34:38 | 000,000,000 | ---D | M] (Websteroids) -- C:\Users\Lucille\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Lucille\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: No name found = C:\Users\Lucille\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: No name found = C:\Users\Lucille\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: No name found = C:\Users\Lucille\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: No name found = C:\Users\Lucille\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: No name found = C:\Users\Lucille\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: No name found = C:\Users\Lucille\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

O1 HOSTS File: ([2014/02/25 18:44:49 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ConnectionManager] C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe (Sage)
O4 - HKLM..\Run: [D-Link D-Link Wireless N DWA-130] C:\Program Files (x86)\D-Link\D-Link Wireless N DWA-130\AirNCFG.exe (D-Link)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [Opevof] "C:\Users\Lucille\AppData\Roaming\Enzako\ryfoz.exe" File not found
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Lucille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lucille\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUplden-ca.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.16 64.59.150.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58971045-C8DD-4C62-92E9-AE5F8B7B25E7}: DhcpNameServer = 64.71.255.198 64.71.255.253
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8918A3B4-8B80-41CA-94DA-4899E85C468E}: DhcpNameServer = 64.59.144.16 64.59.150.132
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/25 19:09:28 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/02/25 19:08:54 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\Lucille\Desktop\JRT.exe
[2014/02/25 18:52:48 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/25 03:01:19 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/12 03:01:12 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/12 03:00:34 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/12 03:00:34 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/12 03:00:34 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/12 03:00:33 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/12 03:00:32 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/12 03:00:32 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/12 03:00:32 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/12 03:00:31 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/12 03:00:30 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/12 03:00:30 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/12 03:00:30 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/12 03:00:30 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/12 03:00:30 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/12 03:00:30 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/12 03:00:29 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/12 03:00:29 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/12 03:00:29 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/12 03:00:29 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/12 03:00:29 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/12 03:00:28 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/12 03:00:27 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/12 03:00:27 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/12 03:00:24 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/11 18:38:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/02/11 18:38:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/02/11 18:38:13 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/02/11 18:38:13 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/02/11 18:38:13 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/02/11 18:38:13 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/02/11 18:38:13 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/02/11 18:38:12 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/02/11 18:38:11 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/02/11 18:38:11 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/02/11 18:38:11 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/02/11 18:38:11 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/02/11 18:38:11 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/02/11 18:38:11 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/02/11 18:38:10 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/02/11 18:38:10 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/02/11 18:38:10 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/02/11 18:38:10 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/02/11 18:38:10 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/02/11 18:38:01 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/02/11 18:38:01 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/02/11 16:41:27 | 000,000,000 | ---D | C] -- C:\Users\Lucille\Documents\Jones Serpentine sewing machine
[2014/02/10 11:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\InternetUpdater
[2014/02/10 11:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Updater
[2014/02/10 11:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Websteroids
[2014/02/10 11:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Manuals Finder
[2014/02/10 11:33:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Manuals Finder
[2014/02/09 19:40:37 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Roaming\Mozilla
[2014/02/06 18:58:03 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Roaming\Itwywa
[2014/02/06 18:44:35 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Roaming\Matyvi
[2014/02/06 14:47:42 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Roaming\Enzako
[2014/02/06 10:39:10 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Roaming\Zuhyrywa
[2014/02/06 06:44:22 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Roaming\Ibdeyqby
[2014/02/06 02:49:26 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Roaming\Neavfoim
[2014/02/05 22:41:19 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Roaming\Ahhucoyn
[2014/02/05 18:46:12 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Roaming\Xypeqi
[2014/02/05 14:45:47 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Roaming\Lopoyho
[2014/02/05 13:36:06 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Roaming\Dohuawmi
[4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/25 19:08:54 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\Lucille\Desktop\JRT.exe
[2014/02/25 19:08:32 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/25 19:08:32 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/25 19:05:43 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/25 19:05:43 | 000,666,652 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/25 19:05:43 | 000,126,328 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/25 19:01:50 | 000,001,944 | ---- | M] () -- C:\Users\Lucille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series.lnk
[2014/02/25 19:01:36 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cec69d91e59d.job
[2014/02/25 19:01:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/25 19:01:06 | 2146,873,343 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/25 18:56:56 | 000,000,915 | ---- | M] () -- C:\Users\Lucille\Desktop\adwcleaner - Shortcut.lnk
[2014/02/25 18:54:28 | 001,241,834 | ---- | M] () -- C:\Users\Lucille\Desktop\adwcleaner.exe
[2014/02/25 18:45:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3472568841-1174150532-69183956-1000UA1ce77efabf53454.job
[2014/02/25 18:44:49 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/02/25 18:30:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/25 18:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/25 18:00:00 | 000,000,500 | ---- | M] () -- C:\Windows\tasks\Foresight Software Registration3.job
[2014/02/25 15:45:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3472568841-1174150532-69183956-1000Core1ce77efabd17faf.job
[2014/02/25 05:22:40 | 000,000,512 | ---- | M] () -- C:\Users\Lucille\Desktop\MBR.dat
[2014/02/25 03:22:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLucille.job
[2014/02/25 03:03:10 | 000,766,376 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/25 01:03:01 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Foresight Software Update3.job
[2014/02/22 09:25:26 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\PC Helper 360.job
[2014/02/21 07:17:38 | 003,317,697 | ---- | M] () -- C:\Users\Lucille\Documents\Collingwood appraisal 2014.pdf
[2014/02/20 16:28:30 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/02/20 16:28:30 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/10 11:34:39 | 000,001,971 | ---- | M] () -- C:\Users\Lucille\Desktop\Sync Folder.lnk
[2014/02/10 11:33:43 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\Manuals Finder.lnk
[2014/02/06 03:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/06 03:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/06 03:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/06 02:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/06 02:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/06 02:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/06 02:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/06 02:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/06 02:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/06 02:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/06 02:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/06 02:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/06 02:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/06 01:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/06 01:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/06 01:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/06 01:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/06 01:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/06 01:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/06 01:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/06 01:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/06 00:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/06 00:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/05 13:36:07 | 000,012,326 | ---- | M] () -- C:\Users\Lucille\AppData\Local\dlsfscvo
[2014/02/05 13:35:04 | 000,068,260 | ---- | M] () -- C:\Users\Lucille\AppData\Local\ottujgmv
[2014/02/05 13:34:01 | 000,000,000 | ---- | M] () -- C:\Users\Lucille\AppData\Roaming\SharedSettings.ccs
[2014/02/03 21:26:37 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/03 14:02:36 | 004,521,989 | ---- | M] () -- C:\Users\Lucille\Documents\Husky Rent analysis 2014.pdf
[2014/01/31 11:23:42 | 000,065,290 | ---- | M] () -- C:\Users\Lucille\Documents\Husky offer 2014.pdf
[2014/01/31 11:22:57 | 000,065,290 | ---- | M] () -- C:\Users\Lucille\Desktop\2177.pdf
[2014/01/31 11:03:08 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2014/01/27 13:09:46 | 000,642,691 | ---- | M] () -- C:\Users\Lucille\Documents\Scan0001.pdf
[4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/25 18:56:56 | 000,000,915 | ---- | C] () -- C:\Users\Lucille\Desktop\adwcleaner - Shortcut.lnk
[2014/02/25 18:54:28 | 001,241,834 | ---- | C] () -- C:\Users\Lucille\Desktop\adwcleaner.exe
[2014/02/25 05:22:40 | 000,000,512 | ---- | C] () -- C:\Users\Lucille\Desktop\MBR.dat
[2014/02/21 07:17:38 | 003,317,697 | ---- | C] () -- C:\Users\Lucille\Documents\Collingwood appraisal 2014.pdf
[2014/02/10 11:34:39 | 000,001,971 | ---- | C] () -- C:\Users\Lucille\Desktop\Sync Folder.lnk
[2014/02/10 11:33:43 | 000,001,983 | ---- | C] () -- C:\Users\Public\Desktop\Manuals Finder.lnk
[2014/02/05 13:36:07 | 000,012,326 | ---- | C] () -- C:\Users\Lucille\AppData\Local\dlsfscvo
[2014/02/05 13:35:04 | 000,068,260 | ---- | C] () -- C:\Users\Lucille\AppData\Local\ottujgmv
[2014/02/05 13:34:01 | 000,000,000 | ---- | C] () -- C:\Users\Lucille\AppData\Roaming\SharedSettings.ccs
[2014/02/03 14:02:36 | 004,521,989 | ---- | C] () -- C:\Users\Lucille\Documents\Husky Rent analysis 2014.pdf
[2014/01/31 11:23:42 | 000,065,290 | ---- | C] () -- C:\Users\Lucille\Documents\Husky offer 2014.pdf
[2014/01/31 11:22:57 | 000,065,290 | ---- | C] () -- C:\Users\Lucille\Desktop\2177.pdf
[2014/01/27 13:09:45 | 000,642,691 | ---- | C] () -- C:\Users\Lucille\Documents\Scan0001.pdf
[2014/01/23 15:37:31 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/04/01 09:49:50 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-LUCILLE-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2012/06/27 06:19:09 | 001,498,458 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpIMG_1616.1
[2012/06/27 06:19:05 | 003,336,067 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpIMG_1616.0
[2012/06/27 06:19:05 | 001,476,688 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpIMG_1616.JPG
[2012/06/27 06:18:07 | 000,612,425 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpIMG_1615.0
[2012/06/27 06:18:07 | 000,609,452 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpIMG_1615.JPG
[2012/06/19 08:34:32 | 000,757,382 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpPHOTO.JPG
[2012/06/18 20:49:03 | 001,824,193 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpPHOTO (1).0
[2012/06/18 20:49:03 | 000,666,190 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpPHOTO (1).JPG
[2012/06/18 20:46:49 | 002,033,083 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpPHOTO.0
[2012/01/09 15:43:15 | 000,055,986 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpIMG_4458[1].JPG
[2011/09/22 22:23:55 | 000,749,710 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpIMG_1547.0
[2011/09/22 22:23:55 | 000,651,155 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpIMG_1547.JPG
[2011/07/30 11:43:43 | 001,263,963 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpIMG_1048.JPG
[2011/07/30 11:42:18 | 000,917,919 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpIMG_1050.JPG
[2011/06/19 14:03:13 | 000,006,242 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpDAD N LAURA.0
[2011/06/19 14:03:13 | 000,006,227 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpDAD N LAURA.JPG
[2011/05/23 12:24:13 | 000,001,854 | ---- | C] () -- C:\Users\Lucille\AppData\Roaming\GhostObjGAFix.xml
[2011/01/19 13:31:25 | 002,089,630 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpIMG_0490.0
[2011/01/19 13:31:25 | 000,880,725 | ---- | C] () -- C:\Users\Lucille\AppData\Local\tmpIMG_0490.JPG
[2010/09/13 12:42:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/06 17:04:20 | 000,000,000 | ---- | C] () -- C:\Users\Lucille\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Computer is much faster now , I don't know if it is the same problem but my Hotmail account was sending mail by itself to me and other people but I did not send it . I am not sure if it is related or not?

Edited by LUCYR, 25 February 2014 - 09:40 PM.

  • 0

Advertisements

#11
pystryker
Posted 25 February 2014 - 09:05 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hmm...that fix log doesn't look correct. Try running the fix again. Please follow the instructions in Step 2 again, and make sure to click the Run Fix button as it looks like the Run Scan button was pressed instead. :) :thumbsup:
  • 0

#12
LUCYR
Posted 25 February 2014 - 09:49 PM

LUCYR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
here is Run Fix Again
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret < :OTL> in the current context!
Error: Unable to interpret < SRV - [2014/02/06 07:27:58 | 000,036,392 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)> in the current context!
Error: Unable to interpret < SRV - [2014/02/06 05:28:30 | 002,360,608 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)> in the current context!
Error: Unable to interpret < IE:64bit: - HKLM\..\SearchScopes\{3F63E795-6EC4-4668-8712-0FF1975092F6}: "URL" = http://www.ask.com/w...&l=dis&o=cahpd> in the current context!
Error: Unable to interpret < IE - HKLM\..\SearchScopes\{3F63E795-6EC4-4668-8712-0FF1975092F6}: "URL" = http://www.ask.com/w...&l=dis&o=cahpd> in the current context!
Error: Unable to interpret < IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)> in the current context!
Error: Unable to interpret < IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}> in the current context!
Error: Unable to interpret < IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...chTerms}&SSPV=> in the current context!
Error: Unable to interpret < IE - HKCU\..\SearchScopes\{161D0D11-7CB3-4A9D-A485-0B19BC1FE8AC}: "URL" = http://websearch.ask...3-8E2BA2C30F25> in the current context!
Error: Unable to interpret < IE - HKCU\..\SearchScopes\{3F63E795-6EC4-4668-8712-0FF1975092F6}: "URL" = http://www.ask.com/w...&l=dis&o=cahpd> in the current context!
Error: Unable to interpret < [2014/02/10 11:34:38 | 000,000,000 | ---D | M] (Websteroids) -- C:\Users\Lucille\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]> in the current context!
Error: Unable to interpret < O2 - BHO: (Websteroids) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\Websteroids\IE\common.dll (Creative Island Media, LLC)> in the current context!
Error: Unable to interpret < O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)> in the current context!
Error: Unable to interpret < O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)> in the current context!
Error: Unable to interpret < O4 - HKLM..\Run: [] File not found> in the current context!
Error: Unable to interpret < O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)> in the current context!
Error: Unable to interpret < O4 - HKLM..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)> in the current context!
Error: Unable to interpret < O4 - HKCU..\Run: [Opevof] "C:\Users\Lucille\AppData\Roaming\Enzako\ryfoz.exe" File not found> in the current context!
Error: Unable to interpret < O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found> in the current context!
Error: Unable to interpret < O4 - HKCU..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)> in the current context!
Error: Unable to interpret < O4 - Startup: C:\Users\Lucille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)> in the current context!
Error: Unable to interpret < O1364bit: - gopher Prefix: missing> in the current context!
Error: Unable to interpret < O13 - gopher Prefix: missing> in the current context!
Error: Unable to interpret < O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Conduit)> in the current context!
Error: Unable to interpret < O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)> in the current context!
Error: Unable to interpret < [2014/02/13 01:51:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SearchProtect> in the current context!
Error: Unable to interpret < [2014/02/10 11:34:45 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Local\SearchProtect> in the current context!
Error: Unable to interpret < [2014/02/10 11:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Websteroids> in the current context!
Error: Unable to interpret < [2014/02/10 11:34:36 | 000,000,000 | ---D | C] -- C:\Users\Lucille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup> in the current context!
Error: Unable to interpret < [2014/02/10 11:34:36 | 000,001,099 | ---- | M] () -- C:\Users\Lucille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk> in the current context!
Error: Unable to interpret < [2014/02/10 11:34:36 | 000,001,089 | ---- | M] () -- C:\Users\Lucille\Desktop\MyPC Backup.lnk> in the current context!
Error: Unable to interpret < :Files> in the current context!
Error: Unable to interpret < C:\Program Files (x86)\SearchProtect> in the current context!
Error: Unable to interpret < C:\ProgramData\InternetUpdater> in the current context!
Error: Unable to interpret < C:\ProgramData\Updater> in the current context!
Error: Unable to interpret < C:\ProgramData\RHelpers> in the current context!
Error: Unable to interpret < C:\Program Files (x86)\Ask.com> in the current context!
Error: Unable to interpret < C:\Program Files (x86)\MyPC Backup> in the current context!
Error: Unable to interpret < netsh advfirewall reset /c> in the current context!
Error: Unable to interpret < netsh advfirewall set allprofiles state on /c > in the current context!
Error: Unable to interpret < :Commands> in the current context!

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lucille
->Temp folder emptied: 2394230 bytes
->Temporary Internet Files folder emptied: 19136146 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 21.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 02252014_194255

Files\Folders moved on Reboot...
C:\Users\Lucille\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Lucille\AppData\Local\Temp\JavaDeployReg.log moved successfully.
C:\Users\Lucille\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\Lucille\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3XGOEY4W\337379-slow-computer[1].htm moved successfully.
C:\Users\Lucille\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#13
pystryker
Posted 25 February 2014 - 10:27 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

Computer is much faster now , I don't know if it is the same problem but my Hotmail account was sending mail by itself to me and other people but I did not send it . I am not sure if it is related or not?


Did this just start? Go in and change your password and let's see if it continues. I would warn your contacts not to open anything sent from your hotmail account at the moment as it may have been hacked.

I've prepared another OTL fix to get rid of some things and let's sweep from remnants as well as check for out of date programs. :)


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: OTL Fix

Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)

  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

Posted Image

:Commands
[createrestorepoint]

:OTL
IE:64bit: - HKLM\..\SearchScopes\{3F63E795-6EC4-4668-8712-0FF1975092F6}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE - HKLM\..\SearchScopes\{3F63E795-6EC4-4668-8712-0FF1975092F6}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
[2014/02/10 11:34:38 | 000,000,000 | ---D | M] (Websteroids) -- C:\Users\Lucille\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [Opevof] "C:\Users\Lucille\AppData\Roaming\Enzako\ryfoz.exe" File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
[2014/02/10 11:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\InternetUpdater
[2014/02/10 11:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Updater
[2014/02/10 11:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Websteroids

:Commands
[reboot]



  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.



Step 2: Scan with Malwarebytes

I see you have Malwarebytes' Anti-Malware installed.

  • Please open the program.
  • Click on the Update tab then click Check for Updates

    Posted Image
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, check the following settings:
    • On the Settings tab, Scanner Settings, leave the default boxes checked but change the drop-down boxes to Show in results list and check for removal.

    Posted Image
  • On the Scanner tab, check Perform quick scan.

    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.

    Posted Image
  • Make sure that everything is checked, and click Remove Selected.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply.



Step 3: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->Posted Image

  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Step 4: SecurityCheck Scan


Download Security CheckPosted Image by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Things I need to see in your next post:

  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log
  • Question: Did changing the password help?
  • 0

#14
LUCYR
Posted 25 February 2014 - 10:57 PM

LUCYR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Tried running fix in OTL but when it reboots no log come in also it says I did not shut down properly and do I want to start normally I will try running the rest of the programmes
  • 0

#15
pystryker
Posted 25 February 2014 - 10:59 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
You can find a copy of the fix log here: C:\_OTL\MovedFiles :thumbsup:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP