Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Virus PC Maximizer taken over computer [Closed]

Started by msdawn , Jun 19 2014 12:45 PM

This topic is locked

#1
msdawn

Posted 19 June 2014 - 12:45 PM

Member

Member
94 posts

This virus has taken over compter. PC Speed Maximizer makes me use their web search...cant do anything...I downloaded OTL and this is what i got.

OTL Extras logfile created on: 6/19/2014 1:15:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mom n Dad\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.88 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 54.77% Memory free
7.76 Gb Paging File | 5.38 Gb Available in Paging File | 69.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 442.18 Gb Total Space | 382.09 Gb Free Space | 86.41% Space Free | Partition Type: NTFS

Computer Name: MOMNDAD-PC | User Name: Mom n Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- C:\Program Files (x86)\Advanced File Optimizer\AdvancedFileOptimizerManager.exe -scanunknown "%1" (Systweak)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- C:\Program Files (x86)\Advanced File Optimizer\AdvancedFileOptimizerManager.exe -scanunknown "%1" (Systweak)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"Belkin USB Print and Storage Center" = Belkin USB Print and Storage Center
"McAfee Security Scan" = McAfee Security Scan Plus
"MyPC Backup" = MyPC Backup
"PC-Doctor for Windows" = My Dell
"sizlsearch" = sizlsearch

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1" = SiteRanker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33393A55-CFC1-4B06-A981-C1ED0F5E58FE}" = Verizon_NCMC_UTM64
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3BD7DD08-991B-4A2F-A165-614ED14EAADD}" = Dell MusicStage
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3FA1785D-EED5-4840-A78F-2FC8B663CA86}" = CASIO C781 USB Driver V1.0.4.0
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{431E2654-B0A4-4140-82A2-DD55B028B626}" = Blio
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{451517F1-7E41-400B-AA36-FB7E2563526D}" = Dell Wireless Driver Installation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{91EED728-B6DD-4DF9-B8DB-A19BA091DC4C}" = Verizon Tool Launcher for C781
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{99072AB4-D795-44D5-9D65-E3C9F8322C97}" = TomTom HOME
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.10) MUI
"{AF4D3C63-009B-4A17-B02E-D395065DD3F0}" = Dell Stage Remote
"{B482E758-D602-434C-80B9-DDEFEEAE4BCA}_is1" = mPlayer version 1.0
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = DriverScanner
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{DA605840-0C5D-4A08-A1AD-22B3BDFB85FA}" = Verizon_NCMC_UT_Framework
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFA4FEF1-2122-4287-8996-AF59D5D9EF6F}" = Verizon_NCMC_C781_UT
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}" = Cozi
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FC7E771F-8170-4573-825D-EDB6723C804F}_is1" = Disk Speedup
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE182796-F6BA-486A-8590-89B7E8D1D60F}" = Dell Stage
"{FE60B87C-63A2-4A45-AC06-FFEFD5DB7846}_is1" = Online Vault
"00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1" = Advanced System Protector
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Advanced File Optimizer_is1" = Advanced File Optimizer
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"BrowserSafeguard" = BrowserSafeguard with RocketTab
"Canon MP495 series User Registration" = Canon MP495 series User Registration
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Consumer Input Installer" = Consumer Input (remove only)
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Flash Player Pro_is1" = Flash Player Pro V5.4
"IECT3311834" = Installl Converter A Toolbar for IE
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"MapsGalaxy_39bar Uninstall" = MapsGalaxy Toolbar
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Optimizer Pro_is1" = Optimizer Pro v3.2
"PC Speed Maximizer_is1" = PC Speed Maximizer v3.2
"RealPlayer 16.0" = RealPlayer
"RegClean Pro_is1" = RegClean Pro
"SaferBrowser" = SaferBrowser
"SearchProtect" = Search Protect
"Video Mover_is1" = Video Mover
"VOPackage" = Installer
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo Toolbar
"ZinioReader4" = Zinio Reader 4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1399685641-2452391960-3966799618-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"magicJack" = magicJack
"Severe Weather Alerts" = Severe Weather Alerts

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/19/2014 12:41:17 PM | Computer Name = MomnDad-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/19/2014 12:54:55 PM | Computer Name = MomnDad-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/19/2014 1:01:05 PM | Computer Name = MomnDad-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/19/2014 1:21:10 PM | Computer Name = MomnDad-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/19/2014 1:29:41 PM | Computer Name = MomnDad-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/19/2014 1:41:26 PM | Computer Name = MomnDad-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/19/2014 1:47:06 PM | Computer Name = MomnDad-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/19/2014 1:53:11 PM | Computer Name = MomnDad-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/19/2014 1:56:55 PM | Computer Name = MomnDad-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/19/2014 2:02:30 PM | Computer Name = MomnDad-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 11.0.9600.17126,
time stamp: 0x53882d40 Faulting module name: ntdll.dll, version: 6.1.7601.18247,
time stamp: 0x521eaf24 Exception code: 0xc0000420 Fault offset: 0x00000000000c4102
Faulting
process id: 0xd54 Faulting application start time: 0x01cf8be89465ff90 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: e0c5ea01-f7db-11e3-a969-d4bed9e53ced

Error - 6/19/2014 2:02:34 PM | Computer Name = MomnDad-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/19/2014 2:15:32 PM | Computer Name = MomnDad-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel.    Process ID: 176c    Start Time:
01cf8bea1faa6205    Termination Time: 16    Application Path: C:\Users\Mom n Dad\Downloads\OTL.exe

Report
Id: b00c5d0b-f7dd-11e3-a969-d4bed9e53ced

[ System Events ]
Error - 6/19/2014 1:55:11 PM | Computer Name = MomnDad-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error:   %%1068

Error - 6/19/2014 1:55:11 PM | Computer Name = MomnDad-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error:   %%1068

Error - 6/19/2014 1:55:11 PM | Computer Name = MomnDad-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error:   %%1068

Error - 6/19/2014 2:00:30 PM | Computer Name = MomnDad-PC | Source = DCOM | ID = 10010
Description =

Error - 6/19/2014 2:01:20 PM | Computer Name = MomnDad-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 6/19/2014 2:02:00 PM | Computer Name = MomnDad-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Computer
Backup (MyPC Backup) service to connect.

Error - 6/19/2014 2:02:00 PM | Computer Name = MomnDad-PC | Source = Service Control Manager | ID = 7000
Description = The Computer Backup (MyPC Backup) service failed to start due to the
following error:   %%1053

Error - 6/19/2014 2:02:02 PM | Computer Name = MomnDad-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error:   %%-2147024891

Error - 6/19/2014 2:02:02 PM | Computer Name = MomnDad-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 6/19/2014 2:02:05 PM | Computer Name = MomnDad-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

< End of report >

#2
Biscuithd

Posted 20 June 2014 - 12:27 PM

Trusted Helper

Malware Removal
2,573 posts

Hi there, wavey.gif.pagespeed.ce.4AQn4GwL8t.gif Welcome to the forums!
welcome.gif.pagespeed.ce.jM2aDq5TfO.gif . My name is Biscuithd and I will be assisting you with your Computer issues.

I know how upsetting it can be when one's computer is experiencing problems. I will try to help get things squared away. For a start please make sure that you...

Carefully read every post completely before doing anything.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
Do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.

What you have posted is the Extras.txt log which I do need, but I also need the OTL.txt file. You can find it here C:\Users\Mom n Dad\Downloads however, it might have been deleted. If you can't find it, the re-run OTL and choose the Quick Scan button and post the OTL.txt log here.

If you can't get OTL to run or if booting is an issue, try booting to Safe Mode with Network and see if you can run OTL there. If you need instructions for reaching Safe Mode, let me know

#3
msdawn

Posted 21 June 2014 - 07:26 AM

Member

Topic Starter
Member
94 posts

OTL logfile created on: 6/19/2014 1:15:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mom n Dad\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.88 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 54.77% Memory free
7.76 Gb Paging File | 5.38 Gb Available in Paging File | 69.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 442.18 Gb Total Space | 382.09 Gb Free Space | 86.41% Space Free | Partition Type: NTFS

Computer Name: MOMNDAD-PC | User Name: Mom n Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/06/19 13:12:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mom n Dad\Downloads\OTL.exe
PRC - [2014/06/18 10:06:34 | 000,359,424 | ---- | M] () -- C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
PRC - [2014/06/18 03:46:09 | 000,317,728 | ---- | M] () -- C:\Program Files (x86)\sizlsearch\bin\utilsizlsearch.exe
PRC - [2014/06/18 03:45:50 | 000,317,728 | ---- | M] () -- C:\Program Files (x86)\sizlsearch\updatesizlsearch.exe
PRC - [2014/06/12 13:52:42 | 000,418,760 | ---- | M] (PC Utilities Software Limited) -- C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
PRC - [2014/05/29 22:26:50 | 000,640,000 | ---- | M] () -- C:\Program Files (x86)\Premium Software\systerm32.exe
PRC - [2014/05/29 06:16:32 | 000,241,344 | ---- | M] () -- C:\Program Files\pcmax\pcmax.exe
PRC - [2014/05/23 02:31:06 | 004,879,680 | ---- | M] (Client Connect LTD) -- C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
PRC - [2014/05/23 02:31:06 | 003,080,000 | ---- | M] (Client Connect LTD) -- C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
PRC - [2014/05/23 02:31:06 | 002,497,856 | ---- | M] (Client Connect LTD) -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2014/05/22 09:44:36 | 001,082,240 | ---- | M] () -- C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
PRC - [2014/05/21 23:40:06 | 001,380,288 | ---- | M] (Xacti, LLC) -- C:\Program Files (x86)\Inbox Toolbar\Inbox.exe
PRC - [2014/05/21 01:53:10 | 000,369,000 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\OnlineVault\OVTray.exe
PRC - [2014/05/14 00:42:54 | 001,076,696 | ---- | M] (Crawler, LLC) -- C:\Program Files (x86)\SiteRanker\SiteRankTray.exe
PRC - [2014/05/08 18:11:58 | 000,263,048 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
PRC - [2014/04/28 14:21:56 | 000,424,760 | ---- | M] (Smart PC Solutions) -- C:\Program Files (x86)\PC Speed Maximizer\SPMSmartScan.exe
PRC - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/29 19:39:36 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/08/27 16:57:34 | 000,093,072 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2013/08/27 16:57:32 | 000,248,208 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2013/08/14 16:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/07/18 16:39:40 | 000,762,192 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2013/07/02 09:16:32 | 000,507,264 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/11/10 13:26:10 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe
PRC - [2012/11/10 13:26:10 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe
PRC - [2012/08/21 14:20:02 | 000,067,496 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
PRC - [2012/02/23 15:58:18 | 001,644,448 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
PRC - [2012/02/23 15:57:36 | 000,563,104 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2012/02/23 15:57:34 | 001,885,088 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2012/02/23 15:57:30 | 007,029,664 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2012/02/17 01:33:34 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011/12/16 15:38:48 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/12/16 15:38:46 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/11/29 22:16:56 | 000,073,728 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
PRC - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/11/29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/08/31 10:57:00 | 000,258,048 | ---- | M] (Pantech) -- C:\Program Files (x86)\NCMC\EUDL\UTM\PantechUTM.exe
PRC - [2011/06/29 08:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
PRC - [2011/06/27 19:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/04/05 14:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2014/06/18 10:06:34 | 000,359,424 | ---- | M] () -- C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
MOD - [2014/05/29 22:26:50 | 000,640,000 | ---- | M] () -- C:\Program Files (x86)\Premium Software\systerm32.exe
MOD - [2014/05/22 09:44:36 | 001,082,240 | ---- | M] () -- C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
MOD - [2014/05/15 16:11:58 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6b81a58601cb555dd9e63bc05557751b\IAStorUtil.ni.dll
MOD - [2014/05/15 16:06:35 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll
MOD - [2014/03/14 22:25:44 | 000,236,544 | ---- | M] () -- C:\Program Files (x86)\Premium Software\sqlite3.dll
MOD - [2014/02/14 06:50:49 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\33f1f62a80540af6dba6af268692c041\IAStorCommon.ni.dll
MOD - [2014/02/14 05:22:30 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/14 05:22:23 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/14 05:22:11 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/14 05:22:06 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/14 05:22:03 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f96e07044730442ee1f3dd90db984e6a\System.Configuration.ni.dll
MOD - [2014/02/14 05:22:02 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/14 05:21:54 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2012/08/21 14:20:02 | 000,067,496 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
MOD - [2012/02/23 15:57:38 | 000,022,944 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2012/02/23 15:19:16 | 000,669,696 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2011/06/29 08:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
MOD - [2011/06/27 19:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
MOD - [2011/06/27 19:25:30 | 000,058,944 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
MOD - [2011/06/24 23:21:46 | 000,322,624 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll
MOD - [2011/06/24 23:20:26 | 000,565,968 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
MOD - [2010/08/22 20:01:36 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/08/22 20:01:08 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/08/22 20:01:06 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/08/22 20:01:06 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/08/22 19:32:34 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2010/03/22 15:52:42 | 006,776,832 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
MOD - [2010/03/16 20:28:28 | 000,326,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
MOD - [2010/03/16 20:28:16 | 000,635,904 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
MOD - [2010/03/16 20:28:04 | 001,926,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
MOD - [2010/03/11 19:52:34 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
MOD - [2010/03/11 19:52:34 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
MOD - [2010/03/05 15:07:58 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
MOD - [2010/03/05 15:07:58 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll

========== Services (SafeList) ==========

SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
SRV:64bit: - [2014/06/09 19:52:19 | 000,706,560 | ---- | M] () [Auto | Running] -- C:\Program Files\003\vxlsnyaiet64.exe -- (vxlsnyaiet64)
SRV:64bit: - [2014/05/30 04:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/05/29 06:16:32 | 000,241,344 | ---- | M] () [Auto | Running] -- C:\Program Files\pcmax\pcmax.exe -- (pcmaxservice)
SRV:64bit: - [2014/04/09 08:13:48 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2011/12/08 16:38:24 | 000,607,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2011/04/19 16:31:16 | 000,181,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/09 15:55:52 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 20:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (70e6ca8c)
SRV - [2014/06/18 03:46:09 | 000,317,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\sizlsearch\bin\utilsizlsearch.exe -- (Util sizlsearch)
SRV - [2014/06/18 03:45:50 | 000,317,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\sizlsearch\updatesizlsearch.exe -- (Update sizlsearch)
SRV - [2014/05/23 02:31:06 | 002,497,856 | ---- | M] (Client Connect LTD) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2014/05/14 18:39:11 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/18 05:51:19 | 000,106,296 | ---- | M] (ConsumerInput) [On_Demand | Stopped] -- C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe -- (consumerinput_updatem)
SRV - [2014/04/18 05:51:19 | 000,106,296 | ---- | M] (ConsumerInput) [Auto | Stopped] -- C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe -- (consumerinput_update)
SRV - [2014/03/14 09:17:00 | 000,036,392 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/02 15:52:08 | 000,692,008 | ---- | M] (Systweak Inc., (www.systweak.com)) [Auto | Running] -- C:\Program Files (x86)\Disk Speedup\DSUDefragSrv64.exe -- (DSUDiskOptimizer)
SRV - [2013/08/27 16:57:34 | 000,093,072 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2013/08/14 16:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/07/18 16:39:40 | 000,762,192 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2012/11/10 13:26:10 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe -- (MapsGalaxy_39Service)
SRV - [2012/02/23 15:57:36 | 000,563,104 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2011/12/21 21:04:42 | 000,274,200 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011/12/16 15:38:48 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/12/16 15:38:46 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/11/29 22:16:56 | 000,073,728 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/05/20 10:08:20 | 000,065,536 | ---- | M] (TODO: <Company name>) [Auto | Stopped] -- C:\Program Files (x86)\NCMC\EUDL\UTM\PantechService.exe -- (Pantech UTM Service)
SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/08/25 20:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/05 14:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys -- (SMUpdd)
DRV:64bit: - [2014/06/09 12:01:48 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys -- ({9d5747ee-0448-4681-8337-1555de75a3b6}Gw64)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/04/29 02:42:09 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/04/29 02:42:09 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/27 02:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/01/27 02:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/01/27 02:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011/12/15 20:01:08 | 014,646,560 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/12/06 06:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/12/02 21:12:52 | 002,796,544 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/11/29 22:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/10 04:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/08/24 01:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/07/14 02:28:14 | 000,183,296 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\C781Vsp.sys -- (C781Vsp)
DRV:64bit: - [2011/07/14 02:28:14 | 000,183,296 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\C781Mdm.sys -- (C781Mdm)
DRV:64bit: - [2011/07/14 02:28:14 | 000,099,200 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\C781BUS.sys -- (C781BUS)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/22 16:50:00 | 000,291,352 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 04:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...cr=276089853=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {87575A10-906E-4892-8D9C-E203F73BF9CE}
IE:64bit: - HKLM\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/...cr=276089853=
IE:64bit: - HKLM\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://www-search.ne...&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{87575A10-906E-4892-8D9C-E203F73BF9CE}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...cr=276089853=
IE - HKLM\..\URLSearchHook: {f84db37a-ae6f-423b-9f51-14b5ec10c879} - C:\Program Files (x86)\Installl_Converter_A\prxtbInst.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {3F229536-5CF1-48E0-B503-5D687169D5B0}
IE - HKLM\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.tb.ask...or={searchTerms}
IE - HKLM\..\SearchScopes\{87575A10-906E-4892-8D9C-E203F73BF9CE}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://search.mywebs...or={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\URLSearchHook: {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No CLSID value found
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\URLSearchHook: {f84db37a-ae6f-423b-9f51-14b5ec10c879} - C:\Program Files (x86)\Installl_Converter_A\prxtbInst.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{3F0F7EC3-B59E-44F5-BB53-67AEC49BD573}: "URL" = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{3F229536-5CF1-48E0-B503-5D687169D5B0}: "URL" = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{5DF1E62F-F24E-4D6F-88DD-FAE08FC0687C}: "URL" = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{67349ABE-6A96-4734-BF91-4BD50B20845E}: "URL" = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{6747FD11-9D8F-42A0-9531-B2F4FD0E812D}: "URL" = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{87575A10-906E-4892-8D9C-E203F73BF9CE}: "URL" = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{B141F27F-CB03-4FE7-80B1-92BE7B2367C2}: "URL" = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{B903E7F3-FC8E-4A4F-9C08-1C5B2D05D550}: "URL" = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{D3E502F6-745E-4676-8B3D-9E36AB5C7504}: "URL" = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49214;https=127.0.0.1:49214

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@MapsGalaxy_39.com/Plugin: C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\NP39Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\39ffxtbr@MapsGalaxy_39.com: C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin [2012/12/16 19:57:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/11/29 19:40:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/11/29 19:40:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\SiteRanker\firefox\ [2014/06/19 13:02:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK

[2013/08/18 20:24:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom n Dad\AppData\Roaming\Mozilla\Extensions
[2013/08/18 20:24:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom n Dad\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files (x86)\SiteRanker\SiteR64.dll (Crawler, LLC)
O2:64bit: - BHO: (no name) - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - No CLSID value found.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll (Xacti, LLC)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files (x86)\SiteRanker\SiteRank.dll (Crawler, LLC)
O2 - BHO: (Toolbar BHO) - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (MindSpark)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (sizlsearch) - {36d96925-abfa-4eb8-b630-305e905a930d} - C:\Program Files (x86)\sizlsearch\82A84BB2-59FD-474A-AD3A-36ECBB621F3C.dll (sizlsearch)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Search Assistant BHO) - {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (MindSpark)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Consumer Input DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll (Compete, Inc.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Xacti, LLC)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Installl Converter A Toolbar) - {f84db37a-ae6f-423b-9f51-14b5ec10c879} - C:\Program Files (x86)\Installl_Converter_A\prxtbInst.dll (Conduit Ltd.)
O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll (Xacti, LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (MapsGalaxy) - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Xacti, LLC)
O3 - HKLM\..\Toolbar: (Yahoo Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Installl Converter A Toolbar) - {f84db37a-ae6f-423b-9f51-14b5ec10c879} - C:\Program Files (x86)\Installl_Converter_A\prxtbInst.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\Toolbar\WebBrowser: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll File not found
O3:64bit: - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll (Xacti, LLC)
O3 - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Xacti, LLC)
O3 - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\Toolbar\WebBrowser: (Installl Converter A Toolbar) - {F84DB37A-AE6F-423B-9F51-14B5EC10C879} - C:\Program Files (x86)\Installl_Converter_A\prxtbInst.dll (Conduit Ltd.)
O3:HKU - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\Toolbar\WebBrowser: (Installl Converter A Toolbar) - {F84DB37A-AE6F-423B-9F51-14B5EC10C879} - C:\Users\Mom n Dad\AppData\LocalLow\Installl_Converter_A\prxtbIns2.dll (ClientConnect Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] FILES\ADOBE\OOBE\PDAPP\UWA\UPDATERSTARTUPUTILITY.EXE" File not found
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE File not found
O4:64bit: - HKLM..\Run: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE File not found
O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\pcmax\service.exe ()
O4:64bit: - HKLM..\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE File not found
O4:64bit: - HKLM..\Run: [RTHDVCPL] GUI64.EXE -S File not found
O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BrowserSafeguard] C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe ()
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [InboxToolbar] C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (Xacti, LLC)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [MapsGalaxy Search Scope Monitor] C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrchMn.exe (MindSpark)
O4 - HKLM..\Run: [MapsGalaxy_39 Browser Plugin Loader] C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
O4 - HKLM..\Run: [Online Vault] C:\Program Files (x86)\OnlineVault\OVTray.exe (Crawler.com)
O4 - HKLM..\Run: [SaferBrowser] C:\Program Files (x86)\SaferBrowser\SaferBrowser.exe ()
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe File not found
O4 - HKLM..\Run: [SiteRanker] C:\Program Files (x86)\SiteRanker\SiteRankTray.exe (Crawler, LLC)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [Windows FUPM Service Manager] C:\Program Files (x86)\Premium Software\systerm32.exe ()
O4 - HKLM..\Run: [YTDownloader] "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001..\Run: [cdloader] C:\Users\Mom n Dad\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Software Limited)
O4 - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001..\Run: [YTDownloader] "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O4 - Startup: C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk = C:\Users\Mom n Dad\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe ()
O4 - Startup: C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk = C:\Users\Mom n Dad\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe (Weather Notifications, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..Trusted Domains: genieo.com ([search] http in Trusted sites)
O15 - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..Trusted Ranges: Range1 ([*] in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1185DF9B-6F1D-4FEF-88AB-B9873EF8A071}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{285D4A35-BE8B-4254-975D-0A0A65203B73}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll (Xacti, LLC)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Xacti, LLC)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Client Connect LTD)
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Client Connect LTD)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9ee89b7d-d678-11e2-af80-d4bed9e53ced}\Shell - "" = AutoRun
O33 - MountPoints2\{9ee89b7d-d678-11e2-af80-d4bed9e53ced}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\TL-Bootstrap.exe
O33 - MountPoints2\{d245ffba-880d-11e3-b7d5-d4bed9e53ced}\Shell - "" = AutoRun
O33 - MountPoints2\{d245ffba-880d-11e3-b7d5-d4bed9e53ced}\Shell\AutoRun\command - "" = E:\KODAK_Camera_Setup_App.exe
O33 - MountPoints2\{fb82fe47-c19b-11e3-8cd0-d4bed9e53ced}\Shell - "" = AutoRun
O33 - MountPoints2\{fb82fe47-c19b-11e3-8cd0-d4bed9e53ced}\Shell\AutoRun\command - "" = E:\LG_PC_Programs.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/06/19 13:13:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mom n Dad\Desktop\OTL.exe
[2014/06/19 13:02:26 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\AppData\Local\SearchProtect
[2014/06/19 12:39:04 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/06/19 12:26:17 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\AppData\Roaming\Optimizer Pro
[2014/06/18 21:10:56 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\AppData\Local\{03293ED7-4396-434C-889C-5FBF33187F7A}
[2014/06/18 21:10:40 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\Documents\My Weblog Posts
[2014/06/18 10:08:31 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2014/06/18 10:08:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2014/06/18 10:08:22 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
[2014/06/18 10:08:21 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\AppData\Roaming\VOPackage
[2014/06/18 10:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
[2014/06/18 10:07:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2014/06/18 10:06:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Browsersafeguard
[2014/06/18 10:06:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaferBrowser
[2014/06/15 16:28:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2014/06/15 16:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2014/06/14 15:31:08 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2014/06/14 15:31:08 | 000,288,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2014/06/14 15:31:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2014/06/14 15:31:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2014/06/14 15:31:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/06/14 15:31:05 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/06/14 15:31:05 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/06/14 15:31:05 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/06/14 15:31:05 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/06/14 15:31:05 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/06/14 15:31:05 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/06/14 15:31:04 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/06/14 15:31:04 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/06/14 15:31:03 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/06/14 15:31:03 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/06/14 15:31:03 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/06/14 15:31:03 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/06/14 15:31:03 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/06/14 15:31:03 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/06/14 15:31:03 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/06/14 15:31:02 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/06/14 15:31:02 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/06/14 15:31:02 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/06/14 15:31:02 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/06/14 15:31:02 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/06/14 15:31:01 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/06/14 15:31:01 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/06/14 15:31:01 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/06/14 15:31:00 | 005,782,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/06/14 15:31:00 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/06/14 15:31:00 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/06/14 15:31:00 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/06/14 15:31:00 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/06/14 15:31:00 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/06/14 15:30:59 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/06/14 15:30:59 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/06/14 15:30:57 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/06/14 15:30:21 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/06/14 15:30:21 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/06/14 15:23:02 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\AppData\Roaming\PC Speed Maximizer
[2014/06/13 17:35:44 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2014/06/12 17:34:17 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys
[2014/06/12 03:59:29 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\Documents\PC Speed Maximizer
[2014/06/12 03:55:41 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\AppData\Local\Weather_Notifications,_LL
[2014/06/12 03:55:40 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\AppData\Local\SevereWeatherAlerts
[2014/06/12 03:55:40 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Severe Weather Alerts
[2014/06/12 03:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\pcmax
[2014/06/12 03:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
[2014/06/12 03:54:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Speed Maximizer
[2014/06/12 03:53:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sizlsearch
[2014/06/12 03:51:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/06/12 03:51:33 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/06/09 21:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\374311380
[2014/06/09 20:05:55 | 000,815,502 | ---- | C] (Click Me In Limited) -- C:\Users\Mom n Dad\AppData\Local\AnyProtectScannerSetup.exe
[2014/06/09 19:56:18 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\Documents\Optimizer Pro
[2014/06/09 19:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Premium Software
[2014/06/09 19:56:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Premium Software
[2014/06/09 19:53:54 | 000,338,120 | ---- | C] (SecureAssist) -- C:\Windows\SysNative\SecureAssist64.dll
[2014/06/09 19:53:52 | 000,295,080 | ---- | C] (SecureAssist) -- C:\Windows\SysWow64\SecureAssist.dll
[2014/06/09 19:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\003
[2014/06/09 19:49:31 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\AppData\Local\globalUpdate
[2014/06/09 19:49:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\globalUpdate
[2014/06/09 19:49:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SearchModule
[2014/06/09 19:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Goobzo
[2014/06/09 19:49:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ShopperPro
[2014/06/09 19:49:16 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\AppData\Local\CrashRpt
[2014/05/30 13:30:59 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\AppData\Roaming\OnlineVault
[2014/05/30 13:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Vault
[2014/05/30 13:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OnlineVault
[2014/05/30 13:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiteRanker
[2014/05/30 13:30:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SiteRanker
[2014/05/30 13:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
[2014/05/30 13:29:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inbox Toolbar
[2014/05/30 00:51:17 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\Documents\carrie golden
[2003/03/18 22:20:00 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\mfc71.dll
[2003/03/18 22:12:12 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\mfc71u.dll
[2003/03/18 21:44:38 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\MFC71ENU.DLL
[2003/03/18 21:44:38 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\MFC71KOR.DLL
[2003/03/18 21:44:36 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\MFC71ITA.DLL
[2003/03/18 21:44:36 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\MFC71ESP.DLL
[2003/03/18 21:44:36 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\MFC71CHT.DLL
[2003/03/18 21:44:36 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\MFC71CHS.DLL
[2003/03/18 21:44:34 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\MFC71DEU.DLL
[2003/03/18 21:44:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\MFC71FRA.DLL
[2003/03/18 21:44:34 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\MFC71JPN.DLL
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Mom n Dad\AppData\Local\*.tmp files -> C:\Users\Mom n Dad\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/06/19 13:18:17 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/19 13:18:17 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/19 13:18:00 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\CIMT_S-1-5-21-1399685641-2452391960-3966799618-1001.job
[2014/06/19 13:12:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mom n Dad\Desktop\OTL.exe
[2014/06/19 13:09:36 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/19 13:09:36 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/19 13:09:24 | 000,783,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/19 13:09:24 | 000,662,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/19 13:09:24 | 000,122,446 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/19 13:02:23 | 000,001,975 | ---- | M] () -- C:\Users\Mom n Dad\Desktop\Sync Folder.lnk
[2014/06/19 13:01:26 | 000,000,972 | ---- | M] () -- C:\Windows\tasks\ConsumerInputUpdateTaskMachineCore.job
[2014/06/19 13:01:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/19 13:00:56 | 3125,407,744 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/18 10:08:31 | 000,001,103 | ---- | M] () -- C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/06/18 10:08:31 | 000,001,093 | ---- | M] () -- C:\Users\Mom n Dad\Desktop\MyPC Backup.lnk
[2014/06/18 10:07:13 | 000,001,068 | ---- | M] () -- C:\Users\Mom n Dad\Desktop\Optimizer Pro.lnk
[2014/06/18 10:06:29 | 000,002,384 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2014/06/18 10:06:29 | 000,002,358 | ---- | M] () -- C:\Users\Public\Desktop\Canon MP495 series On-screen Manual.lnk
[2014/06/18 10:06:29 | 000,001,613 | ---- | M] () -- C:\Users\Mom n Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/06/18 03:56:00 | 000,000,976 | ---- | M] () -- C:\Windows\tasks\ConsumerInputUpdateTaskMachineUA.job
[2014/06/17 21:39:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/15 16:28:18 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014/06/15 16:28:18 | 000,001,893 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014/06/13 17:44:25 | 000,000,024 | ---- | M] () -- C:\Users\Mom n Dad\random.dat
[2014/06/13 17:41:32 | 000,000,048 | ---- | M] () -- C:\Users\Mom n Dad\jagex_cl_runescape_LIVE.dat
[2014/06/12 03:55:40 | 000,002,189 | ---- | M] () -- C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk
[2014/06/12 03:55:40 | 000,001,238 | ---- | M] () -- C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk
[2014/06/12 03:54:18 | 000,001,123 | ---- | M] () -- C:\Users\Mom n Dad\Desktop\PC Speed Maximizer.lnk
[2014/06/09 20:19:35 | 000,000,314 | ---- | M] () -- C:\Users\Mom n Dad\AppData\Roaming\aps.uninstall.scan.results
[2014/06/09 19:59:22 | 000,000,000 | ---- | M] () -- C:\end
[2014/06/09 12:01:48 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys
[2014/06/08 04:13:05 | 000,506,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/06/08 04:08:04 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/06/05 13:29:26 | 000,815,502 | ---- | M] (Click Me In Limited) -- C:\Users\Mom n Dad\AppData\Local\AnyProtectScannerSetup.exe
[2014/05/30 05:02:09 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/05/30 04:39:43 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/05/30 04:39:23 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/05/30 04:38:29 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/05/30 04:27:57 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/05/30 04:24:28 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/05/30 04:21:23 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/05/30 04:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/05/30 04:20:36 | 000,752,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/05/30 04:11:24 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/05/30 04:08:22 | 005,782,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/05/30 04:06:42 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/05/30 03:55:36 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/05/30 03:49:21 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/05/30 03:46:48 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/30 03:44:23 | 000,295,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/05/30 03:43:06 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/05/30 03:42:16 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/05/30 03:35:44 | 000,608,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/05/30 03:33:48 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/05/30 03:30:43 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/05/30 03:29:31 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/05/30 03:28:33 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/05/30 03:27:56 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/05/30 03:24:19 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/05/30 03:23:22 | 002,040,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/05/30 03:10:46 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/05/30 03:06:06 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/05/30 03:04:20 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/30 02:50:09 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/05/30 02:49:38 | 001,964,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/05/30 02:13:47 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/05/30 02:13:09 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/05/30 00:01:44 | 000,137,281 | ---- | M] () -- C:\Users\Mom n Dad\Documents\carries pcm doc dont delete.pdf
[2014/05/28 06:37:44 | 000,022,882 | ---- | M] () -- C:\Users\Mom n Dad\Documents\Collage.htm
[2014/05/26 08:23:05 | 000,001,105 | ---- | M] () -- C:\Users\Mom n Dad\Desktop\Documents - Shortcut.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Mom n Dad\AppData\Local\*.tmp files -> C:\Users\Mom n Dad\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/06/18 10:08:34 | 000,001,975 | ---- | C] () -- C:\Users\Mom n Dad\Desktop\Sync Folder.lnk
[2014/06/18 10:08:31 | 000,001,103 | ---- | C] () -- C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/06/18 10:08:31 | 000,001,093 | ---- | C] () -- C:\Users\Mom n Dad\Desktop\MyPC Backup.lnk
[2014/06/18 10:07:13 | 000,001,068 | ---- | C] () -- C:\Users\Mom n Dad\Desktop\Optimizer Pro.lnk
[2014/06/12 03:55:40 | 000,002,189 | ---- | C] () -- C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk
[2014/06/12 03:55:40 | 000,001,238 | ---- | C] () -- C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk
[2014/06/12 03:54:18 | 000,001,123 | ---- | C] () -- C:\Users\Mom n Dad\Desktop\PC Speed Maximizer.lnk
[2014/06/09 20:07:22 | 000,000,314 | ---- | C] () -- C:\Users\Mom n Dad\AppData\Roaming\aps.uninstall.scan.results
[2014/05/30 00:01:44 | 000,137,281 | ---- | C] () -- C:\Users\Mom n Dad\Documents\carries pcm doc dont delete.pdf
[2014/05/28 06:37:44 | 000,022,882 | ---- | C] () -- C:\Users\Mom n Dad\Documents\Collage.htm
[2014/05/26 08:23:05 | 000,001,105 | ---- | C] () -- C:\Users\Mom n Dad\Desktop\Documents - Shortcut.lnk
[2013/03/03 12:24:02 | 000,000,050 | ---- | C] () -- C:\Users\Mom n Dad\jagex_cl_loginapplet_LIVE.dat
[2013/03/03 12:16:47 | 000,000,048 | ---- | C] () -- C:\Users\Mom n Dad\jagex_cl_oldschool_LIVE.dat
[2013/01/11 22:55:49 | 000,000,159 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.reg
[2013/01/11 22:55:49 | 000,000,069 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.bat
[2012/09/25 21:54:43 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/09/23 13:36:55 | 000,000,048 | ---- | C] () -- C:\Users\Mom n Dad\jagex_cl_runescape_LIVE.dat
[2012/09/23 13:36:55 | 000,000,024 | ---- | C] () -- C:\Users\Mom n Dad\random.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720

< End of report >

#4
Biscuithd

Posted 22 June 2014 - 09:43 AM

Trusted Helper

Malware Removal
2,573 posts

Hi msdawn,

I have a fix for you and additionally, a few tools that I'd like you to run. Please run these tools in the order that I've specified below.

If anything is not clear, please let me know

Run OTL as you've done previously.

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Command

[CreateRestorePoint]



:OTL



PRC - [2014/06/18 10:06:34 | 000,359,424 | ---- | M] () -- C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe

PRC - [2014/06/18 03:46:09 | 000,317,728 | ---- | M] () -- C:\Program Files (x86)\sizlsearch\bin\utilsizlsearch.exe

PRC - [2014/06/18 03:45:50 | 000,317,728 | ---- | M] () -- C:\Program Files (x86)\sizlsearch\updatesizlsearch.exe

PRC - [2014/06/12 13:52:42 | 000,418,760 | ---- | M] (PC Utilities Software Limited) -- C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe

PRC - [2014/05/29 22:26:50 | 000,640,000 | ---- | M] () -- C:\Program Files (x86)\Premium Software\systerm32.exe

PRC - [2014/05/29 06:16:32 | 000,241,344 | ---- | M] () -- C:\Program Files\pcmax\pcmax.exe

PRC - [2014/05/23 02:31:06 | 004,879,680 | ---- | M] (Client Connect LTD) -- C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe

PRC - [2014/05/23 02:31:06 | 003,080,000 | ---- | M] (Client Connect LTD) -- C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe

PRC - [2014/05/23 02:31:06 | 002,497,856 | ---- | M] (Client Connect LTD) -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe

PRC - [2014/05/22 09:44:36 | 001,082,240 | ---- | M] () -- C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe

PRC - [2014/05/21 23:40:06 | 001,380,288 | ---- | M] (Xacti, LLC) -- C:\Program Files (x86)\Inbox Toolbar\Inbox.exe

PRC - [2014/05/21 01:53:10 | 000,369,000 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\OnlineVault\OVTray.exe

PRC - [2014/05/14 00:42:54 | 001,076,696 | ---- | M] (Crawler, LLC) -- C:\Program Files (x86)\SiteRanker\SiteRankTray.exe

PRC - [2014/04/28 14:21:56 | 000,424,760 | ---- | M] (Smart PC Solutions) -- C:\Program Files (x86)\PC Speed Maximizer\SPMSmartScan.exe

PRC - [2012/11/10 13:26:10 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe

PRC - [2012/11/10 13:26:10 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe

MOD - [2014/06/18 10:06:34 | 000,359,424 | ---- | M] () -- C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe

MOD - [2014/05/29 22:26:50 | 000,640,000 | ---- | M] () -- C:\Program Files (x86)\Premium Software\systerm32.exe

MOD - [2014/05/22 09:44:36 | 001,082,240 | ---- | M] () -- C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe

SRV:64bit: - [2014/06/09 19:52:19 | 000,706,560 | ---- | M] () [Auto | Running] -- C:\Program Files\003\vxlsnyaiet64.exe -- (vxlsnyaiet64)

SRV:64bit: - [2014/05/29 06:16:32 | 000,241,344 | ---- | M] () [Auto | Running] -- C:\Program Files\pcmax\pcmax.exe -- (pcmaxservice)

SRV - [2014/04/18 05:51:19 | 000,106,296 | ---- | M] (ConsumerInput) [On_Demand | Stopped] -- C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe -- (consumerinput_updatem)

SRV - [2014/04/18 05:51:19 | 000,106,296 | ---- | M] (ConsumerInput) [Auto | Stopped] -- C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe -- (consumerinput_update)

SRV - [2014/03/14 09:17:00 | 000,036,392 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)

SRV - [2012/11/10 13:26:10 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe -- (MapsGalaxy_39Service)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys -- (SMUpdd)

DRV:64bit: - [2014/06/09 12:01:48 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys -- ({9d5747ee-0448-4681-8337-1555de75a3b6}Gw64)

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...cr=276089853=

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {87575A10-906E-4892-8D9C-E203F73BF9CE}

IE:64bit: - HKLM\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/...cr=276089853=

IE:64bit: - HKLM\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://www-search.ne...&q={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{87575A10-906E-4892-8D9C-E203F73BF9CE}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...cr=276089853=

IE - HKLM\..\URLSearchHook: {f84db37a-ae6f-423b-9f51-14b5ec10c879} - C:\Program Files (x86)\Installl_Converter_A\prxtbInst.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {3F229536-5CF1-48E0-B503-5D687169D5B0}

IE - HKLM\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.tb.ask...or={searchTerms}

IE - HKLM\..\SearchScopes\{87575A10-906E-4892-8D9C-E203F73BF9CE}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKLM\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://search.mywebs...or={searchTerms}

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://maxwebsearch....00&i_id==

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\URLSearchHook: {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No CLSID value found

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\URLSearchHook: {f84db37a-ae6f-423b-9f51-14b5ec10c879} - C:\Program Files (x86)\Installl_Converter_A\prxtbInst.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://maxwebsearch....00&i_id==

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://maxwebsearch....00&i_id==

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://maxwebsearch....00&i_id==

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{3F0F7EC3-B59E-44F5-BB53-67AEC49BD573}: "URL" = http://maxwebsearch....00&i_id==

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{3F229536-5CF1-48E0-B503-5D687169D5B0}: "URL" = http://maxwebsearch....00&i_id==

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{5DF1E62F-F24E-4D6F-88DD-FAE08FC0687C}: "URL" = http://maxwebsearch....00&i_id==

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{67349ABE-6A96-4734-BF91-4BD50B20845E}: "URL" = http://maxwebsearch....00&i_id==

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{6747FD11-9D8F-42A0-9531-B2F4FD0E812D}: "URL" = http://maxwebsearch....00&i_id==

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://maxwebsearch....00&i_id==

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{87575A10-906E-4892-8D9C-E203F73BF9CE}: "URL" = http://maxwebsearch....00&i_id==

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://maxwebsearch....00&i_id==

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://maxwebsearch....00&i_id==

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{B141F27F-CB03-4FE7-80B1-92BE7B2367C2}: "URL" = http://maxwebsearch....00&i_id==

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{B903E7F3-FC8E-4A4F-9C08-1C5B2D05D550}: "URL" = http://maxwebsearch....00&i_id==

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://maxwebsearch....00&i_id==

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{D3E502F6-745E-4676-8B3D-9E36AB5C7504}: "URL" = http://maxwebsearch....00&i_id==

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://maxwebsearch....00&i_id==

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\39ffxtbr@MapsGalaxy_39.com: C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin [2012/12/16 19:57:28 | 000,000,000 | ---D | M]

[2013/08/18 20:24:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom n Dad\AppData\Roaming\Mozilla\Extensions

[2013/08/18 20:24:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom n Dad\AppData\Roaming\Mozilla\Extensions\[email protected]

O2:64bit: - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files (x86)\SiteRanker\SiteR64.dll (Crawler, LLC)

O2:64bit: - BHO: (no name) - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - No CLSID value found.

O2:64bit: - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll (Xacti, LLC)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files (x86)\SiteRanker\SiteRank.dll (Crawler, LLC)

O2 - BHO: (Toolbar BHO) - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (MindSpark)

O2 - BHO: (sizlsearch) - {36d96925-abfa-4eb8-b630-305e905a930d} - C:\Program Files (x86)\sizlsearch\82A84BB2-59FD-474A-AD3A-36ECBB621F3C.dll (sizlsearch)

O2 - BHO: (Search Assistant BHO) - {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (MindSpark)

O2 - BHO: (Consumer Input DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll (Compete, Inc.)

O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Xacti, LLC)

O2 - BHO: (Installl Converter A Toolbar) - {f84db37a-ae6f-423b-9f51-14b5ec10c879} - C:\Program Files (x86)\Installl_Converter_A\prxtbInst.dll (Conduit Ltd.)

O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll File not found

O3:64bit: - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll (Xacti, LLC)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (MapsGalaxy) - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (MindSpark)

O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll File not found

O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Xacti, LLC)

O3 - HKLM\..\Toolbar: (Yahoo Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (Installl Converter A Toolbar) - {f84db37a-ae6f-423b-9f51-14b5ec10c879} - C:\Program Files (x86)\Installl_Converter_A\prxtbInst.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\Toolbar\WebBrowser: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll File not found

O3:64bit: - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll (Xacti, LLC)

O3 - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Xacti, LLC)

O3 - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\Toolbar\WebBrowser: (Installl Converter A Toolbar) - {F84DB37A-AE6F-423B-9F51-14B5EC10C879} - C:\Program Files (x86)\Installl_Converter_A\prxtbInst.dll (Conduit Ltd.)

O3:HKU - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\Toolbar\WebBrowser: (Installl Converter A Toolbar) - {F84DB37A-AE6F-423B-9F51-14B5EC10C879} - C:\Users\Mom n Dad\AppData\LocalLow\Installl_Converter_A\prxtbIns2.dll (ClientConnect Ltd.)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0]  FILES\ADOBE\OOBE\PDAPP\UWA\UPDATERSTARTUPUTILITY.EXE" File not found

O4:64bit: - HKLM..\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE File not found

O4:64bit: - HKLM..\Run: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE File not found

O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\pcmax\service.exe ()

O4:64bit: - HKLM..\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE File not found

O4:64bit: - HKLM..\Run: [RTHDVCPL] GUI64.EXE -S File not found

O4 - HKLM..\Run: [BrowserSafeguard] C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe ()

O4 - HKLM..\Run: [InboxToolbar] C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (Xacti, LLC)

O4 - HKLM..\Run: [MapsGalaxy Search Scope Monitor] C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrchMn.exe (MindSpark)

O4 - HKLM..\Run: [MapsGalaxy_39 Browser Plugin Loader] C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe (VER_COMPANY_NAME)

O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe File not found

O4 - HKLM..\Run: [YTDownloader] "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot File not found

O4 - HKLM..\Run: [BrowserSafeguard] C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe ()

O4 - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Software Limited)

O4 - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001..\Run: [YTDownloader] "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)

O15 - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..Trusted Domains: genieo.com ([search] http in Trusted sites)

O15 - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..Trusted Ranges: Range1 ([*] in Trusted sites)

O18:64bit: - Protocol\Handler\cozi - No CLSID value found

O18:64bit: - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll (Xacti, LLC)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)

O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Xacti, LLC)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Client Connect LTD)

O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Client Connect LTD)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

[2014/06/19 13:02:26 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\AppData\Local\SearchProtect

[2014/06/18 10:08:31 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup

[2014/06/18 10:08:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup

[2014/06/19 12:26:17 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\AppData\Roaming\Optimizer Pro

[2014/06/18 10:08:31 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup

[2014/06/18 10:08:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup

[2014/06/18 10:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2

[2014/06/18 10:07:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro

[2014/06/18 10:06:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Browsersafeguard

[2014/06/18 10:06:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaferBrowser

[2014/06/14 15:23:02 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\AppData\Roaming\PC Speed Maximizer

[2014/06/12 17:34:17 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys

[2014/06/12 03:59:29 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\Documents\PC Speed Maximizer

[2014/06/12 03:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\pcmax

[2014/06/12 03:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer

[2014/06/12 03:54:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Speed Maximizer

[2014/06/12 03:53:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sizlsearch

[2014/06/09 20:05:55 | 000,815,502 | ---- | C] (Click Me In Limited) -- C:\Users\Mom n Dad\AppData\Local\AnyProtectScannerSetup.exe

[2014/06/09 19:56:18 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\Documents\Optimizer Pro

[2014/06/09 19:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Premium Software

[2014/06/09 19:56:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Premium Software

[2014/06/09 19:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Goobzo

[2014/06/09 19:49:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ShopperPro

[2014/05/30 13:30:59 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\AppData\Roaming\OnlineVault

[2014/05/30 13:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Vault

[2014/05/30 13:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OnlineVault

[2014/05/30 13:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiteRanker

[2014/05/30 13:30:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SiteRanker

[2014/05/30 13:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar

[2014/05/30 13:29:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inbox Toolbar

[2014/06/18 10:08:34 | 000,001,975 | ---- | C] () -- C:\Users\Mom n Dad\Desktop\Sync Folder.lnk

[2014/06/18 10:08:31 | 000,001,103 | ---- | C] () -- C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk

[2014/06/18 10:08:31 | 000,001,093 | ---- | C] () -- C:\Users\Mom n Dad\Desktop\MyPC Backup.lnk

[2014/06/18 10:07:13 | 000,001,068 | ---- | C] () -- C:\Users\Mom n Dad\Desktop\Optimizer Pro.lnk

[2014/06/12 03:54:18 | 000,001,123 | ---- | C] () -- C:\Users\Mom n Dad\Desktop\PC Speed Maximizer.lnk

 

:files

C:\Program Files\003

C:\Program Files\pcmax

C:\Program Files (x86)\Consumer Input

C:\Program Files (x86)\MyPC Backup

C:\Program Files (x86)\MapsGalaxy_39



:Commands



[EMPTYTEMP]

[RESETHOSTS]

[REBOOT]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

THEN

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next, download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Please download zoek .exe and save it to your desktop (Firefox users right click and Save Link As...).

Close any open browsers.
Temporarily disable your AntiVirus program. (If necessary)
Double click on zoek.exe to run.
Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up
Click Options button below the large panel and check the box:

Auto Clean
Click on Run script button
Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

Note: It will also create a log in the C:\ directory named "zoek-results.log"

Security Check

Download Security Check from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Last, rerun OTL as you did previously, but this time just press the Quick Scan button. When OTL completes you will find one log, OTL.TXT. Please post that with the adwCleaner log, the Junkware log, the ZOEK log and the Security Log.

#5
msdawn

Posted 22 June 2014 - 11:27 AM

Member

Topic Starter
Member
94 posts

I got as far as doing the adw clean up when the computer came up, I tried to get back here and it says the proxy server isn't responding. I can not get to internet at all now. I am on my laptop right now

#6
Biscuithd

Posted 22 June 2014 - 11:36 AM

Trusted Helper

Malware Removal
2,573 posts

That is unexpected, but I will say that you had quite a bit of Malware to remove, so likely the proxy got damaged then.

I assume that you're talking about the Proxy when you use Explorer?

Try re-setting Explorer's Proxy like this. Depending on your version of IE, this will be close. So, you many have to search a little to find the exact pull downs.

While in Explorer

a) Under "Tools" in the browser tool bar select "Internet Options".

b) In the "Internet Options" Window that pops up, click the "Connections" tab at the top.

c) Click "LAN Settings" near the bottom of the "Connections" section.

d) If the "Proxy server" checkbox is marked with a check, click it to deselect/uncheck it.

e) Click "Ok" to close the "Local Area Network (LAN) Settings" window.

f) Click "Ok" to close the "Internet Options" Window.

#7
msdawn

Posted 23 June 2014 - 04:27 PM

Member

Topic Starter
Member
94 posts

I got the adw ware to run, when it comes back on i can go to google, use it once then maxwebsearch pops back up...i keep changing my home but it changes it back....here is the text from the adw ware i ran

# AdwCleaner v3.213 - Report created 23/06/2014 at 16:44:08
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mom n Dad - MOMNDAD-PC
# Running from : C:\Users\Mom n Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2T7JQWL2\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : 70e6ca8c
[#] Service Deleted : Update Greener Web
[#] Service Deleted : Util Greener Web

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files (x86)\Greener Web
Folder Deleted : C:\Program Files (x86)\Mysearchdial
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Users\MOMNDA~1\AppData\Local\Temp\Greener Web
Folder Deleted : C:\Users\Mom n Dad\AppData\Roaming\Mysearchdial
Folder Deleted : C:\Users\Mom n Dad\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\Mom n Dad\Documents\Optimizer Pro
File Deleted : C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys
File Deleted : C:\Users\Mom n Dad\Desktop\Optimizer Pro.lnk
File Deleted : C:\Windows\Tasks\MySearchDial.job
File Deleted : C:\Windows\System32\Tasks\MySearchDial

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1973D53B-7311-45D7-8270-F44571C041A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D95E57C2-53B3-4C38-BA1E-7980CB5E1803}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3A1BEABE-0DC5-4615-8099-83973B843C06}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1973D53B-7311-45D7-8270-F44571C041A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1973D53B-7311-45D7-8270-F44571C041A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1973D53B-7311-45D7-8270-F44571C041A0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D95E57C2-53B3-4C38-BA1E-7980CB5E1803}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Greener Web
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\mysearchdial
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\BrowserSafeGuard
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Greener Web
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserSafeGuard
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Greener Web
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\optimi~1\optpro~2.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~3.DLL

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

*************************

AdwCleaner[R0].txt - [35027 octets] - [22/06/2014 11:58:31]
AdwCleaner[R1].txt - [29248 octets] - [22/06/2014 12:00:41]
AdwCleaner[R2].txt - [2677 octets] - [22/06/2014 12:07:13]
AdwCleaner[R3].txt - [1269 octets] - [22/06/2014 12:20:40]
AdwCleaner[R4].txt - [6196 octets] - [23/06/2014 16:41:54]
AdwCleaner[S0].txt - [5503 octets] - [22/06/2014 11:59:46]
AdwCleaner[S1].txt - [26591 octets] - [22/06/2014 12:01:30]
AdwCleaner[S2].txt - [2258 octets] - [22/06/2014 12:07:38]
AdwCleaner[S3].txt - [1251 octets] - [22/06/2014 12:21:35]
AdwCleaner[S4].txt - [5540 octets] - [23/06/2014 16:44:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [5600 octets] ##########

#8
Biscuithd

Posted 23 June 2014 - 04:41 PM

Trusted Helper

Malware Removal
2,573 posts

Try and get the other tools to run too (Junkware, Zoek and Security Check). If they won't, try and get me an OTL log using Quick Scan.

We'll get it clean, don't worry. It might take a few passes of a few different tools, but we'll get there

#9
msdawn

Posted 23 June 2014 - 07:08 PM

Member

Topic Starter
Member
94 posts

i can't get the other programs to run....here is the otl log you asked for that i just ran..

OTL logfile created on: 6/23/2014 7:59:00 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mom n Dad\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.88 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 56.31% Memory free
7.76 Gb Paging File | 5.87 Gb Available in Paging File | 75.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 442.18 Gb Total Space | 385.29 Gb Free Space | 87.13% Space Free | Partition Type: NTFS

Computer Name: MOMNDAD-PC | User Name: Mom n Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/06/19 13:17:51 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
PRC - [2014/06/19 13:12:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mom n Dad\Desktop\OTL.exe
PRC - [2014/05/29 22:26:50 | 000,640,000 | ---- | M] () -- C:\Program Files (x86)\Premium Software\systerm32.exe
PRC - [2014/05/29 06:16:32 | 000,241,344 | ---- | M] () -- C:\Program Files\pcmax\pcmax.exe
PRC - [2014/05/22 09:44:36 | 001,082,240 | ---- | M] () -- C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
PRC - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/29 19:39:36 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/08/27 16:57:34 | 000,093,072 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2013/08/27 16:57:32 | 000,248,208 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2013/08/14 16:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/07/18 16:39:40 | 000,762,192 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/08/21 14:20:02 | 000,067,496 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
PRC - [2012/02/23 15:58:18 | 001,644,448 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
PRC - [2012/02/23 15:57:36 | 000,563,104 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2012/02/23 15:57:34 | 001,885,088 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2012/02/23 15:57:30 | 007,029,664 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2012/02/17 01:33:34 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/02/01 11:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
PRC - [2011/12/16 15:38:48 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/12/16 15:38:46 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/11/29 22:16:56 | 000,073,728 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
PRC - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/11/29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/08/31 10:57:00 | 000,258,048 | ---- | M] (Pantech) -- C:\Program Files (x86)\NCMC\EUDL\UTM\PantechUTM.exe
PRC - [2011/06/29 08:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
PRC - [2011/06/27 19:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/04/05 14:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2014/05/29 22:26:50 | 000,640,000 | ---- | M] () -- C:\Program Files (x86)\Premium Software\systerm32.exe
MOD - [2014/05/22 09:44:36 | 001,082,240 | ---- | M] () -- C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
MOD - [2014/05/15 16:11:58 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6b81a58601cb555dd9e63bc05557751b\IAStorUtil.ni.dll
MOD - [2014/05/15 16:06:41 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\70dbdd46969daf2bea2443c75b7629d4\System.Web.ni.dll
MOD - [2014/05/15 16:06:35 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll
MOD - [2014/03/14 22:25:44 | 000,236,544 | ---- | M] () -- C:\Program Files (x86)\Premium Software\sqlite3.dll
MOD - [2014/02/14 06:50:49 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\33f1f62a80540af6dba6af268692c041\IAStorCommon.ni.dll
MOD - [2014/02/14 05:22:30 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/14 05:22:23 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/14 05:22:11 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/14 05:22:06 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/14 05:22:03 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f96e07044730442ee1f3dd90db984e6a\System.Configuration.ni.dll
MOD - [2014/02/14 05:22:02 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/14 05:21:54 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2012/08/21 14:20:02 | 000,067,496 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
MOD - [2012/02/23 15:57:38 | 000,022,944 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2012/02/23 15:19:16 | 000,669,696 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2012/02/01 11:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
MOD - [2012/02/01 11:44:34 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
MOD - [2012/02/01 11:44:34 | 002,278,400 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
MOD - [2011/06/29 08:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
MOD - [2011/06/27 19:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
MOD - [2011/06/27 19:25:30 | 000,058,944 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
MOD - [2011/06/24 23:21:46 | 000,322,624 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll
MOD - [2011/06/24 23:20:26 | 000,565,968 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
MOD - [2010/08/22 20:01:36 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/08/22 20:01:08 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/08/22 20:01:06 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/08/22 20:01:06 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/08/22 19:32:34 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2010/03/22 15:52:42 | 006,776,832 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
MOD - [2010/03/16 20:28:28 | 000,326,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
MOD - [2010/03/16 20:28:16 | 000,635,904 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
MOD - [2010/03/16 20:28:04 | 001,926,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
MOD - [2010/03/11 19:52:34 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
MOD - [2010/03/11 19:52:34 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
MOD - [2010/03/05 15:07:58 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
MOD - [2010/03/05 15:07:58 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll

========== Services (SafeList) ==========

SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
SRV:64bit: - [2014/05/30 04:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/05/29 06:16:32 | 000,241,344 | ---- | M] () [Auto | Running] -- C:\Program Files\pcmax\pcmax.exe -- (pcmaxservice)
SRV:64bit: - [2014/04/09 08:13:48 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2011/12/08 16:38:24 | 000,607,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2011/04/19 16:31:16 | 000,181,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/09 15:55:52 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/05/14 18:39:11 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/02 15:52:08 | 000,692,008 | ---- | M] (Systweak Inc., (www.systweak.com)) [Auto | Running] -- C:\Program Files (x86)\Disk Speedup\DSUDefragSrv64.exe -- (DSUDiskOptimizer)
SRV - [2013/08/27 16:57:34 | 000,093,072 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2013/08/14 16:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/07/18 16:39:40 | 000,762,192 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2012/02/23 15:57:36 | 000,563,104 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2011/12/21 21:04:42 | 000,274,200 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011/12/16 15:38:48 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/12/16 15:38:46 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/11/29 22:16:56 | 000,073,728 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/05/20 10:08:20 | 000,065,536 | ---- | M] (TODO: <Company name>) [Auto | Stopped] -- C:\Program Files (x86)\NCMC\EUDL\UTM\PantechService.exe -- (Pantech UTM Service)
SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/08/25 20:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/05 14:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys -- (SMUpdd)
DRV:64bit: - [2014/06/16 17:09:00 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}w64.sys -- ({9d5747ee-0448-4681-8337-1555de75a3b6}w64)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/04/29 02:42:09 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/04/29 02:42:09 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/27 02:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/01/27 02:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/01/27 02:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011/12/15 20:01:08 | 014,646,560 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/12/06 06:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/12/02 21:12:52 | 002,796,544 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/11/29 22:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/10 04:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/08/24 01:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/07/14 02:28:14 | 000,183,296 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\C781Vsp.sys -- (C781Vsp)
DRV:64bit: - [2011/07/14 02:28:14 | 000,183,296 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\C781Mdm.sys -- (C781Mdm)
DRV:64bit: - [2011/07/14 02:28:14 | 000,099,200 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\C781BUS.sys -- (C781BUS)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/22 16:50:00 | 000,291,352 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 04:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {87575A10-906E-4892-8D9C-E203F73BF9CE}
IE:64bit: - HKLM\..\SearchScopes\{87575A10-906E-4892-8D9C-E203F73BF9CE}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.tb.ask...or={searchTerms}
IE - HKLM\..\SearchScopes\{87575A10-906E-4892-8D9C-E203F73BF9CE}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://search.mywebs...or={searchTerms}

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\URLSearchHook: {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No CLSID value found
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{3F0F7EC3-B59E-44F5-BB53-67AEC49BD573}: "URL" = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{3F229536-5CF1-48E0-B503-5D687169D5B0}: "URL" = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{5DF1E62F-F24E-4D6F-88DD-FAE08FC0687C}: "URL" = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{67349ABE-6A96-4734-BF91-4BD50B20845E}: "URL" = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{6747FD11-9D8F-42A0-9531-B2F4FD0E812D}: "URL" = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{87575A10-906E-4892-8D9C-E203F73BF9CE}: "URL" = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{B141F27F-CB03-4FE7-80B1-92BE7B2367C2}: "URL" = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{B903E7F3-FC8E-4A4F-9C08-1C5B2D05D550}: "URL" = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{D3E502F6-745E-4676-8B3D-9E36AB5C7504}: "URL" = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://maxwebsearch....00&i_id==
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49165;https=127.0.0.1:49165

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/11/29 19:40:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/11/29 19:40:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK

[2013/08/18 20:24:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom n Dad\AppData\Roaming\Mozilla\Extensions
[2013/08/18 20:24:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom n Dad\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2014/06/22 11:54:33 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (no name) - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {71c1d63a-c944-428a-a5bd-ba513190e5d2} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] FILES\ADOBE\OOBE\PDAPP\UWA\UPDATERSTARTUPUTILITY.EXE" File not found
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE File not found
O4:64bit: - HKLM..\Run: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE File not found
O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\pcmax\service.exe ()
O4:64bit: - HKLM..\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE File not found
O4:64bit: - HKLM..\Run: [RTHDVCPL] GUI64.EXE -S File not found
O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
O4 - HKLM..\Run: [SaferBrowser] C:\Program Files (x86)\SaferBrowser\SaferBrowser.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [Windows FUPM Service Manager] C:\Program Files (x86)\Premium Software\systerm32.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001..\Run: [cdloader] C:\Users\Mom n Dad\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk = C:\Users\Mom n Dad\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe ()
O4 - Startup: C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk = C:\Users\Mom n Dad\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe (Weather Notifications, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..Trusted Domains: genieo.com ([search] http in Trusted sites)
O15 - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..Trusted Ranges: Range1 ([*] in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1185DF9B-6F1D-4FEF-88AB-B9873EF8A071}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{285D4A35-BE8B-4254-975D-0A0A65203B73}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9ee89b7d-d678-11e2-af80-d4bed9e53ced}\Shell - "" = AutoRun
O33 - MountPoints2\{9ee89b7d-d678-11e2-af80-d4bed9e53ced}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\TL-Bootstrap.exe
O33 - MountPoints2\{d245ffba-880d-11e3-b7d5-d4bed9e53ced}\Shell - "" = AutoRun
O33 - MountPoints2\{d245ffba-880d-11e3-b7d5-d4bed9e53ced}\Shell\AutoRun\command - "" = E:\KODAK_Camera_Setup_App.exe
O33 - MountPoints2\{fb82fe47-c19b-11e3-8cd0-d4bed9e53ced}\Shell - "" = AutoRun
O33 - MountPoints2\{fb82fe47-c19b-11e3-8cd0-d4bed9e53ced}\Shell\AutoRun\command - "" = E:\LG_PC_Programs.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/06/23 18:26:37 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/06/22 12:36:35 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/22 12:31:55 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony
[2014/06/22 12:31:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiPony
[2014/06/22 12:31:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MiPony
[2014/06/22 11:58:27 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/22 11:39:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/19 21:00:34 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}w64.sys
[2014/06/19 13:13:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mom n Dad\Desktop\OTL.exe
[2014/06/19 12:39:04 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/06/18 21:10:40 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\Documents\My Weblog Posts
[2014/06/18 10:06:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaferBrowser
[2014/06/15 16:28:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2014/06/15 16:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2014/06/14 15:31:08 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2014/06/14 15:31:08 | 000,288,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2014/06/14 15:31:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2014/06/14 15:31:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2014/06/14 15:31:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/06/14 15:31:05 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/06/14 15:31:05 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/06/14 15:31:05 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/06/14 15:31:05 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/06/14 15:31:05 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/06/14 15:31:05 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/06/14 15:31:04 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/06/14 15:31:04 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/06/14 15:31:03 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/06/14 15:31:03 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/06/14 15:31:03 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/06/14 15:31:03 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/06/14 15:31:03 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/06/14 15:31:03 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/06/14 15:31:03 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/06/14 15:31:02 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/06/14 15:31:02 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/06/14 15:31:02 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/06/14 15:31:02 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/06/14 15:31:02 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/06/14 15:31:01 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/06/14 15:31:01 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/06/14 15:31:01 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/06/14 15:31:00 | 005,782,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/06/14 15:31:00 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/06/14 15:31:00 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/06/14 15:31:00 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/06/14 15:31:00 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/06/14 15:31:00 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/06/14 15:30:59 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/06/14 15:30:59 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/06/14 15:30:57 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/06/14 15:30:21 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/06/14 15:30:21 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/06/13 17:35:44 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2014/06/12 03:55:41 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\AppData\Local\Weather_Notifications,_LL
[2014/06/12 03:55:40 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\AppData\Local\SevereWeatherAlerts
[2014/06/12 03:55:40 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Severe Weather Alerts
[2014/06/12 03:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\pcmax
[2014/06/12 03:51:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/06/12 03:51:33 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/06/09 19:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Premium Software
[2014/06/09 19:56:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Premium Software
[2014/06/09 19:49:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SearchModule
[2014/06/09 19:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Goobzo
[2014/06/09 19:49:16 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\AppData\Local\CrashRpt
[2014/05/30 13:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Vault
[2014/05/30 00:51:17 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\Documents\carrie golden
[2003/03/18 22:20:00 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\mfc71.dll
[2003/03/18 22:12:12 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\mfc71u.dll
[2003/03/18 21:44:38 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\MFC71ENU.DLL
[2003/03/18 21:44:38 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\MFC71KOR.DLL
[2003/03/18 21:44:36 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\MFC71ITA.DLL
[2003/03/18 21:44:36 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\MFC71ESP.DLL
[2003/03/18 21:44:36 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\MFC71CHT.DLL
[2003/03/18 21:44:36 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\MFC71CHS.DLL
[2003/03/18 21:44:34 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\MFC71DEU.DLL
[2003/03/18 21:44:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\MFC71FRA.DLL
[2003/03/18 21:44:34 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\MFC71JPN.DLL
[1 C:\Users\Mom n Dad\AppData\Local\*.tmp files -> C:\Users\Mom n Dad\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/06/23 20:02:00 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\CIMT_S-1-5-21-1399685641-2452391960-3966799618-1001.job
[2014/06/23 19:56:00 | 000,000,976 | ---- | M] () -- C:\Windows\tasks\ConsumerInputUpdateTaskMachineUA.job
[2014/06/23 19:55:51 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/23 19:55:49 | 000,000,972 | ---- | M] () -- C:\Windows\tasks\ConsumerInputUpdateTaskMachineCore.job
[2014/06/23 19:55:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/23 19:55:40 | 3125,407,744 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/23 19:39:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/23 19:23:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/23 16:52:31 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/23 16:52:31 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/23 16:52:18 | 000,783,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/23 16:52:18 | 000,662,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/23 16:52:18 | 000,122,446 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/23 16:46:09 | 000,001,444 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2014/06/23 16:46:09 | 000,001,428 | ---- | M] () -- C:\Users\Public\Desktop\Canon MP495 series On-screen Manual.lnk
[2014/06/23 16:46:08 | 000,001,350 | ---- | M] () -- C:\Users\Mom n Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/06/22 13:32:01 | 000,000,044 | ---- | M] () -- C:\Users\Mom n Dad\AppData\Roaming\WB.CFG
[2014/06/22 12:33:18 | 000,001,172 | ---- | M] () -- C:\Users\Mom n Dad\Desktop\Continue Download Manager Installation.lnk
[2014/06/22 12:31:55 | 000,001,009 | ---- | M] () -- C:\Users\Mom n Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk
[2014/06/22 12:31:55 | 000,001,001 | ---- | M] () -- C:\Users\Mom n Dad\Desktop\MiPony.lnk
[2014/06/22 11:54:33 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/06/19 13:12:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mom n Dad\Desktop\OTL.exe
[2014/06/16 17:09:00 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}w64.sys
[2014/06/15 16:28:18 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014/06/15 16:28:18 | 000,001,893 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014/06/13 17:44:25 | 000,000,024 | ---- | M] () -- C:\Users\Mom n Dad\random.dat
[2014/06/13 17:41:32 | 000,000,048 | ---- | M] () -- C:\Users\Mom n Dad\jagex_cl_runescape_LIVE.dat
[2014/06/12 03:55:40 | 000,002,189 | ---- | M] () -- C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk
[2014/06/12 03:55:40 | 000,001,238 | ---- | M] () -- C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk
[2014/06/08 04:13:05 | 000,506,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/06/08 04:08:04 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/30 05:02:09 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/05/30 04:39:43 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/05/30 04:39:23 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/05/30 04:38:29 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/05/30 04:27:57 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/05/30 04:24:28 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/05/30 04:21:23 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/05/30 04:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/05/30 04:20:36 | 000,752,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/05/30 04:11:24 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/05/30 04:08:22 | 005,782,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/05/30 04:06:42 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/05/30 03:55:36 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/05/30 03:49:21 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/05/30 03:46:48 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/30 03:44:23 | 000,295,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/05/30 03:43:06 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/05/30 03:42:16 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/05/30 03:35:44 | 000,608,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/05/30 03:33:48 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/05/30 03:30:43 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/05/30 03:29:31 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/05/30 03:28:33 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/05/30 03:27:56 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/05/30 03:24:19 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/05/30 03:23:22 | 002,040,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/05/30 03:10:46 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/05/30 03:06:06 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/05/30 03:04:20 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/30 02:50:09 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/05/30 02:49:38 | 001,964,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/05/30 02:13:47 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/05/30 02:13:09 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/05/30 00:01:44 | 000,137,281 | ---- | M] () -- C:\Users\Mom n Dad\Documents\carries pcm doc dont delete.pdf
[2014/05/28 06:37:44 | 000,022,882 | ---- | M] () -- C:\Users\Mom n Dad\Documents\Collage.htm
[2014/05/26 08:23:05 | 000,001,105 | ---- | M] () -- C:\Users\Mom n Dad\Desktop\Documents - Shortcut.lnk
[1 C:\Users\Mom n Dad\AppData\Local\*.tmp files -> C:\Users\Mom n Dad\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/06/22 13:32:01 | 000,000,044 | ---- | C] () -- C:\Users\Mom n Dad\AppData\Roaming\WB.CFG
[2014/06/22 12:32:49 | 000,001,172 | ---- | C] () -- C:\Users\Mom n Dad\Desktop\Continue Download Manager Installation.lnk
[2014/06/22 12:31:55 | 000,001,009 | ---- | C] () -- C:\Users\Mom n Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk
[2014/06/22 12:31:55 | 000,001,001 | ---- | C] () -- C:\Users\Mom n Dad\Desktop\MiPony.lnk
[2014/06/12 03:55:40 | 000,002,189 | ---- | C] () -- C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk
[2014/06/12 03:55:40 | 000,001,238 | ---- | C] () -- C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk
[2014/05/30 00:01:44 | 000,137,281 | ---- | C] () -- C:\Users\Mom n Dad\Documents\carries pcm doc dont delete.pdf
[2014/05/28 06:37:44 | 000,022,882 | ---- | C] () -- C:\Users\Mom n Dad\Documents\Collage.htm
[2014/05/26 08:23:05 | 000,001,105 | ---- | C] () -- C:\Users\Mom n Dad\Desktop\Documents - Shortcut.lnk
[2013/03/03 12:24:02 | 000,000,050 | ---- | C] () -- C:\Users\Mom n Dad\jagex_cl_loginapplet_LIVE.dat
[2013/03/03 12:16:47 | 000,000,048 | ---- | C] () -- C:\Users\Mom n Dad\jagex_cl_oldschool_LIVE.dat
[2013/01/11 22:55:49 | 000,000,159 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.reg
[2013/01/11 22:55:49 | 000,000,069 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.bat
[2012/09/25 21:54:43 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/09/23 13:36:55 | 000,000,048 | ---- | C] () -- C:\Users\Mom n Dad\jagex_cl_runescape_LIVE.dat
[2012/09/23 13:36:55 | 000,000,024 | ---- | C] () -- C:\Users\Mom n Dad\random.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720

< End of report >

#10
Biscuithd

Posted 24 June 2014 - 06:58 AM

Trusted Helper

Malware Removal
2,573 posts

It's peculiar that some items that should have been removed, have not been. Could you post the most recent Moved Files log for me please. The Moved Files log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).

#11
Biscuithd

Posted 24 June 2014 - 12:21 PM

Trusted Helper

Malware Removal
2,573 posts

Disregard my request in Post #10 and move on to the scan below.

Run OTL as you've done previously.

Under the Custom Scans/Fixes box at the bottom, paste in the following

:COMMANDS

[CREATERESTOREPOINT]



:OTL

PRC - [2014/05/29 06:16:32 | 000,241,344 | ---- | M] () -- C:\Program Files\pcmax\pcmax.exe

PRC - [2014/05/22 09:44:36 | 001,082,240 | ---- | M] () -- C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe

SRV:64bit: - [2014/05/29 06:16:32 | 000,241,344 | ---- | M] () [Auto | Running] -- C:\Program Files\pcmax\pcmax.exe -- (pcmaxservice)

MOD - [2014/05/22 09:44:36 | 001,082,240 | ---- | M] () -- C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe

MOD - [2014/05/29 22:26:50 | 000,640,000 | ---- | M] () -- C:\Program Files (x86)\Premium Software\systerm32.exe

MOD - [2014/03/14 22:25:44 | 000,236,544 | ---- | M] () -- C:\Program Files (x86)\Premium Software\sqlite3.dll

[2014/06/23 19:56:00 | 000,000,976 | ---- | M] () -- C:\Windows\tasks\ConsumerInputUpdateTaskMachineUA.job

[2014/06/23 19:55:49 | 000,000,972 | ---- | M] () -- C:\Windows\tasks\ConsumerInputUpdateTaskMachineCore.job

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Mom n Dad\AppData\Local\*.tmp files -> C:\Users\Mom n Dad\AppData\Local\*.tmp -> ]

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {87575A10-906E-4892-8D9C-E203F73BF9CE}

IE:64bit: - HKLM\..\SearchScopes\{87575A10-906E-4892-8D9C-E203F73BF9CE}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.tb.ask...or={searchTerms}

IE - HKLM\..\SearchScopes\{87575A10-906E-4892-8D9C-E203F73BF9CE}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKLM\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://search.mywebs...or={searchTerms}

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://maxwebsearch....00&i_id==

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\URLSearchHook: {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No CLSID value found

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://maxwebsearch....00&i_id==

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{3F0F7EC3-B59E-44F5-BB53-67AEC49BD573}: "URL" = http://maxwebsearch....00&i_id==

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{3F229536-5CF1-48E0-B503-5D687169D5B0}: "URL" = http://maxwebsearch....00&i_id==

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{5DF1E62F-F24E-4D6F-88DD-FAE08FC0687C}: "URL" = http://maxwebsearch....00&i_id==

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{67349ABE-6A96-4734-BF91-4BD50B20845E}: "URL" = http://maxwebsearch....00&i_id==

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{6747FD11-9D8F-42A0-9531-B2F4FD0E812D}: "URL" = http://maxwebsearch....00&i_id==

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{87575A10-906E-4892-8D9C-E203F73BF9CE}: "URL" = http://maxwebsearch....00&i_id==

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://maxwebsearch....00&i_id==

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{B141F27F-CB03-4FE7-80B1-92BE7B2367C2}: "URL" = http://maxwebsearch....00&i_id==

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{B903E7F3-FC8E-4A4F-9C08-1C5B2D05D550}: "URL" = http://maxwebsearch....00&i_id==

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{D3E502F6-745E-4676-8B3D-9E36AB5C7504}: "URL" = http://maxwebsearch....00&i_id==

IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://maxwebsearch....00&i_id==

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

O2 - BHO: (no name) - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - No CLSID value found.

O2 - BHO: (no name) - {71c1d63a-c944-428a-a5bd-ba513190e5d2} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] FILES\ADOBE\OOBE\PDAPP\UWA\UPDATERSTARTUPUTILITY.EXE" File not found

O4:64bit: - HKLM..\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE File not found

O4:64bit: - HKLM..\Run: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE File not found

O4:64bit: - HKLM..\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE File not found

O4:64bit: - HKLM..\Run: [RTHDVCPL] GUI64.EXE -S File not found

O4 - HKLM..\Run: [SaferBrowser] C:\Program Files (x86)\SaferBrowser\SaferBrowser.exe ()

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\pcmax\service.exe ()

O4 - HKLM..\Run: [Windows FUPM Service Manager] C:\Program Files (x86)\Premium Software\systerm32.exe ()

O18:64bit: - Protocol\Handler\cozi - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

[2014/06/09 19:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Premium Software

[2014/06/09 19:56:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Premium Software

[2014/06/12 03:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\pcmax



:Files

C:\Program Files\pcmax

C:\Program Files (x86)\Consumer Input



:Commands

[emptytemp]

[resethosts]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Post the OTL Fix Log after running fix, after the computer reboots that log should pop up in front of you, if not it's located here->C:\_OTL\Moved Files

Next, re-run OTL and do a Quick Scan.

#12
msdawn

Posted 24 June 2014 - 03:37 PM

Member

Topic Starter
Member
94 posts

Here is the latest and greates otl log..just ran few minutes ago....still goes to the maxweb search..

All processes killed
Error: Unable to interpret <PRC - [2014/05/29 06:16:32 | 000,241,344 | ---- | M] () -- C:\Program Files\pcmax\pcmax.exe> in the current context!
Error: Unable to interpret <PRC - [2014/05/22 09:44:36 | 001,082,240 | ---- | M] () -- C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe> in the current context!
Error: Unable to interpret <SRV:64bit: - [2014/05/29 06:16:32 | 000,241,344 | ---- | M] () [Auto | Running] -- C:\Program Files\pcmax\pcmax.exe -- (pcmaxservice)> in the current context!
Error: Unable to interpret <MOD - [2014/05/22 09:44:36 | 001,082,240 | ---- | M] () -- C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe> in the current context!
Error: Unable to interpret <MOD - [2014/05/29 22:26:50 | 000,640,000 | ---- | M] () -- C:\Program Files (x86)\Premium Software\systerm32.exe> in the current context!
Error: Unable to interpret <MOD - [2014/03/14 22:25:44 | 000,236,544 | ---- | M] () -- C:\Program Files (x86)\Premium Software\sqlite3.dll> in the current context!
Error: Unable to interpret <[2014/06/23 19:56:00 | 000,000,976 | ---- | M] () -- C:\Windows\tasks\ConsumerInputUpdateTaskMachineUA.job> in the current context!
Error: Unable to interpret <[2014/06/23 19:55:49 | 000,000,972 | ---- | M] () -- C:\Windows\tasks\ConsumerInputUpdateTaskMachineCore.job> in the current context!
Error: Unable to interpret <[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]> in the current context!
Error: Unable to interpret <[1 C:\Users\Mom n Dad\AppData\Local\*.tmp files -> C:\Users\Mom n Dad\AppData\Local\*.tmp -> ]> in the current context!
Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {87575A10-906E-4892-8D9C-E203F73BF9CE}> in the current context!
Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes\{87575A10-906E-4892-8D9C-E203F73BF9CE}: "URL" = http://www.bing.com/...rc=IE-SearchBox> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.tb.ask...or={searchTerms}> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{87575A10-906E-4892-8D9C-E203F73BF9CE}: "URL" = http://www.bing.com/...rc=IE-SearchBox> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://search.mywebs...or={searchTerms}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope => in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope => in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://maxwebsearch....00&i_id==> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\URLSearchHook: {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No CLSID value found> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://maxwebsearch....00&i_id==> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{3F0F7EC3-B59E-44F5-BB53-67AEC49BD573}: "URL" = http://maxwebsearch....00&i_id==> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{3F229536-5CF1-48E0-B503-5D687169D5B0}: "URL" = http://maxwebsearch....00&i_id==> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{5DF1E62F-F24E-4D6F-88DD-FAE08FC0687C}: "URL" = http://maxwebsearch....00&i_id==> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{67349ABE-6A96-4734-BF91-4BD50B20845E}: "URL" = http://maxwebsearch....00&i_id==> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{6747FD11-9D8F-42A0-9531-B2F4FD0E812D}: "URL" = http://maxwebsearch....00&i_id==> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{87575A10-906E-4892-8D9C-E203F73BF9CE}: "URL" = http://maxwebsearch....00&i_id==> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://maxwebsearch....00&i_id==> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{B141F27F-CB03-4FE7-80B1-92BE7B2367C2}: "URL" = http://maxwebsearch....00&i_id==> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{B903E7F3-FC8E-4A4F-9C08-1C5B2D05D550}: "URL" = http://maxwebsearch....00&i_id==> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{D3E502F6-745E-4676-8B3D-9E36AB5C7504}: "URL" = http://maxwebsearch....00&i_id==> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://maxwebsearch....00&i_id==> in the current context!
Error: Unable to interpret <FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found> in the current context!
Error: Unable to interpret <FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - No CLSID value found.> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {71c1d63a-c944-428a-a5bd-ba513190e5d2} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] FILES\ADOBE\OOBE\PDAPP\UWA\UPDATERSTARTUPUTILITY.EXE" File not found> in the current context!
Error: Unable to interpret <O4:64bit: - HKLM..\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE File not found> in the current context!
Error: Unable to interpret <O4:64bit: - HKLM..\Run: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE File not found> in the current context!
Error: Unable to interpret <O4:64bit: - HKLM..\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE File not found> in the current context!
Error: Unable to interpret <O4:64bit: - HKLM..\Run: [RTHDVCPL] GUI64.EXE -S File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SaferBrowser] C:\Program Files (x86)\SaferBrowser\SaferBrowser.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found> in the current context!
Error: Unable to interpret <O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\pcmax\service.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Windows FUPM Service Manager] C:\Program Files (x86)\Premium Software\systerm32.exe ()> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\cozi - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\livecall - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\msnim - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\wlpg - No CLSID value found> in the current context!
Error: Unable to interpret <O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <[2014/06/09 19:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Premium Software> in the current context!
Error: Unable to interpret <[2014/06/09 19:56:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Premium Software> in the current context!
Error: Unable to interpret <[2014/06/12 03:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\pcmax> in the current context!
========== FILES ==========
C:\Program Files\pcmax folder moved successfully.
C:\Program Files (x86)\Consumer Input\Monitoring folder moved successfully.
C:\Program Files (x86)\Consumer Input folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mom n Dad
->Temp folder emptied: 35876884 bytes
->Temporary Internet Files folder emptied: 41352956 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8570 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 10668371 bytes

Total Files Cleaned = 84.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 06242014_162842

Files\Folders moved on Reboot...
C:\Users\Mom n Dad\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Mom n Dad\AppData\Local\Temp\JavaDeployReg.log moved successfully.
C:\Users\Mom n Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJ9DAVLG\DhmkJ2TR0QN[1].htm moved successfully.
C:\Users\Mom n Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJ9DAVLG\Flash_Player_Pro_Update_Setup[1].exe moved successfully.
C:\Users\Mom n Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJ9DAVLG\like[2].htm moved successfully.
C:\Users\Mom n Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OMOEMEK\cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw[1].woff moved successfully.
C:\Users\Mom n Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OMOEMEK\k3k702ZOKiLJc3WVjuplzHhCUOGz7vYGh680lGh-uXM[1].woff moved successfully.
C:\Users\Mom n Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OMOEMEK\partner[1].htm moved successfully.
C:\Users\Mom n Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OMOEMEK\postmessageRelay[1].htm moved successfully.
C:\Users\Mom n Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OMOEMEK\PRmiXeptR36kaC0GEAetxjqR_3kx9_hJXbbyU8S6IN0[1].woff moved successfully.
C:\Users\Mom n Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OMOEMEK\xjAJXh38I15wypJXxuGMBobN6UDyHWBl620a-IRfuBk[1].woff moved successfully.
C:\Users\Mom n Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\407PFKNJ\340012-virus-pc-maximizer-taken-over-computer[1].htm moved successfully.
C:\Users\Mom n Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\407PFKNJ\DhmkJ2TR0QN[1].htm moved successfully.
C:\Users\Mom n Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2T7JQWL2\918[1].htm moved successfully.
C:\Users\Mom n Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2T7JQWL2\fastbutton[3].htm moved successfully.
C:\Users\Mom n Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\FXSTIFFDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#13
msdawn

Posted 24 June 2014 - 04:41 PM

Member

Topic Starter
Member
94 posts

Forgot quick scan so here it is............now it stays on yahoo.com for home page..........mayb fixed???????????? I sure hope so...lol

OTL logfile created on: 6/24/2014 5:29:54 PM - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mom n Dad\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.88 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 60.92% Memory free
7.76 Gb Paging File | 6.09 Gb Available in Paging File | 78.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 442.18 Gb Total Space | 384.77 Gb Free Space | 87.02% Space Free | Partition Type: NTFS

Computer Name: MOMNDAD-PC | User Name: Mom n Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/06/19 13:17:51 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
PRC - [2014/06/19 13:12:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mom n Dad\Desktop\OTL.exe
PRC - [2014/05/29 22:26:50 | 000,640,000 | ---- | M] () -- C:\Program Files (x86)\Premium Software\systerm32.exe
PRC - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/29 19:39:36 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/08/27 16:57:34 | 000,093,072 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2013/08/27 16:57:32 | 000,248,208 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2013/08/14 16:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/08/21 14:20:02 | 000,067,496 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
PRC - [2012/02/23 15:58:18 | 001,644,448 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
PRC - [2012/02/23 15:57:36 | 000,563,104 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2012/02/23 15:57:34 | 001,885,088 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2012/02/23 15:57:30 | 007,029,664 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2012/02/17 01:33:34 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/02/01 11:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
PRC - [2011/12/16 15:38:36 | 000,133,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe
PRC - [2011/11/29 22:16:56 | 000,073,728 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
PRC - [2011/11/29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/08/31 10:57:00 | 000,258,048 | ---- | M] (Pantech) -- C:\Program Files (x86)\NCMC\EUDL\UTM\PantechUTM.exe
PRC - [2011/06/29 08:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
PRC - [2011/06/27 19:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/04/05 14:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2014/05/29 22:26:50 | 000,640,000 | ---- | M] () -- C:\Program Files (x86)\Premium Software\systerm32.exe
MOD - [2014/05/15 16:11:58 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6b81a58601cb555dd9e63bc05557751b\IAStorUtil.ni.dll
MOD - [2014/05/15 16:06:35 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll
MOD - [2014/03/14 22:25:44 | 000,236,544 | ---- | M] () -- C:\Program Files (x86)\Premium Software\sqlite3.dll
MOD - [2014/02/14 05:22:30 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/14 05:22:23 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/14 05:22:06 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/14 05:22:03 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f96e07044730442ee1f3dd90db984e6a\System.Configuration.ni.dll
MOD - [2014/02/14 05:22:02 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/14 05:21:54 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2012/08/21 14:20:02 | 000,067,496 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
MOD - [2012/02/23 15:57:38 | 000,022,944 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2012/02/23 15:19:16 | 000,669,696 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2012/02/01 11:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
MOD - [2012/02/01 11:44:34 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
MOD - [2012/02/01 11:44:34 | 002,278,400 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
MOD - [2011/06/29 08:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
MOD - [2011/06/27 19:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
MOD - [2011/06/27 19:25:30 | 000,058,944 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
MOD - [2011/06/24 23:21:46 | 000,322,624 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll
MOD - [2011/06/24 23:20:26 | 000,565,968 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
MOD - [2010/08/22 20:01:36 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/08/22 20:01:08 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/08/22 20:01:06 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/08/22 20:01:06 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/08/22 19:32:34 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2010/03/22 15:52:42 | 006,776,832 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
MOD - [2010/03/16 20:28:28 | 000,326,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
MOD - [2010/03/16 20:28:16 | 000,635,904 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
MOD - [2010/03/16 20:28:04 | 001,926,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
MOD - [2010/03/11 19:52:34 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
MOD - [2010/03/11 19:52:34 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
MOD - [2010/03/05 15:07:58 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
MOD - [2010/03/05 15:07:58 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll

========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\pcmax\pcmax.exe -- (pcmaxservice)
SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
SRV:64bit: - [2014/05/30 04:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/04/09 08:13:48 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2011/12/08 16:38:24 | 000,607,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2011/04/19 16:31:16 | 000,181,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/09 15:55:52 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/05/14 18:39:11 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/02 15:52:08 | 000,692,008 | ---- | M] (Systweak Inc., (www.systweak.com)) [Auto | Running] -- C:\Program Files (x86)\Disk Speedup\DSUDefragSrv64.exe -- (DSUDiskOptimizer)
SRV - [2013/08/27 16:57:34 | 000,093,072 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2013/08/14 16:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/07/18 16:39:40 | 000,762,192 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2012/02/23 15:57:36 | 000,563,104 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2011/12/21 21:04:42 | 000,274,200 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011/12/16 15:38:48 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/12/16 15:38:46 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/11/29 22:16:56 | 000,073,728 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/05/20 10:08:20 | 000,065,536 | ---- | M] (TODO: <Company name>) [Auto | Stopped] -- C:\Program Files (x86)\NCMC\EUDL\UTM\PantechService.exe -- (Pantech UTM Service)
SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/08/25 20:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/05 14:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys -- (SMUpdd)
DRV:64bit: - [2014/06/16 17:09:00 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}w64.sys -- ({9d5747ee-0448-4681-8337-1555de75a3b6}w64)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/04/29 02:42:09 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/04/29 02:42:09 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/27 02:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/01/27 02:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/01/27 02:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011/12/15 20:01:08 | 014,646,560 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/12/06 06:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/12/02 21:12:52 | 002,796,544 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/11/29 22:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/10 04:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/08/24 01:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/07/14 02:28:14 | 000,183,296 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\C781Vsp.sys -- (C781Vsp)
DRV:64bit: - [2011/07/14 02:28:14 | 000,183,296 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\C781Mdm.sys -- (C781Mdm)
DRV:64bit: - [2011/07/14 02:28:14 | 000,099,200 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\C781BUS.sys -- (C781BUS)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/22 16:50:00 | 000,291,352 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 04:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {87575A10-906E-4892-8D9C-E203F73BF9CE}
IE:64bit: - HKLM\..\SearchScopes\{87575A10-906E-4892-8D9C-E203F73BF9CE}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.tb.ask...or={searchTerms}
IE - HKLM\..\SearchScopes\{87575A10-906E-4892-8D9C-E203F73BF9CE}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://search.mywebs...or={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com
IE - HKCU\..\URLSearchHook: {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No CLSID value found
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKCU\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = https://search.yahoo...?p={searchTerms}
IE - HKCU\..\SearchScopes\{3F0F7EC3-B59E-44F5-BB53-67AEC49BD573}: "URL" = https://search.yahoo...?p={searchTerms}
IE - HKCU\..\SearchScopes\{3F229536-5CF1-48E0-B503-5D687169D5B0}: "URL" = https://search.yahoo...?p={searchTerms}
IE - HKCU\..\SearchScopes\{5DF1E62F-F24E-4D6F-88DD-FAE08FC0687C}: "URL" = https://search.yahoo...?p={searchTerms}
IE - HKCU\..\SearchScopes\{67349ABE-6A96-4734-BF91-4BD50B20845E}: "URL" = https://search.yahoo...?p={searchTerms}
IE - HKCU\..\SearchScopes\{6747FD11-9D8F-42A0-9531-B2F4FD0E812D}: "URL" = https://search.yahoo...?p={searchTerms}
IE - HKCU\..\SearchScopes\{87575A10-906E-4892-8D9C-E203F73BF9CE}: "URL" = https://search.yahoo...?p={searchTerms}
IE - HKCU\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = https://search.yahoo...?p={searchTerms}
IE - HKCU\..\SearchScopes\{B141F27F-CB03-4FE7-80B1-92BE7B2367C2}: "URL" = https://search.yahoo...?p={searchTerms}
IE - HKCU\..\SearchScopes\{B903E7F3-FC8E-4A4F-9C08-1C5B2D05D550}: "URL" = https://search.yahoo...?p={searchTerms}
IE - HKCU\..\SearchScopes\{D3E502F6-745E-4676-8B3D-9E36AB5C7504}: "URL" = https://search.yahoo...?p={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = https://search.yahoo...?p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49165;https=127.0.0.1:49165

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/11/29 19:40:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/11/29 19:40:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK

[2013/08/18 20:24:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom n Dad\AppData\Roaming\Mozilla\Extensions
[2013/08/18 20:24:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom n Dad\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2014/06/24 17:24:53 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (no name) - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {71c1d63a-c944-428a-a5bd-ba513190e5d2} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] FILES\ADOBE\OOBE\PDAPP\UWA\UPDATERSTARTUPUTILITY.EXE" File not found
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE File not found
O4:64bit: - HKLM..\Run: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE File not found
O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\pcmax\service.exe File not found
O4:64bit: - HKLM..\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE File not found
O4:64bit: - HKLM..\Run: [RTHDVCPL] GUI64.EXE -S File not found
O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
O4 - HKLM..\Run: [SaferBrowser] C:\Program Files (x86)\SaferBrowser\SaferBrowser.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [Windows FUPM Service Manager] C:\Program Files (x86)\Premium Software\systerm32.exe ()
O4 - HKCU..\Run: [cdloader] C:\Users\Mom n Dad\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk = C:\Users\Mom n Dad\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe ()
O4 - Startup: C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk = C:\Users\Mom n Dad\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe (Weather Notifications, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: genieo.com ([search] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1185DF9B-6F1D-4FEF-88AB-B9873EF8A071}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{285D4A35-BE8B-4254-975D-0A0A65203B73}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9ee89b7d-d678-11e2-af80-d4bed9e53ced}\Shell - "" = AutoRun
O33 - MountPoints2\{9ee89b7d-d678-11e2-af80-d4bed9e53ced}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\TL-Bootstrap.exe
O33 - MountPoints2\{d245ffba-880d-11e3-b7d5-d4bed9e53ced}\Shell - "" = AutoRun
O33 - MountPoints2\{d245ffba-880d-11e3-b7d5-d4bed9e53ced}\Shell\AutoRun\command - "" = E:\KODAK_Camera_Setup_App.exe
O33 - MountPoints2\{fb82fe47-c19b-11e3-8cd0-d4bed9e53ced}\Shell - "" = AutoRun
O33 - MountPoints2\{fb82fe47-c19b-11e3-8cd0-d4bed9e53ced}\Shell\AutoRun\command - "" = E:\LG_PC_Programs.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/06/23 18:26:37 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/06/22 12:36:35 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/22 12:31:55 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony
[2014/06/22 12:31:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiPony
[2014/06/22 12:31:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MiPony
[2014/06/22 11:58:27 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/22 11:39:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/19 21:00:34 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}w64.sys
[2014/06/19 13:13:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mom n Dad\Desktop\OTL.exe
[2014/06/19 12:39:04 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/06/18 21:10:40 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\Documents\My Weblog Posts
[2014/06/18 10:06:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaferBrowser
[2014/06/15 16:28:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2014/06/15 16:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2014/06/13 17:35:44 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2014/06/12 03:55:41 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\AppData\Local\Weather_Notifications,_LL
[2014/06/12 03:55:40 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\AppData\Local\SevereWeatherAlerts
[2014/06/12 03:55:40 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Severe Weather Alerts
[2014/06/09 19:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Premium Software
[2014/06/09 19:56:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Premium Software
[2014/06/09 19:49:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SearchModule
[2014/06/09 19:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Goobzo
[2014/06/09 19:49:16 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\AppData\Local\CrashRpt
[2014/05/30 13:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Vault
[2014/05/30 00:51:17 | 000,000,000 | ---D | C] -- C:\Users\Mom n Dad\Documents\carrie golden
[2003/03/18 22:20:00 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\mfc71.dll
[2003/03/18 22:12:12 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\mfc71u.dll
[2003/03/18 21:44:38 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\MFC71ENU.DLL
[2003/03/18 21:44:38 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\MFC71KOR.DLL
[2003/03/18 21:44:36 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\MFC71ITA.DLL
[2003/03/18 21:44:36 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\MFC71ESP.DLL
[2003/03/18 21:44:36 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\MFC71CHT.DLL
[2003/03/18 21:44:36 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\MFC71CHS.DLL
[2003/03/18 21:44:34 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\MFC71DEU.DLL
[2003/03/18 21:44:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\MFC71FRA.DLL
[2003/03/18 21:44:34 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\MFC71JPN.DLL
[1 C:\Users\Mom n Dad\AppData\Local\*.tmp files -> C:\Users\Mom n Dad\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/06/24 17:33:00 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\CIMT_S-1-5-21-1399685641-2452391960-3966799618-1001.job
[2014/06/24 17:28:39 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/24 17:28:36 | 000,000,972 | ---- | M] () -- C:\Windows\tasks\ConsumerInputUpdateTaskMachineCore.job
[2014/06/24 17:28:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/24 17:28:28 | 3125,407,744 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/24 17:24:53 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/06/24 17:23:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/24 16:56:00 | 000,000,976 | ---- | M] () -- C:\Windows\tasks\ConsumerInputUpdateTaskMachineUA.job
[2014/06/24 16:49:52 | 000,001,318 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2014/06/24 16:49:52 | 000,001,302 | ---- | M] () -- C:\Users\Public\Desktop\Canon MP495 series On-screen Manual.lnk
[2014/06/24 16:49:52 | 000,001,224 | ---- | M] () -- C:\Users\Mom n Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/06/24 16:39:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/24 16:38:22 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/24 16:38:22 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/24 16:38:06 | 000,783,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/24 16:38:06 | 000,662,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/24 16:38:06 | 000,122,446 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/22 13:32:01 | 000,000,044 | ---- | M] () -- C:\Users\Mom n Dad\AppData\Roaming\WB.CFG
[2014/06/22 12:33:18 | 000,001,172 | ---- | M] () -- C:\Users\Mom n Dad\Desktop\Continue Download Manager Installation.lnk
[2014/06/22 12:31:55 | 000,001,009 | ---- | M] () -- C:\Users\Mom n Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk
[2014/06/22 12:31:55 | 000,001,001 | ---- | M] () -- C:\Users\Mom n Dad\Desktop\MiPony.lnk
[2014/06/19 13:12:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mom n Dad\Desktop\OTL.exe
[2014/06/16 17:09:00 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}w64.sys
[2014/06/15 16:28:18 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014/06/15 16:28:18 | 000,001,893 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014/06/13 17:44:25 | 000,000,024 | ---- | M] () -- C:\Users\Mom n Dad\random.dat
[2014/06/13 17:41:32 | 000,000,048 | ---- | M] () -- C:\Users\Mom n Dad\jagex_cl_runescape_LIVE.dat
[2014/06/12 03:55:40 | 000,002,189 | ---- | M] () -- C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk
[2014/06/12 03:55:40 | 000,001,238 | ---- | M] () -- C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk
[2014/05/30 00:01:44 | 000,137,281 | ---- | M] () -- C:\Users\Mom n Dad\Documents\carries pcm doc dont delete.pdf
[2014/05/28 06:37:44 | 000,022,882 | ---- | M] () -- C:\Users\Mom n Dad\Documents\Collage.htm
[2014/05/26 08:23:05 | 000,001,105 | ---- | M] () -- C:\Users\Mom n Dad\Desktop\Documents - Shortcut.lnk
[1 C:\Users\Mom n Dad\AppData\Local\*.tmp files -> C:\Users\Mom n Dad\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/06/22 13:32:01 | 000,000,044 | ---- | C] () -- C:\Users\Mom n Dad\AppData\Roaming\WB.CFG
[2014/06/22 12:32:49 | 000,001,172 | ---- | C] () -- C:\Users\Mom n Dad\Desktop\Continue Download Manager Installation.lnk
[2014/06/22 12:31:55 | 000,001,009 | ---- | C] () -- C:\Users\Mom n Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk
[2014/06/22 12:31:55 | 000,001,001 | ---- | C] () -- C:\Users\Mom n Dad\Desktop\MiPony.lnk
[2014/06/12 03:55:40 | 000,002,189 | ---- | C] () -- C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk
[2014/06/12 03:55:40 | 000,001,238 | ---- | C] () -- C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk
[2014/05/30 00:01:44 | 000,137,281 | ---- | C] () -- C:\Users\Mom n Dad\Documents\carries pcm doc dont delete.pdf
[2014/05/28 06:37:44 | 000,022,882 | ---- | C] () -- C:\Users\Mom n Dad\Documents\Collage.htm
[2014/05/26 08:23:05 | 000,001,105 | ---- | C] () -- C:\Users\Mom n Dad\Desktop\Documents - Shortcut.lnk
[2013/03/03 12:24:02 | 000,000,050 | ---- | C] () -- C:\Users\Mom n Dad\jagex_cl_loginapplet_LIVE.dat
[2013/03/03 12:16:47 | 000,000,048 | ---- | C] () -- C:\Users\Mom n Dad\jagex_cl_oldschool_LIVE.dat
[2013/01/11 22:55:49 | 000,000,159 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.reg
[2013/01/11 22:55:49 | 000,000,069 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.bat
[2012/09/25 21:54:43 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/09/23 13:36:55 | 000,000,048 | ---- | C] () -- C:\Users\Mom n Dad\jagex_cl_runescape_LIVE.dat
[2012/09/23 13:36:55 | 000,000,024 | ---- | C] () -- C:\Users\Mom n Dad\random.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/09/22 22:05:17 | 000,000,000 | ---D | M] -- C:\Users\Mom n Dad\AppData\Roaming\Blio
[2014/03/12 17:41:35 | 000,000,000 | ---D | M] -- C:\Users\Mom n Dad\AppData\Roaming\Canon
[2013/11/28 08:23:58 | 000,000,000 | ---D | M] -- C:\Users\Mom n Dad\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2014/04/18 05:52:51 | 000,000,000 | ---D | M] -- C:\Users\Mom n Dad\AppData\Roaming\Compete
[2012/09/22 12:57:18 | 000,000,000 | ---D | M] -- C:\Users\Mom n Dad\AppData\Roaming\Fingertapps
[2013/12/19 20:08:25 | 000,000,000 | ---D | M] -- C:\Users\Mom n Dad\AppData\Roaming\funkitron
[2014/01/06 18:09:06 | 000,000,000 | ---D | M] -- C:\Users\Mom n Dad\AppData\Roaming\mjusbsp
[2012/09/23 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Mom n Dad\AppData\Roaming\PCDr
[2014/06/19 12:16:56 | 000,000,000 | ---D | M] -- C:\Users\Mom n Dad\AppData\Roaming\SoftGrid Client
[2013/08/18 20:24:12 | 000,000,000 | ---D | M] -- C:\Users\Mom n Dad\AppData\Roaming\TomTom
[2012/09/25 20:22:26 | 000,000,000 | ---D | M] -- C:\Users\Mom n Dad\AppData\Roaming\TP
[2013/10/04 17:58:28 | 000,000,000 | ---D | M] -- C:\Users\Mom n Dad\AppData\Roaming\WildTangent
[2014/04/11 13:22:48 | 000,000,000 | ---D | M] -- C:\Users\Mom n Dad\AppData\Roaming\Windows Live Writer
[2012/10/07 19:28:05 | 000,000,000 | ---D | M] -- C:\Users\Mom n Dad\AppData\Roaming\ZinioReader4

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720

< End of report >

#14
Biscuithd

Posted 24 June 2014 - 05:17 PM

Trusted Helper

Malware Removal
2,573 posts

mayb fixed???????????? I sure hope so...lol

Unfortunately, no. There was a formatting error with the fix.

I'm going to try it a different way. I'm going to attach a file called Dawnfix.txt. Open it with Notepad (usually if you double click the file name, it will automatically open with Notepad. Then, Highlight the contents of the fix and paste it into OTL as you've done previously.

Run OTL as you've done previously.

Under the Custom Scans/Fixes box at the bottom, paste in the following

Open this file dawnfix.txt 6.86KB 189 downloads highlight the contents as you've done before and paste into OTL

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Post the OTL Fix Log after running fix, after the computer reboots that log should pop up in front of you, if not it's located here->C:\_OTL\Moved Files

Next, re-run OTL and do a Quick Scan.

#15
msdawn

Posted 25 June 2014 - 04:09 PM

Member

Topic Starter
Member
94 posts

your not going to believe this..................it wont let me paste anything in here.........i can copy it but will not allow me to paste it....I dont have a clue as to y............when i push paste it does nothing