Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unable to resolve DNS and failure to load pages in all browsers [Re-op


  • This topic is locked This topic is locked

#1
ColtsFan18

ColtsFan18

    Member

  • Member
  • PipPipPip
  • 372 posts

Hello!  Not sure where to start but it boils down to I can't get 90% of my pages to load.  I get endless "Webpage not available" that turns to "Unable to connect to the internet" errors.  I hit reload and half the page loads, reload again and it MIGHT load all the way.  I am using Chrome (latest version) I've tried Firefox (updated) and IE10 and it does the same thing with all browsers.  Another code I'm getting:  DNS_PROBE_FINISHED_NXDOMAIN.  Don't know if it will help or not but I'm trying to give as much info as possible...

 

OS is Windows 7, I have Malware Antibytes full edition and it is updated.  My windows firewall is always on, but just to get to this site I had to disable it.  It's crazy how it works... eBay will load, Gmail will load, WeatherUnderground will sometimes load, Facebook never loads the first time and when it does the picture links are mostly broken.  There is no rhyhme or reason as to what will load and what wont but I've reached the end of my rope and am desperate to figure this out.  MBAM shows no issues, even run in Safe Mode, I also have Tweaking and Advanced System Care 7, they also show no issues.  WIndows Updates are all up to date as well, and THAT is usually where I start having issues, this proves it once again.

 

I probably screwed up when I did a system restore but I tried it and it didn't help, but it got no worse.  I looked up the DNS issue and www.techluminati.com said to change the DNS to 8.8.4.4. and 8.8.8.8 which I did and still no improvement so I switched it back to automatic and here I am.  It has been going on for about a week now and I figured at first is was out ISP but the husbands desktop is running fine and mine has gotten progressively worse.

 

This is not my first time here so I promise to follow directions to the letter if there is a tech who can help me figure out what stupid setting has changed to cause this.  I can't see this being a virus since it is so all over the board with what it chooses to load but at this point I'm not writing any possibility off.

 

Please help, I'm desperate.


  • 0

Advertisements


#2
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello ColtsFan18
 
My name is Nutloaf, and I will be helping you with Malware Removal. I know you have been here before but as a reminder...
 
 
Please read all instructions and fixes thoroughly.
 

 

  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode and access to the GeeksToGo website will be unavailable.
 
  • Any fixes provided by myself are for this log file only and cannot be used on any other systems.
 
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
 
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened if you still require assitance.
 
  • Please feel free to ask any questions, especially if you are having problems with my instructions.
 
 
Finally before we start:
 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders.
 
 
 
O.K let's get cracking.
 
Do you have a usb stick? If so use the working PC to download the following tools and save them to the USB. If not then get back to me :)
 
 
From a Clean PC proceed with the following in the order given:
 
1. Flash Drive Disinfector
 
Use this link to Download MCShield to your desktop and install 
It will initially run a scan and show the result as a toaster by the system clock 
Then in the control centre select scanner and tick unhide items on flash drives
mcshield%20unhide.JPG
Plug in the drive and McShield will start a scan 
 
Then get the log which will be located under the logs tab on the main page
 
And post that
 
2. DOWNLOAD TOOLS
 
Using these links, download the 3 tools to the USB and safely remove the USB
 

 

 
 
  • Download Security Check from here or here.
 
 
 
3. TRANSFER TOOLS TO INFECTED PC
 

 

  • On the infected PC insert the USB. 
  • Open to view files, then Right click each tool icon and select Cut not copy.
  • Now right click on the Desktop and select Paste
  • With OTL, aswMBR and Security Check on your Desktop please proceed with the following, then use the clean PC to post results. :thumbsup:
 
 
4. OTL
 

 

  • Right click the OTL icon and select Run as Administrator.
  • Make sure the following boxes are checked:
  • Scan All Users
  • Include 64bit Scans - If present.
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Purity Check
  • In the Extra Registry box select Use Safe List
  • Copy and paste the following into the Custom Scans\Fixes box without the word Quote.

 

%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir C:\ /S /A:L /C

 

  • Now Click Run Scan
  • OTL will now scan your computer and produce 2 log files. OTL.txt and Extras.txt.
  • Post both in your next reply
 
 
5. aswMBR
 

 

  • Right click aswMBR.exe and Run as Administrator
  • Click the Scan button to start.
  • When the scan ends click Save Log and save it to your desktop
  • Post this log in your next reply
 
 
 
6. Security Check
 
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 
 
 
Things I want to see in your next post.
 

 

  • OTL.txt
  • Extras.txt
  • aswMBR log
  • checkup.txt
  • MCShield log.
 
 

  • 0

#3
ColtsFan18

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 372 posts

Hi Nutjob, I remember you :)  I'm getting back to you to tell you I don't have a USB... so how would you like for me to proceed  I can download the stuff, but it may take a little longer :P  Just let me know.


  • 0

#4
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts

Hey there :)

 

If you are able to download the tools then go ahead and get me those scans. You can download and use one at a time or as in my instructions, whatever is easier for you  :thumbsup:


  • 0

#5
ColtsFan18

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 372 posts

OK, I'm on it now...

 

Next post will be the scans you requested.


  • 0

#6
ColtsFan18

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 372 posts

Sure hope this is what you want...

 

McShield Scan Log:

 

>>> MCShield AllScans.txt <<<

-----------------------------

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.4.27 / DB: 2014.3.23.1 / Windows 7 <<<


3/29/2014 6:00:37 PM > Drive C: - scan started (OS ~256 GB, NTFS HDD )...

=> The drive is clean.


3/29/2014 6:00:37 PM > Drive D: - scan started (DATA ~315 GB, NTFS HDD )...

=> The drive is clean.


MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.4.27 / DB: 2014.3.23.1 / Windows 7 <<<


3/29/2014 6:05:51 PM > Drive C: - scan started (OS ~256 GB, NTFS HDD )...

=> The drive is clean.


3/29/2014 6:05:51 PM > Drive D: - scan started (DATA ~315 GB, NTFS HDD )...

=> The drive is clean.


MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.4.27 / DB: 2014.3.23.1 / Windows 7 <<<


3/29/2014 6:48:46 PM > Drive C: - scan started (OS ~256 GB, NTFS HDD )...

=> The drive is clean.


3/29/2014 6:48:52 PM > Drive D: - scan started (DATA ~315 GB, NTFS HDD )...

=> The drive is clean.



MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.4.27 / DB: 2014.3.23.1 / Windows 7 <<<


3/29/2014 6:51:10 PM > Drive C: - scan started (OS ~256 GB, NTFS HDD )...

=> The drive is clean.


3/29/2014 6:51:11 PM > Drive D: - scan started (DATA ~315 GB, NTFS HDD )...

=> The drive is clean.

 

***********************************

 

OTL Log Files:

 

OTL Extras logfile created on: 3/29/2014 6:10:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tammy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.61 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 41.25% Memory free
7.21 Gb Paging File | 4.32 Gb Available in Paging File | 59.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 256.35 Gb Total Space | 180.90 Gb Free Space | 70.57% Space Free | Partition Type: NTFS
Drive D: | 314.82 Gb Total Space | 314.72 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
 
Computer Name: TAMS | User Name: Tammy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = OperaStable] -- Reg Error: Key error. File not found
.url[@ = internetshortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = OperaStable] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Classes\<extension>]
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Classes\<extension>]
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1"
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1"
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CA5ACA9-768E-4037-B795-FD34F1D28110}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{32CA6032-93C4-4472-A793-FC6A795651DE}" = lport=5353 | protocol=17 | dir=in | name=java™ platform se binary |
"{40B9AC0F-6693-4E0E-89B0-F69379CBBBF3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{47DC9BF6-D8E1-4B88-9486-3E2C3817BEAF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4AD2AB8B-512A-4D65-9AE3-BA12EC1EE0FD}" = rport=137 | protocol=17 | dir=out | app=system |
"{5214EA0A-2793-4246-A4F2-D21CB1C6DEF1}" = lport=445 | protocol=6 | dir=in | app=system |
"{5ACF8A9A-765E-4D62-887F-11E6300E3F46}" = lport=138 | protocol=17 | dir=in | app=system |
"{67B82C7B-367F-4302-A04C-988A1079B79A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{86315A17-DE80-44ED-9DB5-8C8C466070A4}" = lport=8182 | protocol=6 | dir=in | name=java™ platform se binary |
"{8A2C672B-52F1-4932-91FA-740C9E391660}" = lport=139 | protocol=6 | dir=in | app=system |
"{8DB1112F-D357-4ED9-B365-A6323B2D8B24}" = rport=445 | protocol=6 | dir=out | app=system |
"{B4540B84-B66A-4D6A-9B91-ACF708F4FE5C}" = rport=138 | protocol=17 | dir=out | app=system |
"{B99ADA06-7F1B-45E0-97CF-111F9757A78F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BFFB334D-685F-4684-9B4D-B432AA6EA55A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{CB630DC1-5141-48EA-A92A-10BD083091D5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D35FCAD1-99C5-4214-8E47-A2D7ACB638EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DB16B0D9-B778-4A20-AB21-9111A378CABB}" = rport=139 | protocol=6 | dir=out | app=system |
"{DBD37EA4-5E40-4D4B-AAA4-D9F427A43ABF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DE706555-2000-4BE8-9924-1D7EDA842DFD}" = lport=137 | protocol=17 | dir=in | app=system |
"{E1E674F0-22AA-4C5B-90C6-D7685BA0A649}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04262807-95CC-43A3-9056-32E1CF7441AF}" = protocol=6 | dir=in | app=c:\users\tammy\appdata\local\temp\7zs1656\hpdiagnosticcoreui.exe |
"{126BEF39-6760-4DA8-8F75-0A309D66BE13}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1826170D-202B-4C12-B6BD-CC44930E523C}" = protocol=6 | dir=in | app=c:\users\tammy\appdata\local\temp\7zs6902\hppiw.exe |
"{24AC0F4F-FE1F-45C4-AF0F-321F2047E8B9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2FFAF976-EDCC-4C90-9012-B9117B2DA6FA}" = protocol=58 | dir=out | [email protected],-28546 |
"{36101DC1-859E-4B43-893C-9812177AA950}" = protocol=1 | dir=out | [email protected],-28544 |
"{3C52B944-86DF-4DD9-8FD8-0DB18E42A484}" = protocol=17 | dir=in | app=c:\users\tammy\appdata\local\temp\7zs0641\hpdiagnosticcoreui.exe |
"{3F944CAE-20FB-4D01-8835-C09B6A46ED11}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{447AB277-4407-45F8-8E54-ED93C018A38E}" = protocol=6 | dir=in | app=c:\users\tammy\appdata\local\temp\7zs0641\hpdiagnosticcoreui.exe |
"{46FFE6FC-F733-44C0-B71B-E1EFE4A56C20}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{50EB4FB2-1B62-4127-A97F-C11160B6B505}" = protocol=1 | dir=in | [email protected],-28543 |
"{59D9DC46-3A72-41A2-ADCC-0845A839BABE}" = protocol=17 | dir=in | app=c:\users\tammy\appdata\local\temp\7zs0548\hpdiagnosticcoreui.exe |
"{5B17D737-F260-4919-BAEA-6F2DDDC74E31}" = protocol=6 | dir=in | app=c:\users\tammy\appdata\local\temp\7zs05be\hpdiagnosticcoreui.exe |
"{75F22E34-FF7D-468E-B9F3-3EF4431744A0}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\devicesetup.exe |
"{8032EE30-7DE0-4143-9AF6-FF09230CE3A0}" = dir=in | app=c:\users\tammy\appdata\local\microsoft\skydrive\skydrive.exe |
"{85165D57-CC92-4C09-BAEC-744EA0905B57}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{98BC2709-9DFD-4654-9042-65B3B3BFE5B4}" = protocol=6 | dir=in | app=c:\users\tammy\appdata\local\temp\7zs0548\hpdiagnosticcoreui.exe |
"{9EBA5522-5B28-48E9-84EF-142718ADE6E8}" = protocol=17 | dir=in | app=c:\users\tammy\appdata\local\temp\7zs1656\hpdiagnosticcoreui.exe |
"{A99E3888-983A-4C66-85CA-EBFAAAD1AD72}" = protocol=17 | dir=in | app=c:\users\tammy\appdata\local\temp\7zs6902\hppiw.exe |
"{B128A4BA-CF79-42A8-BF6C-91F39E360E45}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe |
"{BB59D49E-EFA2-4FF4-B1CC-3838D531EDCB}" = protocol=17 | dir=in | app=c:\users\tammy\appdata\local\temp\7zs05be\hpdiagnosticcoreui.exe |
"{E620FEA2-4BAE-4C8F-90B6-B400D75FA7C2}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F1D1E4D5-9E93-439D-82A8-CE1CFD9A19C9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F9E352D7-F794-480B-8A08-E3BC3FC8AD2D}" = protocol=58 | dir=in | [email protected],-28545 |
"{FFEA8979-3E92-4D69-81A3-D8A52E17555D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09E2BBE7-B51A-DF3D-065E-D07BB9E4B3F6}" = ccc-utility64
"{11D96381-C349-60F6-6E95-013D80B6B68B}" = AMD Fuel
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1F500E12-6CD6-696E-16B7-68D729F96E6B}" = AMD Fuel
"{424E8E17-A7B7-45B5-8C79-D58F04D9D920}" = HP Photosmart 5510 series Basic Device Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{E17025A7-39B6-375E-8F1E-20637D19549C}" = AMD Catalyst Install Manager
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"Elantech" = ETDWare PS/2-X64 8.0.5.1_WHQL
"Microsoft Security Client" = Microsoft Security Essentials
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017E337D-D709-437C-83DB-71F82AA78BF6}" = 照片库
"{01944037-D136-45EE-A007-403EAD929FC7}" = Windows Live Writer
"{0212A32E-FC2B-0ADE-F800-C8AB8938E6B0}" = CCC Help Portuguese
"{022C7C52-B294-4346-88BC-C7C2FF7FF1B7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{04BF7078-1F68-4AC9-95F5-12D212C6176A}" = Laredo Client
"{061FF8F3-5226-4278-8AAB-282C1B024F58}" = Photo Common
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0AD576A7-EDCE-469E-ADD7-1AC9DB200C6B}" = Windows Live Mail
"{0BFF2188-2D8E-4BE2-95D0-B3CCD4C6A0C9}" = Photo Common
"{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}" = Movie Maker
"{14669F4E-9E66-CEAC-60A8-4F5013BE4A9C}" = CCC Help Polish
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1A10EA04-AF48-AB19-DE2B-0F7ABF174B22}" = CCC Help Finnish
"{1AC6E8CB-B022-A7E1-66DA-E063B6CEC373}" = CCC Help Polish
"{1D03A585-879D-45DB-B77A-C4D5A04E7286}" = Windows Live Family Safety
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FEE19BC-6F0C-42E4-82FF-FB597F6141DF}" = Windows Live Essentials
"{2177152C-83DD-4540-B2F0-970F7303B7BA}" = Windows Live Writer Resources
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{241F87F6-CEA4-4493-B4EE-0973C6088FEC}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{278213DB-AAA8-4BFB-71B7-30D113BABAC2}" = CCC Help Thai
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29351B67-9645-9987-05E6-2F77C5068D4D}" = Catalyst Control Center Profiles Mobile
"{29AFBD5C-71A8-DA79-508C-53E040EE3E71}" = CCC Help Italian
"{2AC4C6D7-512D-4B78-A85B-2C16E748AB8E}" = Movie Maker
"{2AEAFC79-79E6-4784-9CF9-D9D82932BF88}" = Windows Live Family Safety
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{31DA9CA4-92BC-D8FF-D4D6-F7BBC5810EDB}" = CCC Help Danish
"{3350EE8C-FD0C-3783-41C7-00DE86C7F85B}" = CCC Help Russian
"{3384216C-A28B-1699-FB0E-23738C972613}" = CCC Help Korean
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{36BFE02C-3247-EC65-5B79-C31CA8A2EA6B}" = CCC Help Chinese Traditional
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3993DD42-0739-7DCB-CB1E-512A1D0287B6}" = CCC Help Portuguese
"{3C41298B-A3F5-40C8-8BE3-A9A3F0644B0A}" = Windows Live Writer
"{3C63F944-803E-49A7-B3A2-B8AB3313E883}" = Windows Live UX Platform Language Pack
"{3D06DD4B-2D97-CB62-1639-66995969E0F7}" = CCC Help Chinese Standard
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40D1F76D-FD54-6FF9-8A83-E2B6849FF755}" = CCC Help Korean
"{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos
"{44A3A561-AE74-472D-A51C-43F4C9E7B5E5}" = Windows Live 软件包
"{46EF173F-A437-48B9-B950-A13F5619E7C6}" = Windows Live Mail
"{4956ACE3-F537-4418-BB45-FD52395275A7}" = Catalina Savings Printer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A747107-8352-D7B1-8E6C-CB009D11252D}" = CCC Help Italian
"{4C699616-D8EA-9E2F-0246-68E0298A9081}" = CCC Help German
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{50B8CA72-98FD-21A1-3448-601998D44C1D}" = CCC Help Swedish
"{54DB99A5-19D4-8285-9A00-DD5474D1E3F5}" = CCC Help Finnish
"{55C6CD22-E3A4-4937-CFFB-C7E11FA6A5A3}" = CCC Help Dutch
"{56050D82-138B-D911-CE56-DC4783CAA22C}" = CCC Help English
"{566BDFCC-DCB2-529B-FA9B-3E6958CBCDF9}" = CCC Help Czech
"{57B52F16-5396-28E0-6549-099A030581AB}" = CCC Help German
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62D16CB8-4DD5-0314-2AD7-C3C2BCADC234}" = CCC Help Thai
"{631C4E4F-6FDC-4CC0-A067-E9876A9BA7FD}" = 影像中心
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65FAB880-4A4F-A1D6-4130-271CC370C6B9}" = CCC Help French
"{69424C7F-B6CA-8786-E0CA-89D5915C9486}" = CCC Help Turkish
"{69E22E96-BC9C-BF96-23A5-21AA5D4AF50D}" = CCC Help Japanese
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6C1F20F2-FB02-0C22-3620-104C37603383}" = CCC Help Spanish
"{6E5E0E1B-FADA-9749-80F6-03A0A7967FEC}" = CCC Help Danish
"{6EEF68AF-D71A-8244-CC79-47F2D3FDC2F8}" = CCC Help Hungarian
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71296ABE-826A-2D27-9FD0-503F39A4D7ED}" = CCC Help Japanese
"{733EC941-EDAF-4DB8-920A-6CD70488676A}" = Windows Live Writer
"{751A9240-4ACA-D875-34BC-530278B77648}" = CCC Help Chinese Traditional
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
"{7DF5D4C2-1DEC-92C4-A1C6-AB4E689554A1}" = Catalyst Control Center Localization All
"{802E137D-DA8F-47CC-AC21-6DD075CD948C}" = Windows Live UX Platform Language Pack
"{8030AE22-7FA0-4880-A538-8906EDBF49F4}" = Windows Live Writer Resources
"{8150221C-8F7E-4997-AD4E-AFDEE7F4B410}" = Wireless Console 3
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8A9B7F1D-141E-2341-F7E5-922A0F8FC7DF}" = CCC Help English
"{8AAEB5A5-A397-46B6-8AF3-B6DC790C4E48}" = Windows Live Messenger
"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E241C05-52BF-4862-AD1F-AAE465C0075B}" = Windows Live Mail
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8F7FECEC-088F-431D-A5FB-2B59E1E69943}" = Galería de fotos
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{96914829-DF65-40AE-8A31-6F3E96BAEBBD}" = Windows Live Mail
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97C11F5B-7D70-4BF0-9361-E9B02320EE27}" = CCC Help Turkish
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9AC9D031-DC36-692B-E2B1-FB05032DB4B4}" = CCC Help Dutch
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C60D080-84E7-43A5-8ECA-28253D253BD7}" = Windows Live Essentials
"{9F9F5784-1E5A-47D2-BB82-21F89352859B}" = Windows Live Family Safety
"{A0E4C4A6-1CC7-4442-8CAE-2D825B7BC1C1}" = Windows Live Writer Resources
"{A11EFE0E-A256-C423-223F-4808E88024DB}" = CCC Help Greek
"{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker
"{A5DC64EE-2FC4-4C35-9975-639DD8499369}" = Windows Live Family Safety
"{A5ED032F-030F-A1B4-F399-1406F015ABD5}" = CCC Help Chinese Standard
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9868A83-9D72-2F2D-F549-A5BD46891987}" = CCC Help Norwegian
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B2A07D8D-71DB-4929-9154-2D8A198F0FDA}" = CCC Help Spanish
"{B306F739-A414-4698-BFAD-0AB23F73D14F}" = Windows Live Messenger
"{B328282C-DCE9-49B7-8B98-C08D9AA28C46}" = Windows Live Mail
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B693A4C3-B708-4F25-978E-56CA2517914C}" = Windows Live UX Platform Language Pack
"{B77D2795-23C0-4DBD-B7B5-CFB542D1FA3F}" = Windows Live Writer Resources
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{B8671F16-7EAD-DF55-5772-30CA96F037CE}" = CCC Help Swedish
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C10C5955-9E14-A895-BF90-29388B133FEA}" = CCC Help Russian
"{C40D110E-0718-4E11-A69B-D4EC7BF2EB04}" = Windows Live UX Platform Language Pack
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C595F480-788A-4F8F-8277-1A91F32CA879}" = Windows Live Writer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{C9440B47-2604-44EC-DA52-46DB4FA946ED}" = CCC Help French
"{C9A99D28-EE86-4D0F-B3E1-25EB87BFFEB1}" = Windows Live Messenger
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CA234488-A4E4-FE20-DEF4-D68C43ACACA2}" = CCC Help Czech
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0F03C35-6196-4992-8621-6F390DFA9073}" = Windows Live Messenger
"{D16E0F0C-5D10-45CF-A585-CE3689B5A913}" = Windows Live Writer
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D5082B89-2E86-447E-A02C-922534592FA8}" = Photo Common
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DA56F2C3-E05B-041F-6824-27C8A3C73F04}" = CCC Help Norwegian
"{DA9FD67B-0AAF-C83D-E2AC-C7D296FA0FE4}" = Catalyst Control Center Localization All
"{DB169E8F-5332-4DBF-B085-84AA2C373304}" = Windows Live Messenger
"{DF61799B-F14A-C47A-CA22-359BED10E66F}" = CCC Help Greek
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B5FDF0-6940-44B2-8204-CFA746A6B4AF}" = Movie Maker
"{EA2BE047-FF29-4336-BB70-6AF201085BAF}" = Windows Live 程式集
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE2E1BED-0821-4244-ABDC-149E9F9750C3}" = Photo Common
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common
"{F5E338CE-E1C6-4F7D-8300-44DBD05B9F14}" = Galeria de Fotografias
"{F8857969-C550-C462-1785-DB5523AE133C}" = CCC Help Hungarian
"{FC1900CF-AC11-49EA-867A-F2AE5830F43A}" = Windows Live Writer Resources
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FDB51A10-A57D-29AB-90D1-3EEE29BD388F}" = Catalyst Control Center InstallProxy
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Advanced SystemCare 7_is1" = Advanced SystemCare 7
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"ASUS_Screensaver" = ASUS_Screensaver
"Coupon Printer for Windows5.0.0.2" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.7" = Coupon Printer for Windows
"Hardware Helper_is1" = Hardware Helper
"HP Photo Creations" = HP Photo Creations
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"IObitUninstall" = IObit Uninstaller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"ManageMyMobile_is1" = ManageMyMobile
"MCShield" = MCShield ::Anti-Malware Tool::
"Microsoft Photo Editor_is1" = Microsoft Photo Editor
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"RealPlayer 16.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.94
"Software Assist" = Software Assist
"SpeedFan" = SpeedFan (remove only)
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3414749739-620263832-1076424935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"23ab716f18849b6f" = Amazon Cloud Drive
"FLV Player" = FLV Player
"Google Chrome" = Google Chrome
"PhotoFiltre" = PhotoFiltre
"SkyDriveSetup.exe" = Microsoft SkyDrive
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/14/2013 8:53:34 PM | Computer Name = Tams | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7878
 
Error - 12/14/2013 10:07:58 PM | Computer Name = Tams | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/14/2013 10:07:58 PM | Computer Name = Tams | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2402
 
Error - 12/14/2013 10:07:58 PM | Computer Name = Tams | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2402
 
Error - 12/14/2013 10:08:00 PM | Computer Name = Tams | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/14/2013 10:08:00 PM | Computer Name = Tams | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4508
 
Error - 12/14/2013 10:08:00 PM | Computer Name = Tams | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4508
 
Error - 12/14/2013 10:08:02 PM | Computer Name = Tams | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/14/2013 10:08:02 PM | Computer Name = Tams | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6786
 
Error - 12/14/2013 10:08:02 PM | Computer Name = Tams | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6786
 
Error - 12/14/2013 10:08:03 PM | Computer Name = Tams | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/14/2013 10:08:03 PM | Computer Name = Tams | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8252
 
[ System Events ]
Error - 3/26/2014 11:25:00 PM | Computer Name = Tams | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
 
Error - 3/26/2014 11:25:47 PM | Computer Name = Tams | Source = Service Control Manager | ID = 7003
Description = The Client Virtualization Handler service depends the following service:
 sftlist. This service might not be installed.
 
Error - 3/26/2014 11:26:20 PM | Computer Name = Tams | Source = WMPNetworkSvc | ID = 866300
Description = Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder)
 encountered error '0x80004005'. Verify that the UPnPHost service is running and
 that the UPnPHost component of Windows is installed properly.
 
Error - 3/26/2014 11:28:25 PM | Computer Name = Tams | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
 error:   %%126
 
Error - 3/28/2014 4:01:16 AM | Computer Name = Tams | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Security Update for Microsoft Filter Pack 2.0 (KB2553501)
 32-Bit Edition.
 
Error - 3/28/2014 4:01:21 AM | Computer Name = Tams | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit
Edition.
 
Error - 3/28/2014 4:02:42 AM | Computer Name = Tams | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Update for Microsoft Office 2010 (KB2598285) 32-Bit Edition.
 
Error - 3/29/2014 4:00:58 AM | Computer Name = Tams | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Security Update for Microsoft Filter Pack 2.0 (KB2553501)
 32-Bit Edition.
 
Error - 3/29/2014 4:00:58 AM | Computer Name = Tams | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit
Edition.
 
Error - 3/29/2014 4:01:43 AM | Computer Name = Tams | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Update for Microsoft Office 2010 (KB2598285) 32-Bit Edition.
 
 
< End of report >
 

OTL logfile created on: 3/29/2014 6:10:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tammy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.61 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 41.25% Memory free
7.21 Gb Paging File | 4.32 Gb Available in Paging File | 59.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 256.35 Gb Total Space | 180.90 Gb Free Space | 70.57% Space Free | Partition Type: NTFS
Drive D: | 314.82 Gb Total Space | 314.72 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
 
Computer Name: TAMS | User Name: Tammy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2014/03/29 17:57:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tammy\Desktop\OTL.exe
PRC - [2014/03/07 23:03:36 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/02/01 19:15:32 | 000,650,816 | ---- | M] (MyCity) -- C:\Program Files (x86)\MCShield\MCShieldRTM.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/28 12:39:32 | 002,283,296 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
PRC - [2013/10/25 13:07:24 | 002,151,200 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
PRC - [2013/10/25 13:07:00 | 000,878,368 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
PRC - [2013/08/14 16:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/05/30 14:48:18 | 000,082,944 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2011/05/20 13:01:06 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010/11/20 07:17:02 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2010/11/15 12:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2010/08/17 16:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2009/12/15 12:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/06/15 19:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/14 19:50:40 | 013,637,448 | ---- | M] () -- C:\Users\Tammy\AppData\Local\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
MOD - [2014/03/14 19:50:40 | 000,394,568 | ---- | M] () -- C:\Users\Tammy\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll
MOD - [2014/03/14 19:50:38 | 004,061,000 | ---- | M] () -- C:\Users\Tammy\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll
MOD - [2014/03/14 19:50:35 | 000,716,616 | ---- | M] () -- C:\Users\Tammy\AppData\Local\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
MOD - [2014/03/14 19:50:34 | 000,100,168 | ---- | M] () -- C:\Users\Tammy\AppData\Local\Google\Chrome\Application\33.0.1750.154\libegl.dll
MOD - [2014/03/14 19:50:32 | 001,647,432 | ---- | M] () -- C:\Users\Tammy\AppData\Local\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
MOD - [2014/03/14 19:50:30 | 000,051,016 | ---- | M] () -- C:\Users\Tammy\AppData\Local\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
MOD - [2014/03/07 23:03:15 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/01/15 19:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll
MOD - [2011/05/30 14:48:14 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/02/28 23:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/11/05 21:48:05 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/10/23 18:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 18:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/06/08 00:09:26 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/01/25 16:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV - [2014/03/13 10:39:11 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/07 23:03:35 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/25 13:07:24 | 002,151,200 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013/10/25 13:07:00 | 000,878,368 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/14 16:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2009/12/15 12:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/06/15 19:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/11/05 21:48:06 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/11/05 21:48:06 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/11/05 21:46:41 | 000,883,928 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/27 10:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/28 02:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/06/07 07:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/07 13:21:16 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/01/18 04:16:46 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/12/31 05:30:10 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/11/29 03:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 08:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/04 05:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/04 05:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/02/18 11:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/20 04:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/23 19:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/05/25 21:06:20 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2011/03/24 22:29:26 | 000,343,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\usbhub.sys -- (usbhub)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 19:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\..\SearchScopes,DefaultScope = {935AA68A-496B-4200-9926-7A4AD49CA5AD}
IE - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.c...q={searchTerms}
IE - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\..\SearchScopes\{8C283C09-32CB-487F-8254-A04033B2071F}: "URL" = http://tuvaro.com/ws...q={searchTerms}
IE - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\..\SearchScopes\{935AA68A-496B-4200-9926-7A4AD49CA5AD}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Tuvaro"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.yahoo....=spigot-yhp-ff"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: "http://search.yahoo....type=198484&p="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tammy\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tammy\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tammy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Tammy\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\firefoxextension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/01/01 02:57:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/01/01 02:57:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/07 23:03:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/03/20 11:19:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\UnfriendApp\Firefox\
 
[2012/05/02 17:06:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tammy\AppData\Roaming\Mozilla\Extensions
[2014/03/27 23:58:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\muiuyso6.default\extensions
[2013/12/13 11:38:08 | 000,000,000 | ---D | M] (Ads Removal) -- C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\muiuyso6.default\extensions\[email protected]
[2014/01/31 22:39:02 | 000,007,641 | ---- | M] () (No name found) -- C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\muiuyso6.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi
[2014/03/06 22:10:27 | 000,008,061 | ---- | M] () -- C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\muiuyso6.default\searchplugins\yahoo_ff.xml
[2014/03/07 23:03:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/07 23:03:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/03/29 01:01:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2014/03/29 01:02:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/09/04 18:53:56 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2014/01/01 02:54:33 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
 
O1 HOSTS File: ([2014/03/26 22:17:31 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2 - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (no name) - {5CB02877-EFBC-4317-B608-9E24B11BAB40} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {6F001652-AF51-45C6-B029-86E0265A1851} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
O4 - HKU\S-1-5-21-3414749739-620263832-1076424935-1001..\Run: [Advanced SystemCare 7] C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-3414749739-620263832-1076424935-1001..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-3414749739-620263832-1076424935-1001..\Run: [MCShield Monitor] C:\Program Files (x86)\MCShield\MCShieldRTM.exe (MyCity)
O4 - Startup: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk = C:\Users\Tammy\AppData\Local\Apps\2.0\45ZVRA9Q.KRA\M671W4KH.PH7\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe (Amazon Digital Services, LLC.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Reg Error: Key error.)
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinn...man/hangman.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.226
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97A12908-D330-490A-806D-6EEC561D2FB5}: DhcpNameServer = 192.168.0.1 205.171.2.226
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) -  File not found
O29:64bit: - HKLM SecurityProviders - (digest.dll) -  File not found
O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) -  File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) -  File not found
O29 - HKLM SecurityProviders - (digest.dll) -  File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3414749739-620263832-1076424935-1001..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/03/29 18:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
[2014/03/29 17:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\MCShield
[2014/03/29 17:59:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MCShield
[2014/03/29 17:57:04 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Tammy\Desktop\aswmbr.exe
[2014/03/29 17:56:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tammy\Desktop\OTL.exe
[2014/03/29 17:56:45 | 002,846,904 | ---- | C] (MyCity) -- C:\Users\Tammy\Desktop\MCShield-Setup.exe
[2014/03/28 12:51:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2014/03/26 22:26:41 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/03/26 22:25:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/03/20 17:17:32 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014/03/20 17:15:54 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/03/18 13:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/03/18 12:59:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014/03/07 23:03:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/10/12 18:01:48 | 002,162,416 | ---- | C] (Catalina Marketing Corp) -- C:\Users\Tammy\AppData\Local\BcsKtYcHW.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014/03/29 18:15:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/29 18:06:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3414749739-620263832-1076424935-1001UA.job
[2014/03/29 18:05:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/29 17:59:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2014/03/29 17:57:22 | 000,987,448 | ---- | M] () -- C:\Users\Tammy\Desktop\SecurityCheck(1).exe
[2014/03/29 17:57:09 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Tammy\Desktop\aswmbr.exe
[2014/03/29 17:57:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tammy\Desktop\OTL.exe
[2014/03/29 17:56:53 | 002,846,904 | ---- | M] (MyCity) -- C:\Users\Tammy\Desktop\MCShield-Setup.exe
[2014/03/29 17:05:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/29 01:06:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3414749739-620263832-1076424935-1001Core.job
[2014/03/28 22:25:53 | 000,002,207 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
[2014/03/27 11:57:23 | 000,186,566 | ---- | M] () -- C:\Users\Tammy\Desktop\8040659 Inv.pdf
[2014/03/27 11:54:18 | 000,557,352 | ---- | M] () -- C:\Users\Tammy\Desktop\8040659 POD.pdf
[2014/03/27 11:52:44 | 000,609,064 | ---- | M] () -- C:\Users\Tammy\Desktop\8040659 Conf.pdf
[2014/03/27 11:11:47 | 000,798,756 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/27 11:11:47 | 000,662,764 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/27 11:11:47 | 000,122,582 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/26 22:32:39 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/26 22:32:39 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/26 22:26:48 | 000,003,037 | ---- | M] () -- C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk
[2014/03/26 22:25:35 | 000,315,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/26 22:25:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/26 22:25:03 | 2903,281,664 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/26 22:24:00 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2014/03/26 22:22:08 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014/03/26 22:17:31 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/03/26 22:06:56 | 000,798,756 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/03/26 21:57:14 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-TAMS-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/03/26 21:40:13 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2014/03/26 17:06:21 | 005,560,425 | ---- | M] () -- C:\Users\Tammy\Desktop\G2 Manual.pdf
[2014/03/20 17:37:06 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_523
 
========== Files Created - No Company Name ==========
 
[2014/03/29 17:57:14 | 000,987,448 | ---- | C] () -- C:\Users\Tammy\Desktop\SecurityCheck(1).exe
[2014/03/27 11:57:22 | 000,186,566 | ---- | C] () -- C:\Users\Tammy\Desktop\8040659 Inv.pdf
[2014/03/27 11:54:17 | 000,557,352 | ---- | C] () -- C:\Users\Tammy\Desktop\8040659 POD.pdf
[2014/03/27 11:52:44 | 000,609,064 | ---- | C] () -- C:\Users\Tammy\Desktop\8040659 Conf.pdf
[2014/03/26 22:24:00 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2014/03/26 21:57:14 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-TAMS-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/03/26 17:06:20 | 005,560,425 | ---- | C] () -- C:\Users\Tammy\Desktop\G2 Manual.pdf
[2013/11/05 21:48:07 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/11/05 21:48:07 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/11/05 21:48:06 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2013/11/05 21:48:04 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/11/05 21:48:03 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/10/12 18:01:46 | 000,893,239 | ---- | C] () -- C:\Users\Tammy\AppData\Local\a.zip
[2013/03/09 17:28:36 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/07/18 22:26:02 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/02/16 11:54:31 | 000,026,339 | ---- | C] () -- C:\Users\Tammy\AppData\Local\Temp20.html
[2012/02/16 11:54:14 | 000,001,955 | ---- | C] () -- C:\Users\Tammy\AppData\Local\Temp1.html
[2012/02/10 17:32:50 | 000,000,036 | ---- | C] () -- C:\Users\Tammy\AppData\Local\housecall.guid.cache
[2011/12/02 21:26:31 | 000,004,608 | ---- | C] () -- C:\Users\Tammy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\syswow64\wbem\fastprox.dll -- [2010/11/20 07:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/11/22 19:00:58 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\ASUS WebStorage
[2012/09/04 18:53:56 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\Catalina Marketing Corp
[2013/10/12 18:01:41 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\Catalina – Print Savings
[2014/02/14 10:56:45 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\IObit
[2012/01/02 23:09:39 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\MediaArt
[2011/11/26 14:56:55 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\Nuance
[2012/03/07 18:49:03 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\OpenOffice.org
[2014/03/18 11:52:31 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\Opera Software
[2011/12/04 14:17:28 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\PhotoFiltre
[2012/03/16 02:58:01 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\PhotoScape
[2011/12/11 17:19:28 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\SoftGrid Client
[2011/11/26 22:02:07 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\TP
[2013/02/15 22:03:03 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\Unity
[2013/02/08 19:24:04 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\Visan
[2013/11/24 12:35:15 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\Windows
[2012/08/14 14:48:22 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\Windows Live Writer
[2011/11/25 11:40:49 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 08:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
 
< MD5 for: SVCHOST.EXE  >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 07:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 07:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 08:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 08:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 08:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< dir C:\ /S /A:L /C >
 Volume in drive C is OS
 Volume Serial Number is 56E8-3A45
 Directory of C:\
07/14/2009  12:08 AM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009  12:08 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009  12:08 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009  12:08 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009  12:08 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009  12:08 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:B3C7433B

< End of report >
 

The aswMBR scan had to be run twice, the machine locked up, I have included a screenshot of what it looked like.  I had to manually force a shutdown to restart the machine.  Screenshot is under all the scans.

 

aswMBR Scan Log:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-03-29 18:53:06
-----------------------------
18:53:06.671    OS Version: Windows x64 6.1.7601 Service Pack 1
18:53:06.671    Number of processors: 2 586 0x200
18:53:06.671    ComputerName: TAMS  UserName:
18:53:07.872    Initialize success
18:53:32.240    The log file has been saved successfully to "C:\Users\Tammy\Desktop\aswMBR.txt"
18:54:06.554    AVAST engine defs: 14032902
18:54:12.843    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006d
18:54:12.843    Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 11
18:54:13.015    Disk 0 MBR read successfully
18:54:13.015    Disk 0 MBR scan
18:54:13.124    Disk 0 Windows 7 default MBR code
18:54:13.140    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    25600 MB offset 2048
18:54:13.171    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       262506 MB offset 52430848
18:54:13.233    Disk 0 Partition - 00     0F Extended LBA            322373 MB offset 590043136
18:54:13.296    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       322372 MB offset 590045184
18:54:13.670    Disk 0 scanning C:\Windows\system32\drivers
18:54:40.955    Service scanning
18:55:32.923    Modules scanning
18:55:32.939    Disk 0 trace - called modules:
18:55:32.970    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
18:55:32.986    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bd7060]
18:55:33.001    3 CLASSPNP.SYS[fffff8800194d43f] -> nt!IofCallDriver -> [0xfffffa8004a66040]
18:55:33.001    5 amd_xata.sys[fffff8800113d8b4] -> nt!IofCallDriver -> \Device\0000006d[0xfffffa800462b060]
18:55:34.327    AVAST engine scan C:\Windows
18:55:39.678    AVAST engine scan C:\Windows\system32
19:03:09.456    AVAST engine scan C:\Windows\system32\drivers
19:03:35.742    AVAST engine scan C:\Users\Tammy
19:12:19.875    Disk 0 MBR has been saved successfully to "C:\Users\Tammy\Desktop\MBR.dat"
19:12:19.890    The log file has been saved successfully to "C:\Users\Tammy\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-03-29 18:53:06
-----------------------------
18:53:06.671    OS Version: Windows x64 6.1.7601 Service Pack 1
18:53:06.671    Number of processors: 2 586 0x200
18:53:06.671    ComputerName: TAMS  UserName:
18:53:07.872    Initialize success
18:53:32.240    The log file has been saved successfully to "C:\Users\Tammy\Desktop\aswMBR.txt"
18:54:06.554    AVAST engine defs: 14032902
18:54:12.843    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006d
18:54:12.843    Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 11
18:54:13.015    Disk 0 MBR read successfully
18:54:13.015    Disk 0 MBR scan
18:54:13.124    Disk 0 Windows 7 default MBR code
18:54:13.140    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    25600 MB offset 2048
18:54:13.171    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       262506 MB offset 52430848
18:54:13.233    Disk 0 Partition - 00     0F Extended LBA            322373 MB offset 590043136
18:54:13.296    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       322372 MB offset 590045184
18:54:13.670    Disk 0 scanning C:\Windows\system32\drivers
18:54:40.955    Service scanning
18:55:32.923    Modules scanning
18:55:32.939    Disk 0 trace - called modules:
18:55:32.970    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
18:55:32.986    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bd7060]
18:55:33.001    3 CLASSPNP.SYS[fffff8800194d43f] -> nt!IofCallDriver -> [0xfffffa8004a66040]
18:55:33.001    5 amd_xata.sys[fffff8800113d8b4] -> nt!IofCallDriver -> \Device\0000006d[0xfffffa800462b060]
18:55:34.327    AVAST engine scan C:\Windows
18:55:39.678    AVAST engine scan C:\Windows\system32
19:03:09.456    AVAST engine scan C:\Windows\system32\drivers
19:03:35.742    AVAST engine scan C:\Users\Tammy
19:12:19.875    Disk 0 MBR has been saved successfully to "C:\Users\Tammy\Desktop\MBR.dat"
19:12:19.890    The log file has been saved successfully to "C:\Users\Tammy\Desktop\aswMBR.txt"
19:12:42.469    Disk 0 MBR has been saved successfully to "C:\Users\Tammy\Desktop\MBR.dat"
19:12:42.501    The log file has been saved successfully to "C:\Users\Tammy\Desktop\aswMBR.txt"


Security Check:

 

 Results of screen317's Security Check version 0.99.81  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Java version out of Date!
 Adobe Flash Player 12.0.0.77  
 Adobe Reader XI  
 Mozilla Firefox (28.0)
 Google Chrome 33.0.1750.146  
 Google Chrome 33.0.1750.154  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

 

And the screenshot I promised...

 

th_0329141846.jpg


  • 0

#7
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there, great job thanks. :)
 
Not sure why the PC locked up, hopefully this should go smoothly.
 
I would like you to uninstall a few programs as they cause problems or are simply rubbish. I don't advise running anything by ioBit, it has an Antivirus also which will clash with MSE.
 
Follow in the order given
 
 
1. Uninstall
 

 

  • Click Start then select Control Panel
  • In control panel click Uninstall a Program or Programs and Features and uninstall the following:
  • FLV Player
  • Unity Web Player
  • Advanced SystemCare 7
  • IObit Uninstaller
 
 
 
2. OTL Fix
 

 

  • Right click the OTL icon and select Run as Administrator.
  • Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

 

:COMMANDS
[CREATERESTOREPOINT]
:OTL
SRV - [2013/10/25 13:07:24 | 002,151,200 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013/10/25 13:07:00 | 000,878,368 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7)
IE - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\..\SearchScopes,DefaultScope = {935AA68A-496B-4200-9926-7A4AD49CA5AD}
IE - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\..\SearchScopes\{8C283C09-32CB-487F-8254-A04033B2071F}: "URL" = http://tuvaro.com/ws...q={searchTerms}
IE - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\..\SearchScopes\{935AA68A-496B-4200-9926-7A4AD49CA5AD}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/...eferrer:source}
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tammy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
[2014/01/31 22:39:02 | 000,007,641 | ---- | M] () (No name found) -- C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\muiuyso6.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2 - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
O2 - BHO: (no name) - {5CB02877-EFBC-4317-B608-9E24B11BAB40} - No CLSID value found.
O2 - BHO: (no name) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {6F001652-AF51-45C6-B029-86E0265A1851} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-3414749739-620263832-1076424935-1001..\Run: [Advanced SystemCare 7] C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe (IObit)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab (Reg Error: Key error.) 
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.) 
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Reg Error: Key error.) 
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinn...man/hangman.cab (Reg Error: Key error.) 
[2014/03/28 22:25:53 | 000,002,207 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
[2014/03/26 22:24:00 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2011/11/26 22:02:07 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\TP
[2013/02/15 22:03:03 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\Unity
[2014/02/14 10:56:45 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\IObit
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:B3C7433B
 
:FILES
C:\Program Files (x86)\IObit
ipconfig /flushdns /c
netsh winsock reset catalog /c
netsh int ip reset c:\resetlog.txt  /c
ipconfig /release /c
ipconfig /renew /c
 
:COMMANDS
[EMPTYTEMP]

 

  • Then click Run Fix
  • Click O.K if asked to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste the Fix Log in your next reply.
 
 
 
3. Run ADWcleaner
 

 

  • Right click ADWcleaner and Run as Administrator then select Scan
  • Once the scan is complete click Clean
  • A reboot will be asked for click O.K
  • On reboot a log will be produced, please post in your next reply.
 
 
4.OTL Scan
 

 

  • Right click the OTL icon and select Run as Administrator.
  • Select the following boxes:
  • Scan All Users
  • Include 64bit Scans - If present.
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Now Click Run Scan
  • OTL will now scan your computer and produce a log file OTL.txt
  • Please post in your next reply
 
 
 
Things I want to see in your next post.
 

 

  • OTL fix.txt
  • ADWcleaner results
  • OTL.txt
 

  • 0

#8
ColtsFan18

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 372 posts

Ok... I'm on it. During the reboot for OTL it is not restarting like normal. The power button is lit but its not restarting. Im going to manually restart it to bring it up. Im posting this from my phone.


Edited by ColtsFan18, 29 March 2014 - 08:53 PM.

  • 0

#9
ColtsFan18

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 372 posts

ADWcleaner doesn't have a "clean" button... It has "FixMBR" Save Log and Exit...  Should I use the FixMBR option?  It gives me a warning about how it's going to write a new master boot record...

 

I'm just going to leave the screen up until you say its OK to proceed.  I won't cancel the scan results or go any further.


Edited by ColtsFan18, 29 March 2014 - 09:20 PM.

  • 0

#10
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts

 

 

ADWcleaner doesn't have a "clean" button... It has "FixMBR" Save Log and Exit

 

You have opened aswMBR instead of ADWcleaner :) Similar sounding names. ADWcleaner is another tool. 

 

Did the OTL fix complete? It can take a little longer to restart after the reboot this is normal. You may also get a prompt to allow OTL to run on restart.


  • 0

Advertisements


#11
ColtsFan18

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 372 posts

Oh Lord, I'm an idiot.  I didn't run OTL until I knew what to do with what is now the WRONG program.  Give me just a bit and I'll get the logs posted.


  • 0

#12
ColtsFan18

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 372 posts

OTL Log:

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service LiveUpdateSvc stopped successfully!
Service LiveUpdateSvc deleted successfully!
C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe moved successfully.
Error: No service named AdvancedSystemCareService7 was found to stop!
Service\Driver key AdvancedSystemCareService7 not found.
File C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe not found.
HKEY_USERS\S-1-5-21-3414749739-620263832-1076424935-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3414749739-620263832-1076424935-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8C283C09-32CB-487F-8254-A04033B2071F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C283C09-32CB-487F-8254-A04033B2071F}\ not found.
Registry key HKEY_USERS\S-1-5-21-3414749739-620263832-1076424935-1001\Software\Microsoft\Internet Explorer\SearchScopes\{935AA68A-496B-4200-9926-7A4AD49CA5AD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{935AA68A-496B-4200-9926-7A4AD49CA5AD}\ not found.
Registry key HKEY_USERS\S-1-5-21-3414749739-620263832-1076424935-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B97950D-482C-1D79-568F-FC7B9D40C785}\ not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0\ not found.
File C:\Users\Tammy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll not found.
C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\muiuyso6.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\ deleted successfully.
File C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6F001652-AF51-45C6-B029-86E0265A1851} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3414749739-620263832-1076424935-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 7 not found.
File C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe not found.
Starting removal of ActiveX control {0D41B8C5-2599-4893-8183-00195EC8D5F9}
C:\Windows\Downloaded Program Files\asusTek_sys_ctrl.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0D41B8C5-2599-4893-8183-00195EC8D5F9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D41B8C5-2599-4893-8183-00195EC8D5F9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0D41B8C5-2599-4893-8183-00195EC8D5F9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D41B8C5-2599-4893-8183-00195EC8D5F9}\ not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {8A94C905-FF9D-43B6-8708-F0F22D22B1CB}
C:\Windows\Downloaded Program Files\wwlaunch.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}\ not found.
Starting removal of ActiveX control {B06CE1BC-5D9D-4676-BD28-1752DBF394E0}
C:\Windows\Downloaded Program Files\hangman.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B06CE1BC-5D9D-4676-BD28-1752DBF394E0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B06CE1BC-5D9D-4676-BD28-1752DBF394E0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{B06CE1BC-5D9D-4676-BD28-1752DBF394E0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B06CE1BC-5D9D-4676-BD28-1752DBF394E0}\ not found.
File C:\Users\Public\Desktop\Advanced SystemCare 7.lnk not found.
C:\asc_rdflag moved successfully.
C:\Users\Tammy\AppData\Roaming\TP folder moved successfully.
C:\Users\Tammy\AppData\Roaming\Unity\WebPlayerPrefs\d3ihviipx7c7g8_2ecloudfront_2enet folder moved successfully.
C:\Users\Tammy\AppData\Roaming\Unity\WebPlayerPrefs folder moved successfully.
C:\Users\Tammy\AppData\Roaming\Unity folder moved successfully.
C:\Users\Tammy\AppData\Roaming\IObit\Smart Defrag 3 folder moved successfully.
C:\Users\Tammy\AppData\Roaming\IObit\IObit Uninstaller\Log folder moved successfully.
C:\Users\Tammy\AppData\Roaming\IObit\IObit Uninstaller\B77A0CC7-7129-4313-86FE-B10B53285749 folder moved successfully.
C:\Users\Tammy\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\Tammy\AppData\Roaming\IObit\IObit Malware Fighter folder moved successfully.
C:\Users\Tammy\AppData\Roaming\IObit\Driver Booster\Logs folder moved successfully.
C:\Users\Tammy\AppData\Roaming\IObit\Driver Booster\License folder moved successfully.
C:\Users\Tammy\AppData\Roaming\IObit\Driver Booster folder moved successfully.
C:\Users\Tammy\AppData\Roaming\IObit\Advanced SystemCare V7\Temp folder moved successfully.
C:\Users\Tammy\AppData\Roaming\IObit\Advanced SystemCare V7\ProgramDeactivator folder moved successfully.
C:\Users\Tammy\AppData\Roaming\IObit\Advanced SystemCare V7\Log folder moved successfully.
C:\Users\Tammy\AppData\Roaming\IObit\Advanced SystemCare V7\Internet Booster folder moved successfully.
C:\Users\Tammy\AppData\Roaming\IObit\Advanced SystemCare V7\Homepage Protection folder moved successfully.
C:\Users\Tammy\AppData\Roaming\IObit\Advanced SystemCare V7\EmptyFolder folder moved successfully.
C:\Users\Tammy\AppData\Roaming\IObit\Advanced SystemCare V7\Boottime folder moved successfully.
C:\Users\Tammy\AppData\Roaming\IObit\Advanced SystemCare V7\Backup folder moved successfully.
C:\Users\Tammy\AppData\Roaming\IObit\Advanced SystemCare V7 folder moved successfully.
C:\Users\Tammy\AppData\Roaming\IObit\Advanced SystemCare V6\Temp folder moved successfully.
C:\Users\Tammy\AppData\Roaming\IObit\Advanced SystemCare V6\SmartRAM folder moved successfully.
C:\Users\Tammy\AppData\Roaming\IObit\Advanced SystemCare V6\Log folder moved successfully.
C:\Users\Tammy\AppData\Roaming\IObit\Advanced SystemCare V6\Internet Booster folder moved successfully.
C:\Users\Tammy\AppData\Roaming\IObit\Advanced SystemCare V6\Boottime folder moved successfully.
C:\Users\Tammy\AppData\Roaming\IObit\Advanced SystemCare V6\Backup folder moved successfully.
C:\Users\Tammy\AppData\Roaming\IObit\Advanced SystemCare V6 folder moved successfully.
C:\Users\Tammy\AppData\Roaming\IObit folder moved successfully.
ADS C:\ProgramData\Temp:B3C7433B deleted successfully.
========== FILES ==========
C:\Program Files (x86)\IObit\Surfing Protection\Update folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\Database folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3\Temp folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3 folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 2 folder moved successfully.
C:\Program Files (x86)\IObit\ManageMyMobile\Skin\Default\UsbDebug folder moved successfully.
C:\Program Files (x86)\IObit\ManageMyMobile\Skin\Default\Search folder moved successfully.
C:\Program Files (x86)\IObit\ManageMyMobile\Skin\Default\ProgressWindow folder moved successfully.
C:\Program Files (x86)\IObit\ManageMyMobile\Skin\Default\Loading folder moved successfully.
C:\Program Files (x86)\IObit\ManageMyMobile\Skin\Default\InputText folder moved successfully.
C:\Program Files (x86)\IObit\ManageMyMobile\Skin\Default\Icon folder moved successfully.
C:\Program Files (x86)\IObit\ManageMyMobile\Skin\Default\Home folder moved successfully.
C:\Program Files (x86)\IObit\ManageMyMobile\Skin\Default\Frame folder moved successfully.
C:\Program Files (x86)\IObit\ManageMyMobile\Skin\Default\Form folder moved successfully.
C:\Program Files (x86)\IObit\ManageMyMobile\Skin\Default\DeviceInfo folder moved successfully.
C:\Program Files (x86)\IObit\ManageMyMobile\Skin\Default\button folder moved successfully.
C:\Program Files (x86)\IObit\ManageMyMobile\Skin\Default folder moved successfully.
C:\Program Files (x86)\IObit\ManageMyMobile\Skin folder moved successfully.
C:\Program Files (x86)\IObit\ManageMyMobile\Language folder moved successfully.
C:\Program Files (x86)\IObit\ManageMyMobile\Driver\amd64 folder moved successfully.
C:\Program Files (x86)\IObit\ManageMyMobile\Driver folder moved successfully.
C:\Program Files (x86)\IObit\ManageMyMobile folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate\update\ASCandU folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate\update folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate\Language folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate folder moved successfully.
C:\Program Files (x86)\IObit\IObit Uninstaller folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\Update folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\Quarantine Zone folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\log\scan folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\log\realtime folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\log folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\db folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\update\ADSRemoval\IE\db folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\update\ADSRemoval\IE folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\update\ADSRemoval folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\update folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\db folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\lib folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\defaults folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\chrome\content\subscriptions folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\chrome\content\scripts folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\chrome\content\images folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\chrome\content folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\chrome folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\bin folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected] folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\js folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\img folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\filtering folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\dll folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\db folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0 folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\gkcefkcdkepgkpbgncjchhbjgoanleod folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Update\Database folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Update folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Toolbox_Download folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\SecurityHole_Backup folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Database folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\BootTimeLog folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7 folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Update folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Toolbox_Download folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\images folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\BootTimeLog folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6 folder moved successfully.
C:\Program Files (x86)\IObit folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Tammy\Desktop\cmd.bat deleted successfully.
C:\Users\Tammy\Desktop\cmd.txt deleted successfully.
< netsh winsock reset catalog /c >
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
C:\Users\Tammy\Desktop\cmd.bat deleted successfully.
C:\Users\Tammy\Desktop\cmd.txt deleted successfully.
< netsh int ip reset c:\resetlog.txt  /c >
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
C:\Users\Tammy\Desktop\cmd.bat deleted successfully.
C:\Users\Tammy\Desktop\cmd.txt deleted successfully.
< ipconfig /release /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection 2:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
Wireless LAN adapter Wireless Network Connection:
   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::ccb0:2d5:f4da:dfdd%13
   Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
Tunnel adapter isatap.PK5001Z:
   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::5efe:192.168.0.75%22
   Default Gateway . . . . . . . . . :
Tunnel adapter Local Area Connection* 11:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
Tunnel adapter Local Area Connection* 9:
   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:18de:37fc:3f57:ffb4
   Link-local IPv6 Address . . . . . : fe80::18de:37fc:3f57:ffb4%21
   Default Gateway . . . . . . . . . : ::
Tunnel adapter isatap.{D7113D14-F6F8-4435-8E6C-AD70621C9FEF}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
Tunnel adapter isatap.{B76D9DC1-678E-40D9-8BB8-4562D42204A2}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
C:\Users\Tammy\Desktop\cmd.bat deleted successfully.
C:\Users\Tammy\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection 2:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
Wireless LAN adapter Wireless Network Connection:
   Connection-specific DNS Suffix  . : PK5001Z
   Link-local IPv6 Address . . . . . : fe80::ccb0:2d5:f4da:dfdd%13
   IPv4 Address. . . . . . . . . . . : 192.168.0.75
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
Ethernet adapter Local Area Connection:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
Tunnel adapter isatap.PK5001Z:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
Tunnel adapter Local Area Connection* 11:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
Tunnel adapter Local Area Connection* 9:
   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:1435:3e8d:3f57:ffb4
   Link-local IPv6 Address . . . . . : fe80::1435:3e8d:3f57:ffb4%21
   Default Gateway . . . . . . . . . : ::
Tunnel adapter isatap.{D7113D14-F6F8-4435-8E6C-AD70621C9FEF}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
Tunnel adapter isatap.{B76D9DC1-678E-40D9-8BB8-4562D42204A2}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
C:\Users\Tammy\Desktop\cmd.bat deleted successfully.
C:\Users\Tammy\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Tammy
->Temp folder emptied: 125045408 bytes
->Temporary Internet Files folder emptied: 119954189 bytes
->Java cache emptied: 668081 bytes
->FireFox cache emptied: 85947894 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 142039 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 40882 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42287446 bytes
RecycleBin emptied: 236786702 bytes
 
Total Files Cleaned = 583.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03292014_212207

Files\Folders moved on Reboot...
File\Folder C:\Users\Tammy\AppData\Local\Temp\hsperfdata_Tammy\1812 not found!
C:\Users\Tammy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Tammy\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll moved successfully.
C:\Users\Tammy\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 


  • 0

#13
ColtsFan18

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 372 posts

Doing the ADWcleaner now.  I had to download it


  • 0

#14
ColtsFan18

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 372 posts

ADWcleaner Logfile:

 

# AdwCleaner v3.022 - Report created 30/03/2014 at 15:20:14
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Tammy - TAMS
# Running from : C:\Users\Tammy\AppData\Local\Temp\dlmF191.tmp\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\driver-soft
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\muiuyso6.default\Extensions\[email protected]

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_photofiltre_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_photofiltre_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Driver-Soft
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\muiuyso6.default\prefs.js ]

Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=5&UP=SPED85D80A-6767-442E-B4CF-2F2FE66CBEEA&SSPV=");
Line Deleted : user_pref("extensions.crossrider.bic", "1392b5fbbaaf71f3edc7d6d9be8b0556");
Line Deleted : user_pref("extensions.dynconff.cache.accounts.google.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"v51_1250_1169_1251\"><content id=\"configObject\">\r\n<newjs>\r\n<![CDATA[\r\n\r\nvar L[...]
Line Deleted : user_pref("extensions.dynconff.cache.mail.google.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"v51_1250_1169_1251\"><content id=\"configObject\">\r\n<newjs>\r\n<![CDATA[\r\n\r\nvar Links[...]
Line Deleted : user_pref("extensions.dynconff.cache.www.google.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"v51_1139_1250_1137_1169_1251\"><content id=\"DEALAddConf\">\r\n<newjs>\r\n<![CDATA[\r\n\r\n    [...]
Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SPED85D80A-6767-442E-B4CF-2F2FE66CBEEA");

*************************

AdwCleaner[R0].txt - [3985 octets] - [30/03/2014 15:17:54]
AdwCleaner[S0].txt - [3772 octets] - [30/03/2014 15:20:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3832 octets] ##########
 


  • 0

#15
ColtsFan18

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 372 posts

And finally the last OTL Scan txt:

 

OTL logfile created on: 3/30/2014 3:31:01 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tammy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.61 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 59.69% Memory free
7.21 Gb Paging File | 5.66 Gb Available in Paging File | 78.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 256.35 Gb Total Space | 182.47 Gb Free Space | 71.18% Space Free | Partition Type: NTFS
Drive D: | 314.82 Gb Total Space | 314.72 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
 
Computer Name: TAMS | User Name: Tammy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/03/29 17:57:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tammy\Desktop\OTL.exe
PRC - [2014/03/29 01:02:42 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/03/22 14:28:48 | 004,671,776 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
PRC - [2014/03/22 14:28:48 | 003,026,720 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
PRC - [2014/03/22 14:28:48 | 002,466,080 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2014/02/01 19:15:32 | 000,650,816 | ---- | M] (MyCity) -- C:\Program Files (x86)\MCShield\MCShieldRTM.exe
PRC - [2014/01/01 02:53:51 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/30 13:40:40 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Tammy\AppData\Local\Apps\2.0\45ZVRA9Q.KRA\M671W4KH.PH7\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\LocalServiceJre\bin\AmazonCloudDriveW.exe
PRC - [2013/08/14 16:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/08/28 08:40:39 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011/06/10 12:49:10 | 002,255,360 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2011/05/30 14:48:18 | 000,082,944 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2011/05/20 13:01:06 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010/11/15 12:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2010/08/17 16:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010/07/10 00:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
PRC - [2009/12/15 12:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/11/02 16:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/06/19 12:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 12:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 19:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/22 19:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/08/13 23:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/30 15:23:35 | 000,046,080 | ---- | M] () -- C:\Users\Tammy\AppData\Local\Apps\2.0\45ZVRA9Q.KRA\M671W4KH.PH7\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\NativeOperations.dll
MOD - [2014/03/29 21:34:33 | 000,541,696 | ---- | M] () -- C:\Users\Tammy\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
MOD - [2014/03/29 01:01:58 | 003,642,480 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/06/10 12:49:10 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
MOD - [2011/05/30 14:48:14 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2009/11/02 16:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 16:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/02/28 23:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/11/05 21:48:05 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/10/23 18:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 18:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/06/08 00:09:26 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/01/25 16:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV - [2014/03/29 01:02:41 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/22 14:28:48 | 002,466,080 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2014/03/13 10:39:11 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/14 16:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2009/12/15 12:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/06/15 19:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/11/05 21:48:06 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/11/05 21:48:06 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/11/05 21:46:41 | 000,883,928 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/27 10:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/28 02:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/06/07 07:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/07 13:21:16 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/01/18 04:16:46 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/12/31 05:30:10 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/11/29 03:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 08:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/04 05:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/04 05:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/02/18 11:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/20 04:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/23 19:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/05/25 21:06:20 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2011/03/24 22:29:26 | 000,343,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\usbhub.sys -- (usbhub)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 19:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.c...q={searchTerms}
IE - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Tuvaro"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..keyword.URL: "http://search.yahoo....type=198484&p="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tammy\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tammy\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Tammy\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\firefoxextension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/01/01 02:57:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/01/01 02:57:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/29 01:01:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/03/29 01:01:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\UnfriendApp\Firefox\
 
[2012/05/02 17:06:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tammy\AppData\Roaming\Mozilla\Extensions
[2014/03/29 21:22:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\muiuyso6.default\extensions
[2014/03/30 15:19:00 | 000,001,000 | ---- | M] () -- C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\muiuyso6.default\searchplugins\conduit-search.xml
[2014/03/06 22:10:27 | 000,008,061 | ---- | M] () -- C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\muiuyso6.default\searchplugins\yahoo_ff.xml
[2014/03/29 01:01:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/29 01:02:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/09/04 18:53:56 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2014/01/01 02:54:33 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
 
O1 HOSTS File: ([2014/03/26 22:17:31 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
O4 - HKU\S-1-5-21-3414749739-620263832-1076424935-1001..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-3414749739-620263832-1076424935-1001..\Run: [MCShield Monitor] C:\Program Files (x86)\MCShield\MCShieldRTM.exe (MyCity)
O4 - Startup: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk = C:\Users\Tammy\AppData\Local\Apps\2.0\45ZVRA9Q.KRA\M671W4KH.PH7\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe (Amazon Digital Services, LLC.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3414749739-620263832-1076424935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.226
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97A12908-D330-490A-806D-6EEC561D2FB5}: DhcpNameServer = 192.168.0.1 205.171.2.226
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Conduit)
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) -  File not found
O29:64bit: - HKLM SecurityProviders - (digest.dll) -  File not found
O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) -  File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) -  File not found
O29 - HKLM SecurityProviders - (digest.dll) -  File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3414749739-620263832-1076424935-1001..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/03/30 15:18:20 | 000,000,000 | ---D | C] -- C:\Users\Tammy\AppData\Local\SearchProtect
[2014/03/30 15:18:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/03/30 15:17:51 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/30 13:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/03/29 21:22:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/29 21:19:54 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2014/03/29 18:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
[2014/03/29 17:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\MCShield
[2014/03/29 17:59:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MCShield
[2014/03/29 17:57:04 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Tammy\Desktop\aswmbr.exe
[2014/03/29 17:56:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tammy\Desktop\OTL.exe
[2014/03/29 17:56:45 | 002,846,904 | ---- | C] (MyCity) -- C:\Users\Tammy\Desktop\MCShield-Setup.exe
[2014/03/29 01:01:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/03/28 12:51:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2014/03/26 22:26:41 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/03/26 22:25:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/03/20 17:17:32 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014/03/20 17:15:54 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/03/18 13:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/03/18 12:59:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/10/12 18:01:48 | 002,162,416 | ---- | C] (Catalina Marketing Corp) -- C:\Users\Tammy\AppData\Local\BcsKtYcHW.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014/03/30 15:29:24 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/30 15:29:24 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/30 15:26:03 | 000,798,756 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/30 15:26:03 | 000,662,764 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/30 15:26:03 | 000,122,582 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/30 15:24:14 | 000,001,513 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2014/03/30 15:23:18 | 000,003,037 | ---- | M] () -- C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk
[2014/03/30 15:22:09 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2014/03/30 15:21:56 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/30 15:21:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/30 15:21:24 | 2903,281,664 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/30 15:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/30 15:06:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3414749739-620263832-1076424935-1001UA.job
[2014/03/30 15:05:02 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/30 14:59:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2014/03/30 01:06:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3414749739-620263832-1076424935-1001Core.job
[2014/03/29 19:28:54 | 000,907,539 | ---- | M] () -- C:\Users\Tammy\Desktop\0329141846.jpg
[2014/03/29 18:52:42 | 000,002,386 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2014/03/29 17:57:22 | 000,987,448 | ---- | M] () -- C:\Users\Tammy\Desktop\SecurityCheck(1).exe
[2014/03/29 17:57:09 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Tammy\Desktop\aswmbr.exe
[2014/03/29 17:57:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tammy\Desktop\OTL.exe
[2014/03/29 17:56:53 | 002,846,904 | ---- | M] (MyCity) -- C:\Users\Tammy\Desktop\MCShield-Setup.exe
[2014/03/27 11:57:23 | 000,186,566 | ---- | M] () -- C:\Users\Tammy\Desktop\8040659 Inv.pdf
[2014/03/27 11:54:18 | 000,557,352 | ---- | M] () -- C:\Users\Tammy\Desktop\8040659 POD.pdf
[2014/03/27 11:52:44 | 000,609,064 | ---- | M] () -- C:\Users\Tammy\Desktop\8040659 Conf.pdf
[2014/03/26 22:25:35 | 000,315,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/26 22:22:08 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014/03/26 22:17:31 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/03/26 22:06:56 | 000,798,756 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/03/26 21:57:14 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-TAMS-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/03/26 17:06:21 | 005,560,425 | ---- | M] () -- C:\Users\Tammy\Desktop\G2 Manual.pdf
[2014/03/20 17:37:06 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_523
 
========== Files Created - No Company Name ==========
 
[2014/03/29 19:28:52 | 000,907,539 | ---- | C] () -- C:\Users\Tammy\Desktop\0329141846.jpg
[2014/03/29 17:57:14 | 000,987,448 | ---- | C] () -- C:\Users\Tammy\Desktop\SecurityCheck(1).exe
[2014/03/27 11:57:22 | 000,186,566 | ---- | C] () -- C:\Users\Tammy\Desktop\8040659 Inv.pdf
[2014/03/27 11:54:17 | 000,557,352 | ---- | C] () -- C:\Users\Tammy\Desktop\8040659 POD.pdf
[2014/03/27 11:52:44 | 000,609,064 | ---- | C] () -- C:\Users\Tammy\Desktop\8040659 Conf.pdf
[2014/03/26 21:57:14 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-TAMS-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/03/26 17:06:20 | 005,560,425 | ---- | C] () -- C:\Users\Tammy\Desktop\G2 Manual.pdf
[2013/11/05 21:48:07 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/11/05 21:48:07 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/11/05 21:48:06 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2013/11/05 21:48:04 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/11/05 21:48:03 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/10/12 18:01:46 | 000,893,239 | ---- | C] () -- C:\Users\Tammy\AppData\Local\a.zip
[2013/03/09 17:28:36 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/07/18 22:26:02 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/02/16 11:54:31 | 000,026,339 | ---- | C] () -- C:\Users\Tammy\AppData\Local\Temp20.html
[2012/02/16 11:54:14 | 000,001,955 | ---- | C] () -- C:\Users\Tammy\AppData\Local\Temp1.html
[2012/02/10 17:32:50 | 000,000,036 | ---- | C] () -- C:\Users\Tammy\AppData\Local\housecall.guid.cache
[2011/12/02 21:26:31 | 000,004,608 | ---- | C] () -- C:\Users\Tammy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\syswow64\wbem\fastprox.dll -- [2010/11/20 07:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/11/22 19:00:58 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\ASUS WebStorage
[2012/09/04 18:53:56 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\Catalina Marketing Corp
[2013/10/12 18:01:41 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\Catalina – Print Savings
[2012/01/02 23:09:39 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\MediaArt
[2011/11/26 14:56:55 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\Nuance
[2012/03/07 18:49:03 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\OpenOffice.org
[2014/03/18 11:52:31 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\Opera Software
[2011/12/04 14:17:28 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\PhotoFiltre
[2012/03/16 02:58:01 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\PhotoScape
[2011/12/11 17:19:28 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\SoftGrid Client
[2013/02/08 19:24:04 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\Visan
[2013/11/24 12:35:15 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\Windows
[2012/08/14 14:48:22 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\Windows Live Writer
[2011/11/25 11:40:49 | 000,000,000 | ---D | M] -- C:\Users\Tammy\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 

< End of report >
 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP