Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SAFE.Heur.418c and Trojan-PSW.BAT.[bleep]er malware infection [Closed]


  • This topic is locked This topic is locked

#1
walkerdt

walkerdt

    Member

  • Member
  • PipPip
  • 23 posts

I seem to have been infected with malware/virus and cannot seem to get rid of it. I have scanned my system using Norton’s Antivirus Ver.21.6.0.32 and CCleaner v4.13.46593 (64 bit)  and they keep recurring, I believe I picked up the virus from a Kroger gift card post on Facebook.

 

Any assistance would be greatly appreciated.

 

Dave

 

OTL log attached:

 

OTL logfile created on: 10/27/2014 9:02:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dave\Documents
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 39.42% Memory free
7.61 Gb Paging File | 4.34 Gb Available in Paging File | 57.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.34 Gb Total Space | 197.33 Gb Free Space | 69.64% Space Free | Partition Type: NTFS
 
Computer Name: WALKER-LAPTOP | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- C:\Users\Dave\My Documents\OTL.exe
PRC - [2014/10/27 19:48:10 | 000,524,016 | ---- | M] () -- C:\Program Files (x86)\AdvanceElite\bin\utilAdvanceElite.exe
PRC - [2014/10/27 18:07:26 | 000,123,632 | ---- | M] () -- C:\ProgramData\d2446020-ddff-402b-b064-199d2ce66b2b\maintainer.exe
PRC - [2014/10/27 14:46:29 | 000,098,544 | ---- | M] () -- C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BrowserAdapter.exe
PRC - [2014/10/27 11:53:48 | 001,649,904 | ---- | M] () -- C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOASHelper.exe
PRC - [2014/10/27 11:53:46 | 001,791,216 | ---- | M] () -- C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOAS.exe
PRC - [2014/10/27 11:53:46 | 001,786,608 | ---- | M] () -- C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOASPRT.exe
PRC - [2014/10/26 15:09:33 | 000,523,504 | ---- | M] () -- C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe
PRC - [2014/10/21 16:39:18 | 001,611,584 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2014/10/21 16:34:22 | 000,990,584 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2014/09/21 05:59:37 | 000,262,968 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\21.6.0.32\nav.exe
PRC - [2014/09/12 05:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/08/25 20:47:23 | 002,640,408 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2014/08/11 11:16:55 | 001,820,184 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
PRC - [2014/08/11 11:16:54 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
PRC - [2014/08/07 08:52:52 | 000,438,616 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2014/07/02 15:07:26 | 003,431,712 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
PRC - [2014/06/03 13:44:20 | 000,173,792 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2014/05/21 11:34:38 | 000,049,464 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
PRC - [2014/03/26 18:41:12 | 001,723,760 | ---- | M] (NDS Technologies) -- C:\Users\Dave\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
PRC - [2014/03/26 18:41:08 | 001,523,560 | ---- | M] () -- C:\Users\Dave\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
PRC - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
PRC - [2013/09/24 09:25:25 | 000,049,008 | ---- | M] (CenturyLink Inc) -- C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe
PRC - [2013/03/21 14:24:12 | 000,222,368 | ---- | M] () -- C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe
PRC - [2011/08/09 17:56:40 | 000,417,112 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/08/09 17:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2010/03/17 17:37:16 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/17 17:34:12 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/12/29 17:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/12/23 18:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/23 18:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/10/15 04:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/24 17:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/10/27 14:46:29 | 000,098,544 | ---- | M] () -- C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BrowserAdapter.exe
MOD - [2014/10/27 11:53:48 | 001,649,904 | ---- | M] () -- C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOASHelper.exe
MOD - [2014/10/27 11:53:46 | 001,791,216 | ---- | M] () -- C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOAS.exe
MOD - [2014/10/27 11:53:46 | 001,786,608 | ---- | M] () -- C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOASPRT.exe
MOD - [2014/10/22 21:17:40 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\99cdfef98595ed91f14936cf52a49c54\System.Management.ni.dll
MOD - [2014/10/21 19:42:52 | 001,840,640 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\75670ab8fe2a25bf165fafcc25be270e\System.Web.Services.ni.dll
MOD - [2014/10/21 19:42:41 | 000,774,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b3011370dcbf33751d3b9dce8091c6c6\System.Runtime.Remoting.ni.dll
MOD - [2014/10/21 19:42:10 | 000,310,784 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\91eb4f41130c65ef17f0fee1d3ab48fb\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2014/10/21 19:42:09 | 012,435,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll
MOD - [2014/10/21 19:42:02 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
MOD - [2014/10/21 19:41:55 | 005,467,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2014/10/21 19:41:51 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll
MOD - [2014/10/21 19:41:35 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d97a5aa0eb7697aca7c6e90ae471af2b\WindowsBase.ni.dll
MOD - [2014/10/21 19:41:28 | 007,991,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014/09/12 15:46:25 | 011,497,984 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014/08/25 20:47:23 | 002,640,408 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2014/08/11 11:16:55 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
MOD - [2014/06/04 15:17:12 | 000,892,288 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 3\webres.dll
MOD - [2014/03/26 18:42:08 | 000,091,976 | ---- | M] () -- C:\Users\Dave\AppData\Local\DIRECTV Player\z.dll
MOD - [2014/03/26 18:42:00 | 000,338,784 | ---- | M] () -- C:\Users\Dave\AppData\Local\DIRECTV Player\ndsLogStore.dll
MOD - [2014/03/26 18:41:58 | 001,403,224 | ---- | M] () -- C:\Users\Dave\AppData\Local\DIRECTV Player\libxml2-2.dll
MOD - [2014/03/26 18:41:48 | 000,043,880 | ---- | M] () -- C:\Users\Dave\AppData\Local\DIRECTV Player\libgstvideo-0.10.dll
MOD - [2014/03/26 18:41:46 | 000,689,000 | ---- | M] () -- C:\Users\Dave\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
MOD - [2014/03/26 18:41:44 | 000,060,272 | ---- | M] () -- C:\Users\Dave\AppData\Local\DIRECTV Player\libgstinterfaces-0.10.dll
MOD - [2014/03/26 18:41:36 | 000,205,672 | ---- | M] () -- C:\Users\Dave\AppData\Local\DIRECTV Player\libgstbase-0.10.dll
MOD - [2014/03/26 18:41:24 | 007,730,016 | ---- | M] () -- C:\Users\Dave\AppData\Local\DIRECTV Player\gsttspplugin.dll
MOD - [2014/03/26 18:41:10 | 005,979,488 | ---- | M] () -- C:\Users\Dave\AppData\Local\DIRECTV Player\PCShowServer.dll
MOD - [2014/03/26 18:41:08 | 001,523,560 | ---- | M] () -- C:\Users\Dave\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
MOD - [2014/03/26 18:41:02 | 003,261,280 | ---- | M] () -- C:\Users\Dave\AppData\Local\DIRECTV Player\DrmSingleton.dll
MOD - [2014/03/26 18:41:02 | 002,229,096 | ---- | M] () -- C:\Users\Dave\AppData\Local\DIRECTV Player\DiscoveryManager.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/10/15 04:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/09/18 21:25:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/03/17 17:29:08 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/03/17 17:27:52 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/02/03 02:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/09 19:48:34 | 001,044,648 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\SysNative\dldtcoms.exe -- (dldt_device)
SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2014/10/27 19:48:10 | 000,524,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AdvanceElite\bin\utilAdvanceElite.exe -- (Util AdvanceElite)
SRV - [2014/10/27 18:07:26 | 000,123,632 | ---- | M] () [Auto | Running] -- C:\ProgramData\d2446020-ddff-402b-b064-199d2ce66b2b\maintainer.exe -- (MaintainerSvc1.20.7247763)
SRV - [2014/10/26 15:09:33 | 000,523,504 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe -- (Update AdvanceElite)
SRV - [2014/10/21 16:34:22 | 000,990,584 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2014/09/24 17:38:24 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/21 05:59:37 | 000,262,968 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\21.6.0.32\NAV.exe -- (NAV)
SRV - [2014/09/12 05:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/08/11 11:16:55 | 001,820,184 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe -- (vToolbarUpdater18.1.9)
SRV - [2014/08/07 08:52:52 | 000,438,616 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2014/06/03 13:44:20 | 000,173,792 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2014/05/21 11:34:38 | 000,049,464 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE -- (BBUpdate)
SRV - [2014/03/11 23:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/03/21 14:24:12 | 000,222,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe -- (Updater Service for AMZN)
SRV - [2011/08/09 17:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/15 05:50:12 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/17 17:37:16 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/17 17:34:12 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/17 17:29:08 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe -- (AESTFilters)
SRV - [2010/03/17 17:27:52 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe -- (STacSV)
SRV - [2009/12/23 18:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/10/26 10:31:44 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}Gw64.sys -- ({b0c7827f-c845-429a-833b-c2a798fc4fc3}Gw64)
DRV:64bit: - [2014/10/23 12:30:34 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64.sys -- ({f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64)
DRV:64bit: - [2014/10/19 18:48:51 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2014/08/25 22:26:58 | 000,593,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NAVx64\1506000.020\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/08/25 22:26:57 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\NAVx64\1506000.020\symefa64.sys -- (SymEFA)
DRV:64bit: - [2014/08/25 22:20:22 | 000,876,248 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\SysNative\drivers\NAVx64\1506000.020\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2014/08/25 22:20:22 | 000,037,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NAVx64\1506000.020\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2014/08/11 11:16:55 | 000,050,976 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2014/08/06 15:48:16 | 000,266,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NAVx64\1506000.020\ironx64.sys -- (SymIRON)
DRV:64bit: - [2014/06/04 15:17:14 | 000,021,184 | ---- | M] (IObit) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2014/01/07 08:42:08 | 000,076,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/09/25 22:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NAVx64\1506000.020\ccsetx64.sys -- (ccSet_NAV)
DRV:64bit: - [2013/09/09 22:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\NAVx64\1506000.020\symds64.sys -- (SymDS)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 23:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/03/17 17:44:44 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/17 17:41:48 | 000,325,152 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/17 17:33:06 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2010/03/17 17:29:52 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/17 17:27:14 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/02/26 20:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 10:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/02/03 02:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2010/02/03 02:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2010/02/03 02:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/12/17 11:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2014/10/21 16:43:22 | 000,633,560 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20141027.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/10/19 05:35:45 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20141027.001\ex64.sys -- (NAVEX15)
DRV - [2014/10/19 05:35:45 | 000,487,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/10/19 05:35:45 | 000,142,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/10/19 05:35:45 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20141027.001\eng64.sys -- (NAVENG)
DRV - [2014/10/16 23:06:56 | 001,587,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20141024.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.bkmks.com/
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1001\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\10.0\iobitappsToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1001\..\SearchScopes,DefaultScope = {C9D7933B-9638-4D0A-911E-3F5426231A97}
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2013-01-19 16:42:07&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1001\..\SearchScopes\{9C596A39-04D5-4858-82E6-7B2D669F4F23}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1001\..\SearchScopes\{C9D7933B-9638-4D0A-911E-3F5426231A97}: "URL" = https://search.yahoo...&p={searchTerms}
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1001\..\SearchScopes\9705932A03C64A7D8783A9093E45DAF9: "URL" = http://search.yahoo....&p={searchTerms}
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://astromenda.co...r=1237709631=
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 13 B5 8E B1 73 E0 CC 01  [binary data]
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1003\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\10.0\iobitappsToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1003\..\SearchScopes,DefaultScope = {2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1003\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = https://search.yahoo...&p={searchTerms}
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1003\..\SearchScopes\{7E031750-8AD7-4ED2-ACB1-E3303FCB5B98}: "URL" = http://astromenda.co...r=1237709631=
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1003\..\SearchScopes\{868B13F7-31D3-4DFE-B9B7-27AE84181A5C}: "URL" = http://search.yahoo....&p={searchTerms}
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2013-01-19 16:42:07&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 FF CF 62 D3 CA CF 01  [binary data]
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1005\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\10.0\iobitappsToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1005\..\SearchScopes,DefaultScope = {7CE215D8-9305-4040-A2FD-86F745F4E380}
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1005\..\SearchScopes\{7CE215D8-9305-4040-A2FD-86F745F4E380}: "URL" = http://search.yahoo....&p={searchTerms}
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1005\..\SearchScopes\{C036F0DA-8CC2-4251-96F9-FCB7D24FC9EE}: "URL" = http://search.yahoo....&p={searchTerms}
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\Dave\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)
FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Users\Dave\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF [2014/10/19 18:49:11 | 000,000,000 | ---D | M]
 
[2014/02/09 21:24:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Yahoo (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....&p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...nd={searchTerms},
CHR - homepage: https://www.bkmks.com/
CHR - plugin: Error reading preferences file
CHR - Extension: McAfee Security Scan+ = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh\3.8.141.12_0\
CHR - Extension: Ebay Shopping Assistant by Spigot = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.1_0\
CHR - Extension: Domain Error Assistant = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\
CHR - Extension: Slick Savings = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0\
CHR - Extension: AVG Security Toolbar = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\18.1.0.443_0\
CHR - Extension: Google Wallet = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Amazon 1Button App for Chrome = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam\4.2014.411.0_0\
CHR - Extension: Amazon Shopping Assistant by Spigot = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\
CHR - Extension: AdvanceElite = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbbmldjcnhopjhpifcocnmkooiadpbb\1.0.1_0\
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\10.0\iobitappsToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (AdvanceElite) - {3b2cb4c8-72ab-4b25-8fa1-219b36a60bed} - C:\Program Files (x86)\AdvanceElite\AdvanceElitebho.dll (AdvanceElite)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\21.6.0.32\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CenturyLink Toolbar) - {83453B9B-B889-4659-9144-20F081542BDC} - C:\Program Files (x86)\centurytoolbar\centurytoolbarDx.dll ()
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AlxHelper Class) - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
O3:64bit: - HKLM\..\Toolbar: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\10.0\iobitappsToolbarIE64.dll (Spigot, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\10.0\iobitappsToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (CenturyLink Toolbar) - {83453B9B-B889-4659-9144-20F081542BDC} - C:\Program Files (x86)\centurytoolbar\centurytoolbarDx.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (Amazon Browser Bar) - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
O3 - HKU\S-1-5-21-1191499748-3630827782-3512929281-1001\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
O3 - HKU\S-1-5-21-1191499748-3630827782-3512929281-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1191499748-3630827782-3512929281-1003\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
O3 - HKU\S-1-5-21-1191499748-3630827782-3512929281-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1191499748-3630827782-3512929281-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [CenturyLinkTouchPointAgent] C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe (CenturyLink Inc)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey File not found
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\.DEFAULT..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKU\S-1-5-18..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1191499748-3630827782-3512929281-1001..\Run: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-1191499748-3630827782-3512929281-1001..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKU\S-1-5-21-1191499748-3630827782-3512929281-1001..\Run: [PCShowServer] C:\Users\Dave\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe (NDS Technologies)
O4 - HKU\S-1-5-21-1191499748-3630827782-3512929281-1003..\Run: [BRS] C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe -runBRS File not found
O4 - HKU\S-1-5-21-1191499748-3630827782-3512929281-1003..\Run: [Driver Support] C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe (PC Drivers Headquarters)
O4 - HKU\S-1-5-21-1191499748-3630827782-3512929281-1003..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-1191499748-3630827782-3512929281-1003..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O4 - Startup: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Teresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pears...ces/ax/stub.cab (Enlite 2.x Simulation Engine Installer)
O16 - DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_67)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_67)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.226
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{174EFE9D-D621-4776-BDEF-F92415824A35}: DhcpNameServer = 192.168.0.1 205.171.2.226
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\PFW: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/10/27 20:59:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dave\Documents\OTL.exe
[2014/10/27 20:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\d2446020-ddff-402b-b064-199d2ce66b2b
[2014/10/26 15:07:20 | 000,048,784 | ---- | C] (StdLib) -- C:\windows\SysNative\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}Gw64.sys
[2014/10/23 20:29:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit Apps Toolbar
[2014/10/23 20:29:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2014/10/23 20:26:03 | 000,048,784 | ---- | C] (StdLib) -- C:\windows\SysNative\drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64.sys
[2014/10/22 21:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2014/10/22 21:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
[2014/10/22 21:07:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Support
[2014/10/22 21:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Support
[2014/10/22 21:05:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WSE_Astromenda
[2014/10/22 21:04:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2014/10/22 21:04:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RCP
[2014/10/21 19:56:36 | 000,593,112 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NAVx64\1506000.020\symnets.sys
[2014/10/21 19:56:36 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NAVx64\1506000.020\symelam.sys
[2014/10/21 19:56:35 | 001,148,120 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NAVx64\1506000.020\symefa64.sys
[2014/10/21 19:56:35 | 000,876,248 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NAVx64\1506000.020\srtsp64.sys
[2014/10/21 19:56:35 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NAVx64\1506000.020\symds64.sys
[2014/10/21 19:56:35 | 000,266,968 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NAVx64\1506000.020\ironx64.sys
[2014/10/21 19:56:35 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NAVx64\1506000.020\ccsetx64.sys
[2014/10/21 19:56:35 | 000,037,592 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NAVx64\1506000.020\srtspx64.sys
[2014/10/21 19:56:15 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NAVx64\1506000.020
[2014/10/19 21:33:16 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\CrashDumps
[2014/10/19 21:32:13 | 000,000,000 | ---D | C] -- C:\Users\Dave\Documents\MLB Ballpark Empire Hack
[2014/10/19 20:44:19 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\PCHC
[2014/10/19 18:55:09 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014/10/19 18:55:09 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/10/19 18:55:08 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/10/19 18:55:08 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014/10/19 18:55:08 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2014/10/19 18:55:08 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014/10/19 18:55:08 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/10/19 18:55:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014/10/19 18:55:08 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/10/19 18:55:06 | 002,017,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014/10/19 18:55:06 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2014/10/19 18:55:06 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014/10/19 18:55:06 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014/10/19 18:55:06 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/10/19 18:55:06 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014/10/19 18:55:05 | 000,731,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/10/19 18:55:04 | 002,108,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014/10/19 18:55:04 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2014/10/19 18:55:04 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/10/19 18:55:03 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014/10/19 18:55:03 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/10/19 18:55:03 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014/10/19 18:55:03 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2014/10/19 18:55:01 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014/10/19 18:55:01 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2014/10/19 18:55:00 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2014/10/19 18:55:00 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/10/19 18:54:59 | 005,829,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/10/19 18:54:59 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014/10/19 18:54:59 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014/10/19 18:54:59 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2014/10/19 18:54:59 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014/10/19 18:54:58 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/10/19 18:54:58 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2014/10/19 18:54:57 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2014/10/19 18:52:36 | 001,943,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dfshim.dll
[2014/10/19 18:52:36 | 001,131,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dfshim.dll
[2014/10/19 18:52:36 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mscorier.dll
[2014/10/19 18:52:36 | 000,156,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mscorier.dll
[2014/10/19 18:52:35 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mscories.dll
[2014/10/19 18:52:35 | 000,073,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mscories.dll
[2014/10/19 18:52:27 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014/10/19 18:52:27 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\generaltel.dll
[2014/10/19 18:52:24 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014/10/19 18:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\centurytoolbar
[2014/10/19 18:48:51 | 000,177,752 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/10/19 18:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2014/10/19 18:47:34 | 003,241,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll
[2014/10/19 18:47:23 | 004,922,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll
[2014/10/19 18:47:23 | 001,050,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstsc.exe
[2014/10/19 18:47:23 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aaclient.dll
[2014/10/19 18:47:23 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tsgqec.dll
[2014/10/19 18:47:23 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll
[2014/10/19 18:47:22 | 001,125,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstsc.exe
[2014/10/19 18:47:22 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aaclient.dll
[2014/10/19 18:47:21 | 005,780,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll
[2014/10/19 18:47:21 | 003,179,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorets.dll
[2014/10/19 18:46:58 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rastls.dll
[2014/10/19 18:46:45 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winlogon.exe
[2014/10/19 18:46:45 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsta.dll
[2014/10/19 18:46:45 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll
[2014/10/19 18:43:15 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\packager.dll
[2014/10/19 18:43:15 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\packager.dll
[2014/10/19 18:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CenturyLink
[2014/10/19 16:35:08 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\AskPartnerNetwork
[2014/10/19 16:35:04 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork
[2014/10/19 16:35:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AskPartnerNetwork
[2014/10/19 16:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2014/10/17 18:46:17 | 000,000,000 | ---D | C] -- C:\NPE
[2014/10/17 18:42:13 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\NPE
[2014/10/17 17:10:02 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\IsolatedStorage
[2014/10/17 17:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\Earth Networks
[2014/10/17 17:09:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AdvanceElite
[2014/10/17 17:09:16 | 000,000,000 | ---D | C] -- C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}
[2014/10/17 13:25:39 | 000,000,000 | ---D | C] -- C:\Users\Dave\Documents\ADDA Mechanical Drafter Certification Exam Revie Guide
[2014/10/17 13:11:42 | 000,000,000 | ---D | C] -- C:\Users\Dave\Documents\Desktop Images
[2014/10/16 19:47:18 | 000,372,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rastls.dll
[2014/10/04 16:48:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2014/10/04 16:18:34 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NAVx64
[2014/10/04 16:18:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2014/10/04 16:18:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton AntiVirus
[2014/10/04 16:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2014/10/04 16:18:28 | 000,000,000 | ---D | C] -- C:\Users\Dave\Documents\Symantec
[2014/10/04 16:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2014/10/04 16:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2014/10/04 15:57:00 | 000,000,000 | ---D | C] -- C:\ProgramData\CenturyLink
[2014/10/04 15:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Qwest
[2014/10/04 15:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CenturyLink
[2014/10/02 10:45:59 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll
[2014/10/02 10:45:59 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014/10/27 21:09:56 | 000,022,704 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/27 21:09:56 | 000,022,704 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/27 21:07:00 | 000,000,296 | ---- | M] () -- C:\windows\tasks\UpdaterEX.job
[2014/10/27 21:05:00 | 000,000,296 | ---- | M] () -- C:\windows\tasks\WSE_Astromenda.job
[2014/10/27 21:02:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/27 20:59:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Documents\OTL.exe
[2014/10/27 20:38:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/10/27 19:47:23 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/10/27 19:46:47 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/27 19:46:00 | 000,000,350 | ---- | M] () -- C:\windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014/10/27 19:45:20 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/10/27 19:45:00 | 3062,902,784 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/26 10:31:44 | 000,048,784 | ---- | M] (StdLib) -- C:\windows\SysNative\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}Gw64.sys
[2014/10/23 12:30:34 | 000,048,784 | ---- | M] (StdLib) -- C:\windows\SysNative\drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64.sys
[2014/10/22 21:08:22 | 000,002,263 | ---- | M] () -- C:\Users\Public\Desktop\Driver Support.lnk
[2014/10/22 21:04:36 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2014/10/22 20:59:17 | 002,948,932 | ---- | M] () -- C:\windows\SysNative\drivers\NAVx64\1506000.020\Cat.DB
[2014/10/22 20:58:31 | 000,002,614 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2014/10/21 19:30:28 | 000,409,576 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/10/19 21:27:59 | 000,458,934 | ---- | M] () -- C:\Users\Dave\Documents\MLB BALLPARK EMPIRE HACK TOOL.rar
[2014/10/19 20:37:40 | 000,000,146 | ---- | M] () -- C:\Users\Dave\Desktop\CenturyLink PC Services.url
[2014/10/19 18:48:51 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/10/19 18:48:51 | 000,008,222 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/10/19 18:48:51 | 000,000,854 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/10/14 12:44:28 | 000,048,844 | ---- | M] () -- C:\windows\SysNative\drivers\NAVx64\1506000.020\VT20141014.006
[2014/10/10 21:18:18 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2014/10/09 22:05:59 | 000,276,480 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\generaltel.dll
[2014/10/09 22:05:42 | 000,507,392 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014/10/09 22:00:38 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
 
========== Files Created - No Company Name ==========
 
[2014/10/27 19:47:22 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/10/22 21:08:22 | 000,002,263 | ---- | C] () -- C:\Users\Public\Desktop\Driver Support.lnk
[2014/10/22 21:07:45 | 000,000,296 | ---- | C] () -- C:\windows\tasks\UpdaterEX.job
[2014/10/22 21:07:13 | 000,000,296 | ---- | C] () -- C:\windows\tasks\WSE_Astromenda.job
[2014/10/22 21:04:36 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2014/10/22 20:55:16 | 002,948,932 | ---- | C] () -- C:\windows\SysNative\drivers\NAVx64\1506000.020\Cat.DB
[2014/10/21 19:58:20 | 000,048,844 | ---- | C] () -- C:\windows\SysNative\drivers\NAVx64\1506000.020\VT20141014.006
[2014/10/21 19:56:36 | 000,009,939 | R--- | C] () -- C:\windows\SysNative\drivers\NAVx64\1506000.020\symelam64.cat
[2014/10/21 19:56:36 | 000,008,192 | ---- | C] () -- C:\windows\SysNative\drivers\NAVx64\1506000.020\symnet64.cat
[2014/10/21 19:56:36 | 000,001,440 | ---- | C] () -- C:\windows\SysNative\drivers\NAVx64\1506000.020\symnet.inf
[2014/10/21 19:56:36 | 000,001,098 | R--- | C] () -- C:\windows\SysNative\drivers\NAVx64\1506000.020\symelam.inf
[2014/10/21 19:56:35 | 000,008,202 | R--- | C] () -- C:\windows\SysNative\drivers\NAVx64\1506000.020\ccsetx64.cat
[2014/10/21 19:56:35 | 000,008,194 | ---- | C] () -- C:\windows\SysNative\drivers\NAVx64\1506000.020\symefa64.cat
[2014/10/21 19:56:35 | 000,008,188 | R--- | C] () -- C:\windows\SysNative\drivers\NAVx64\1506000.020\symds64.cat
[2014/10/21 19:56:35 | 000,008,188 | ---- | C] () -- C:\windows\SysNative\drivers\NAVx64\1506000.020\srtspx64.cat
[2014/10/21 19:56:35 | 000,008,184 | ---- | C] () -- C:\windows\SysNative\drivers\NAVx64\1506000.020\srtsp64.cat
[2014/10/21 19:56:35 | 000,008,184 | ---- | C] () -- C:\windows\SysNative\drivers\NAVx64\1506000.020\iron.cat
[2014/10/21 19:56:35 | 000,003,433 | ---- | C] () -- C:\windows\SysNative\drivers\NAVx64\1506000.020\symefa.inf
[2014/10/21 19:56:35 | 000,002,852 | R--- | C] () -- C:\windows\SysNative\drivers\NAVx64\1506000.020\symds.inf
[2014/10/21 19:56:35 | 000,001,437 | ---- | C] () -- C:\windows\SysNative\drivers\NAVx64\1506000.020\srtsp64.inf
[2014/10/21 19:56:35 | 000,001,420 | ---- | C] () -- C:\windows\SysNative\drivers\NAVx64\1506000.020\srtspx64.inf
[2014/10/21 19:56:35 | 000,000,855 | R--- | C] () -- C:\windows\SysNative\drivers\NAVx64\1506000.020\ccsetx64.inf
[2014/10/21 19:56:35 | 000,000,767 | ---- | C] () -- C:\windows\SysNative\drivers\NAVx64\1506000.020\iron.inf
[2014/10/21 19:56:15 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NAVx64\1506000.020\isolate.ini
[2014/10/19 21:27:59 | 000,458,934 | ---- | C] () -- C:\Users\Dave\Documents\MLB BALLPARK EMPIRE HACK TOOL.rar
[2014/10/19 20:37:40 | 000,000,146 | ---- | C] () -- C:\Users\Dave\Desktop\CenturyLink PC Services.url
[2014/10/19 18:48:51 | 000,008,222 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/10/19 18:48:51 | 000,000,854 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/10/19 18:48:50 | 000,002,614 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2014/10/10 21:18:18 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2014/01/28 22:56:38 | 000,775,124 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/08/02 20:09:35 | 000,362,029 | ---- | C] () -- C:\windows\SysWow64\sqlite3.dll
[2013/03/19 23:59:34 | 000,077,650 | ---- | C] () -- C:\windows\hpqins05.dat
[2013/03/19 22:04:44 | 000,221,544 | ---- | C] () -- C:\windows\hpoins19.dat
[2013/03/19 22:04:44 | 000,013,898 | ---- | C] () -- C:\windows\hpomdl19.dat
[2012/02/18 12:07:58 | 000,000,065 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\StvInventor_3D.ini
[2011/12/16 14:19:38 | 000,115,004 | ---- | C] () -- C:\Users\Dave\Bowl Pool 2011 Tally Sheet.pdf
[2011/12/10 11:03:01 | 000,025,463 | ---- | C] () -- C:\Users\Dave\Bowl Pool 2011-Pick Sheet.pdf
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\shell32.dll -- [2014/06/24 22:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

 

 

OTL Extras logfile created on: 10/27/2014 9:02:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dave\Documents
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 39.42% Memory free
7.61 Gb Paging File | 4.34 Gb Available in Paging File | 57.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.34 Gb Total Space | 197.33 Gb Free Space | 69.64% Space Free | Partition Type: NTFS
 
Computer Name: WALKER-LAPTOP | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-1191499748-3630827782-3512929281-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 0
"FirewallDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006DC5ED-478B-40F2-9987-BAB9A5338B4A}" = rport=137 | protocol=17 | dir=out | app=system |
"{163FF1A3-235D-424C-8605-2F5B78C5F167}" = rport=445 | protocol=6 | dir=out | app=system |
"{2029505C-2AF6-4521-B03F-721575D7F832}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{203C88E0-B59A-434E-A43D-42966F88757D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{25C9B354-8D99-4F4D-B7D3-E00C1FD48B84}" = lport=445 | protocol=6 | dir=in | app=system |
"{39A5223F-9FF4-4073-B319-9DFA191A0255}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{485C48CA-F77B-4196-A303-0F99F9A0119C}" = lport=139 | protocol=6 | dir=in | app=system |
"{5D83CD2E-7C03-469E-9E58-F3966E47430E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{60F9C472-A6F1-4129-B110-5F1E6FA6256B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6134BC38-2D82-4F32-9128-1FE4E764BC1D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{647DEFE0-BEEC-46E3-8FD1-B6724C9734AC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{698098BD-2A73-46C0-A457-E171C48865FD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7026E24D-DB5C-4C63-904B-550CAC8F8E19}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7BABBFA2-B091-4652-8437-34B34CA3E543}" = lport=137 | protocol=17 | dir=in | app=system |
"{8930D8CC-E59C-4E8E-A780-C58E3400191C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B8478A2D-980C-4495-A2E5-704DD547773F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B91F2A13-26B9-472A-88C6-C77AA542B59B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BA30B924-5EE4-4900-95C7-5E27EED492C3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{BBFCEB8A-E6D4-4189-91E4-CA47F9BF3722}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BC72CC65-2AE5-490C-9664-BB61734B5433}" = rport=139 | protocol=6 | dir=out | app=system |
"{C75F754F-DEF0-47CA-99CB-3DC4466EC507}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D125E8E0-75EC-4D72-9AFD-92E213E4AE53}" = lport=138 | protocol=17 | dir=in | app=system |
"{D5AC1939-C711-4E76-B8D0-8E45972B2B30}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E4EAD83F-578C-4894-A502-1471D7D6C790}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E698333C-3749-4568-AC89-EDFECD6DABAB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FA663870-670D-4C21-B16D-8798E123B78C}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{FC9A09AA-43AA-400E-8701-47C011B7DF86}" = rport=138 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0002E07E-CF8C-44FA-BB82-462625B06244}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{00223E96-280F-42FA-B7E0-5026E700FA4B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{21F78D90-6591-4074-87C6-EE448C526DD0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{26A5EF71-BE68-4300-A64E-2F9F5557F722}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2EC3025E-230F-490B-81D5-366AE2418330}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{308C3967-D999-4530-B0B3-62040661A26C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{325FDC7A-CC54-430E-B8EF-1519CE0EF0EA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{38BE50B9-70E0-4808-8242-11A5E32FADB7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3A14C0E9-1159-46C0-88AB-63735B5EE9DF}" = protocol=58 | dir=out | [email protected],-28546 |
"{3B9924F4-F16F-4CB4-89F8-9F59A12447CE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{429D8FE0-5A68-4630-BE64-0ED29B417FCA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{4E6545B6-A99A-4C58-9D72-704E3A715005}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{519F1A97-6117-48FD-9B9F-D15DF84646C4}" = protocol=17 | dir=in | app=c:\windows\system32\dldtcoms.exe |
"{535EFE5A-233A-4F92-ACDC-1F0BAA809D54}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{58B06CDA-BED1-41D7-9905-F16765E74B55}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{59278FD6-F43E-4738-B829-996598F626D0}" = protocol=6 | dir=in | app=c:\windows\system32\dldtcoms.exe |
"{592BFBE7-9441-4448-9343-18E61009F60D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{609E161E-CE1B-41F7-99D9-6C51A12EED59}" = protocol=1 | dir=in | [email protected],-28543 |
"{616243F0-D2C6-46C4-9155-E98A4929D881}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F40166-C942-422B-96BC-1D264F3489D7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{6C7F8F99-DAF4-4DA5-A954-9A2650B89EDE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{6EFFB75E-68AC-49E8-AAF2-BCB6F71038C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{784209E6-A3FA-46B4-8B2F-F82AC43C296B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{7B3E209A-65A9-4E89-8096-C18F6BDA23C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{83CBF090-18E5-4944-AA9A-1D197C89FD12}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{8613C311-AFC1-4DC2-A9FE-9FC81B172C2C}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{8EAB4E2B-6C8D-4F15-B3C6-7D6FA2F7562F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{94DE7EB6-7CF1-4EE1-A008-FCDDBED557B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{96EF6FF3-E5D4-475F-97CF-9A2C8FEC075F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{9A0B1089-F8A0-49B7-870D-9417987D3C51}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{9E56198C-EC5D-47B7-BC5B-5B3323D008B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A043659D-7832-4099-B094-FA19E468C1B6}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{A0C1DD46-6700-491B-8E31-25C0BF019698}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6F1E277-538E-4D7B-B2A0-98E12DD3C41D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{A8A93D35-208B-4A09-A0F5-485C5D19EA8C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AA972C3E-2EBD-44EE-8BDB-3A89F4830286}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B03B5988-78C0-400B-A80D-CD6AA7B2ECF9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BB0A69C9-FE36-4DDB-94BB-10E9DA4C386E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BF69DC93-FF62-4254-9DC7-B3ECFC73DF77}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{BFB16413-70B7-49EE-9210-C7AB802F50AB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{C14EBA27-872A-47F7-83AB-C8D2E2C55974}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{C234B9E6-4EBE-4F76-A04F-20C274DA8003}" = protocol=58 | dir=in | [email protected],-28545 |
"{C352586F-255C-40AC-8DCB-B8AA3F9378C5}" = protocol=6 | dir=out | app=system |
"{C4F32E78-A078-4A8B-A9C7-4E73DDBFFD64}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C8AD3D9C-57AF-4DB1-8597-47D1BCE0A3CB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D0118D7F-84FE-48C5-849A-90008280CCC3}" = protocol=1 | dir=out | [email protected],-28544 |
"{D77BDDD3-C55E-4C4B-B754-525BDA4B4398}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D9AA9987-ACB1-4F4A-B380-749B9A67782A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E369F4B3-C2D4-4747-B5E6-8170C8949721}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{E7EA138A-81E2-4E00-9D18-908A67CFEC4F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{F27FE860-1768-46BD-9AB3-36A98BE88A7A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{F6F92C34-822C-4977-BBBA-3325FAC3F8EC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"TCP Query User{146A3A24-CCAC-490E-9E73-FD9DEF695FB1}C:\users\dave\appdata\local\directv player\ndspcshowserver.exe" = protocol=6 | dir=in | app=c:\users\dave\appdata\local\directv player\ndspcshowserver.exe |
"TCP Query User{60D6D585-2136-4718-BC98-7EC7F07D9BFF}C:\users\dave\appdata\local\directv player\ndspcshowserver.exe" = protocol=6 | dir=in | app=c:\users\dave\appdata\local\directv player\ndspcshowserver.exe |
"UDP Query User{934F4531-FDBC-4CBF-9927-E36576E06169}C:\users\dave\appdata\local\directv player\ndspcshowserver.exe" = protocol=17 | dir=in | app=c:\users\dave\appdata\local\directv player\ndspcshowserver.exe |
"UDP Query User{CDEC1E8C-099F-446F-9E40-95034B05D3BD}C:\users\dave\appdata\local\directv player\ndspcshowserver.exe" = protocol=17 | dir=in | app=c:\users\dave\appdata\local\directv player\ndspcshowserver.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{237D687E-9E50-4A30-B810-262764CC491B}" = Garmin Communicator Plugin x64
"{37A08B0D-1168-49E3-B2BD-933B83F36E92}" = ANT Drivers Installer x64
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)
"AdvanceElite" = AdvanceElite
"Amazon Browser Bar" = Amazon Browser Bar
"CCleaner" = CCleaner
"D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2" = Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1)
"DW WLAN Card Utility" = DW WLAN Card Utility
"F9D2A789F9CFF8CEC36B544F53877C80F1F73C46" = Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201)
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{187DA2A3-9687-4740-BD77-5ABB15BCDA8D}" = Garmin Express
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1D601240-1E3C-11DE-8C30-0800200C9A66}" = Walmart Photo Manager
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{2289494D-48E6-40F0-ABE1-24F1FD5A84E5}" = Garmin Express Tray
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{2E87F4AB-99BF-421C-AF7B-365A9C08549A}" = F300
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3365E735-48A6-4194-9988-CE59AC5AE503}" = Bing Bar
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C4BCD2A-8D3C-4663-9449-AB7B3AFD096F}" = Elevated Installer
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}" = Garmin USB Drivers
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{43CA6533-3E0C-4B89-A99F-631242F3CCF3}" = IObit Apps Toolbar v10.0
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{597FB4A5-DD86-4316-A410-7E8074CC2CCE}" = Driver Support
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{647BB978-2876-487B-9B0E-FDB73F0EA4A2}" = Garmin Communicator Plugin
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{68C5BF13-93DA-4185-AA07-0451CF8542CD}" = Medical Assisting Exam Review
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.09)
"{AE1EC58E-B2AC-4959-A4C2-C38202A25239}" = Garmin WebUpdater
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{b43ffffb-1adc-4bcb-b277-7844ebff94da}" = Garmin Express
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C96FF998-45BD-411E-9253-B7F2660FE280}" = CenturyLink Installer
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}" = HP Support Solutions Framework
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{dbaba6a3-366e-43a7-8f4e-b0a868c06ab3}" = DIRECTV Player
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"Amazon Browser Settings" = Amazon Browser Settings
"AVG Secure Search" = AVG Security Toolbar
"centurytoolbar" = CenturyLink Toolbar
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"IrfanView" = IrfanView (remove only)
"NAV" = Norton AntiVirus
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Origin" = Origin
"RegClean-Pro_is1" = RegClean-Pro
"Smart Defrag 3_is1" = Smart Defrag 3
"WildTangent dell Master Uninstall" = WildTangent Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WSE_Astromenda" = WSE_Astromenda
"WTA-00db7973-e90f-4542-8f21-c0c3eb60b973" = The Cross Formula
"WTA-07c3731f-30b7-426a-b08a-3ce5f75bb33c" = Cooking Academy 3: Recipe for Success
"WTA-0b744828-afe7-4061-87d7-e3373f6fd5dd" = Time to Hurry: Nicole's Story
"WTA-26563187-41fc-42e3-8a59-4f26efe0693d" = Delicious: Emily's True Love Premium Edition
"WTA-2f3ec5cd-3d1e-4773-88a9-af5c573ba6ac" = Titanic's Keys to the Past
"WTA-357dd6ad-0e39-4927-b7f4-df6f28c23434" = Elizabeth Find, MD - Diagnosis Mystery
"WTA-4b9ac9d4-62cc-4046-b87c-a6d501e43913" = Inspector Magnusson - Murder on the Titanic
"WTA-55b70fb0-aafa-4e85-a9be-af74ed0485de" = Gardenscapes: Mansion Makeover
"WTA-59b049f1-e4e5-46c4-8daa-d282854112d2" = Elizabeth Find MD Diagnosis Mystery: Season 2
"WTA-5a912ae6-3c8e-4bf0-ab2d-6e7adcceb760" = Family Vacation: California
"WTA-61c92774-c3d1-426e-b2ed-d42694eb2722" = Vampire Saga 3: Break Out
"WTA-62e3dc21-913a-495e-af00-1a2922f6edb7" = The Price is Right
"WTA-63848029-c7ec-48f6-b05d-c6f17f78c254" = Once Upon a Farm
"WTA-6484fb44-aec1-44c6-ad4e-98f5620d2c8c" = Theatre of the Absurd Collector's Edition
"WTA-64d1471f-eb12-4c34-aaa0-e1668e9960b2" = Memory Clinic
"WTA-678f525a-19fd-472f-9638-4f68b69f29aa" = The Adventures of Aladdin and the Magic Skull
"WTA-69ad0be5-a90a-409f-8241-0a7f48efd94b" = Cases of Stolen Beauty
"WTA-6a9c029a-ac1d-464e-9251-5adf807c5a6b" = Live Novels Jane Austin's Pride and Prejudice
"WTA-71b29657-57ef-4704-805c-8971acd2911c" = Delicious: Emily's Childhood Memories Premium Edition
"WTA-76506a85-c025-462c-b59e-020c3043c65c" = Vacation Quest - The Hawaiian Islands
"WTA-76d47a3d-c5ab-4595-8125-2d91699e03f4" = Criminal Minds
"WTA-7e2e29c5-44db-44d8-a7e5-40c5400d16d4" = Delicious Emily's Holiday Season
"WTA-864dcabd-737a-4c90-a5f2-904bb1f68536" = Gardenscapes
"WTA-8a287477-db78-49db-b426-ed7be0b31fed" = Special Enquiry Detail: Engaged to Kill
"WTA-8a383341-5d3d-47ec-8dae-12a2b5fd3431" = Weird Park: Broken Tune
"WTA-9dfde5ac-db84-4168-be52-311e895b928f" = Delicious - Emily's Taste of Fame
"WTA-a6099e8a-f738-4ae9-9543-2378745a07cc" = The Game of Life®
"WTA-af2aea3c-47b8-4000-a07a-232acc9986b8" = The Lost Cases of Sherlock Holmes 2
"WTA-b068083a-0a2a-4394-89f8-f4811284ca45" = Ghost Whisperer
"WTA-b5a7bdf8-fdb9-436f-848e-b3f9aaf145dc" = House, MD
"WTA-b6a6093a-2a6f-44ca-90da-c673bdceb930" = Bejeweled 3
"WTA-c08d2cb3-313e-4d75-a8b4-1f93ae8c4254" = Cooking Dash 3: Thrills and Spills
"WTA-c1472201-2ddb-47e7-9593-af5bb90a8b27" = Women's Murder Club - Twice in a Blue Moon
"WTA-c9b5be85-9fb8-432d-9496-566cdf4b8388" = Atlantic Journey: The Lost Brother
"WTA-ce3c0866-12ce-48e3-afb2-b5c46d2b8716" = Gardenscapes 2 Collector's Edition
"WTA-dc799447-5345-4e7c-8ed6-c0834d6340ea" = Delicious - Emily's Tea Garden
"WTA-de339965-d379-4ae0-b16c-04cfb2609716" = Dr. Wise - Medical Mysteries
"WTA-e2d8c639-7467-4f42-8f91-021d33a7bc04" = Delicious - Emily's Wonder Wedding Premium Edition
"WTA-e4072aa1-0da2-4b0e-b307-78730a7a20d0" = Virtual Families 2
"WTA-eb29dd1d-3727-48ca-ba77-0e95e34fddea" = Super Collapse Puzzle Gallery 3
"WTA-ec6ad64d-8974-421e-b099-733855b297e6" = Double Play - The Family Feud Bundle
"WTA-f7218cff-56a5-4ffd-897e-eb66ca8d55ee" = Girls With Secrets
"WTA-f9e9f72f-957f-489b-9535-a576c317a3d2" = Cooking Academy 2 - World Cuisine
"WTA-fb80f833-a178-4456-a928-4ee569d7e713" = Vacation Quest™ - Australia
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1191499748-3630827782-3512929281-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UpdaterEX" = Extended Update
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/22/2014 9:00:32 PM | Computer Name = Walker-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 37.0.2062.124, time
 stamp: 0x5420d868  Faulting module name: chrome.dll, version: 37.0.2062.124, time
 stamp: 0x5420d5a6  Exception code: 0x80000003  Fault offset: 0x004f49a4  Faulting process
 id: 0x708  Faulting application start time: 0x01cfee5cbf1451fd  Faulting application
 path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  Faulting module
 path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome.dll
Report
 Id: fcca625e-5a4f-11e4-83df-a14e17c98d1f
 
Error - 10/22/2014 9:09:10 PM | Computer Name = Walker-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 37.0.2062.124, time
 stamp: 0x5420d868  Faulting module name: chrome.dll, version: 37.0.2062.124, time
 stamp: 0x5420d5a6  Exception code: 0x80000003  Fault offset: 0x004f49a4  Faulting process
 id: 0x1af0  Faulting application start time: 0x01cfee5df2945e7d  Faulting application
 path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  Faulting module
 path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome.dll
Report
 Id: 31824322-5a51-11e4-83df-a14e17c98d1f
 
Error - 10/22/2014 9:09:47 PM | Computer Name = Walker-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 37.0.2062.124, time
 stamp: 0x5420d868  Faulting module name: chrome.dll, version: 37.0.2062.124, time
 stamp: 0x5420d5a6  Exception code: 0x80000003  Fault offset: 0x004f49a4  Faulting process
 id: 0x1548  Faulting application start time: 0x01cfee5e0914e094  Faulting application
 path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  Faulting module
 path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome.dll
Report
 Id: 472303df-5a51-11e4-83df-a14e17c98d1f
 
Error - 10/22/2014 9:11:40 PM | Computer Name = Walker-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 37.0.2062.124, time
 stamp: 0x5420d868  Faulting module name: chrome.dll, version: 37.0.2062.124, time
 stamp: 0x5420d5a6  Exception code: 0x80000003  Fault offset: 0x004f49a4  Faulting process
 id: 0x1fc8  Faulting application start time: 0x01cfee5e4c08307c  Faulting application
 path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  Faulting module
 path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome.dll
Report
 Id: 8a92a7f0-5a51-11e4-83df-a14e17c98d1f
 
Error - 10/23/2014 8:25:00 PM | Computer Name = Walker-Laptop | Source = Application Error | ID = 1000
Error - 10/23/2014 8:26:54 PM | Computer Name = Walker-Laptop | Source = Application
 Error | ID = 1000
 
Description = Faulting application name: chrome.exe, version: 37.0.2062.124, time stamp: 0x5420d868
Faulting module name: chrome.dll, version: 37.0.2062.124, time stamp: 0x5420d5a6
Exception code: 0x80000003
Fault offset: 0x004f49a4
Faulting process id: 0x1a00
Faulting application start time: 0x01cfef2135ad8c1a
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome.dll
Report Id: 744a81f6-5b14-11e4-83a3-e0844d684762
Error - 10/24/2014 4:01:56 PM | Computer Name = Walker-Laptop | Source = Application
 Error | ID = 1000
 
Description = Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17344, time stamp: 0x541b6f63
Faulting module name: AdvanceElitebho.dll, version: 1.0.0.3, time stamp: 0x5447b6ee
Exception code: 0xc0000005
Fault offset: 0x00003421
Faulting process id: 0x18c8
Faulting application start time: 0x01cfefc54036fa25
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\Program Files (x86)\AdvanceElite\AdvanceElitebho.dll
Report Id: 9a7c8217-5bb8-11e4-83f2-e9bde6715061
Error - 10/26/2014 3:05:20 PM | Computer Name = Walker-Laptop | Source = Application
 Error | ID = 1000
 
Error - 10/26/2014 3:06:15 PM | Computer Name = Walker-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 37.0.2062.124, time
 stamp: 0x5420d868  Faulting module name: chrome.dll, version: 37.0.2062.124, time
 stamp: 0x5420d5a6  Exception code: 0x80000003  Fault offset: 0x004f49a4  Faulting process
 id: 0x1a74  Faulting application start time: 0x01cff14fe7d3eedf  Faulting application
 path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  Faulting module
 path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome.dll
Report
 Id: 27f60deb-5d43-11e4-aa13-dcb26268b960
 
Error - 10/27/2014 8:10:45 PM | Computer Name = Walker-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17344,
 time stamp: 0x541b6f63  Faulting module name: AdvanceElitebho.dll, version: 1.0.0.3,
 time stamp: 0x5447b6ee  Exception code: 0xc0000005  Fault offset: 0x00003421  Faulting
 process id: 0x4e40  Faulting application start time: 0x01cff2439b744f0b  Faulting application
 path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Faulting module path:
 C:\Program Files (x86)\AdvanceElite\AdvanceElitebho.dll  Report Id: dc846fe0-5e36-11e4-843d-e07df232ab60
 
Error - 10/27/2014 8:54:49 PM | Computer Name = Walker-Laptop | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
 Express\CoziExpress.exe".Error in manifest or policy file "" on line .  A component
 version required by the application conflicts with another component version already
 active.  Conflicting components are:.  Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 10/27/2014 8:54:50 PM | Computer Name = Walker-Laptop | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
 Express\CoziExpress.exe".Error in manifest or policy file "" on line .  A component
 version required by the application conflicts with another component version already
 active.  Conflicting components are:.  Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ System Events ]
Error - 10/27/2014 8:51:14 PM | Computer Name = Walker-Laptop | Source = DCOM | ID = 10016
Description =
 
Error - 10/27/2014 8:55:12 PM | Computer Name = Walker-Laptop | Source = DCOM | ID = 10016
Description =
 
Error - 10/27/2014 8:57:57 PM | Computer Name = Walker-Laptop | Source = DCOM | ID = 10016
Description =
 
Error - 10/27/2014 8:59:01 PM | Computer Name = Walker-Laptop | Source = DCOM | ID = 10016
Description =
 
Error - 10/27/2014 9:10:59 PM | Computer Name = Walker-Laptop | Source = DCOM | ID = 10016
Description =
 
Error - 10/27/2014 9:14:24 PM | Computer Name = Walker-Laptop | Source = DCOM | ID = 10016
Description =
 
Error - 10/27/2014 9:17:58 PM | Computer Name = Walker-Laptop | Source = DCOM | ID = 10016
Description =
 
Error - 10/27/2014 9:18:11 PM | Computer Name = Walker-Laptop | Source = DCOM | ID = 10016
Description =
 
Error - 10/27/2014 9:18:15 PM | Computer Name = Walker-Laptop | Source = DCOM | ID = 10016
Description =
 
Error - 10/27/2014 9:20:29 PM | Computer Name = Walker-Laptop | Source = DCOM | ID = 10016
Description =
 
 
< End of report >
 


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Program Uninstalls and Chrome Extension Removal


Please uninstall the following programs as they are all adware/malware related programs. If you encounter an error during the removal of one of the programs listed, don't worry about it, move on to the next one.
  • AdvanceElite
  • Amazon Browser Bar
  • AVG Secure Search
  • WSE_Astromenda
Please uninstall these programs from IOBit as well. They don't do much to help your system, and we don't recommend any program that says it cleans the registry. Also, the IOBit products come with adware/malware installed in them, despite their statement to the contrary on their website.
  • Advanced SystemCare 4_is1
  • Smart Defrag 3_is1
Remove Chrome Extensions

There are extensions in Chrome that need to be removed, please follow the instructions below to remove them.

Start Chrome and type this into the address bar: chrome:extensions

This will display a page of all the installed extensions. Please remove the extensions listed below by clicking the trash can icon by each one.

If one of the extensions in the list is not shown, don't worry about it, move to the next one.
  • Slick Savings
  • AdvanceElite
  • AVG Security Toolbar
  • Amazon Shopping Assistant by Spigot
  • Ebay Shopping Assistant by Spigot
Step 2: Windows Sidebar Warning and Fix


You have Windows Sidebar running on your machine and it is known to have some security problems. Microsoft Corporation has an article about these issues, and you can read it by clicking here . Please disable it by using Fix It.

You can download Fix It by clicking here.

NOTE: Please make absolutely sure you reboot the machine after performing this step and before proceeding with my next instructions.


Step 3: OTL Fix


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)
  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.
otlrunfix.jpg



:Commands
[createrestorepoint]

:OTL
SRV - [2011/08/09 17:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2014/10/27 19:48:10 | 000,524,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AdvanceElite\bin\utilAdvanceElite.exe -- (Util AdvanceElite)
SRV - [2014/10/27 18:07:26 | 000,123,632 | ---- | M] () [Auto | Running] -- C:\ProgramData\d2446020-ddff-402b-b064-199d2ce66b2b\maintainer.exe -- (MaintainerSvc1.20.7247763)
SRV - [2014/10/26 15:09:33 | 000,523,504 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe -- (Update AdvanceElite)
SRV - [2014/10/21 16:34:22 | 000,990,584 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2014/08/11 11:16:55 | 001,820,184 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe -- (vToolbarUpdater18.1.9)
SRV - [2013/03/21 14:24:12 | 000,222,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe -- (Updater Service for AMZN)
DRV:64bit: - [2014/10/26 10:31:44 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}Gw64.sys -- ({b0c7827f-c845-429a-833b-c2a798fc4fc3}Gw64)
DRV:64bit: - [2014/10/23 12:30:34 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64.sys -- ({f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64)
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1001\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\10.0\iobitappsToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2013-01-19 16:42:07&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://astromenda.co...r=1237709631=
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1003\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\10.0\iobitappsToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1003\..\SearchScopes\{7E031750-8AD7-4ED2-ACB1-E3303FCB5B98}: "URL" = http://astromenda.co...r=1237709631=
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2013-01-19 16:42:07&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1191499748-3630827782-3512929281-1005\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\10.0\iobitappsToolbarIE.dll (Spigot, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49
O2 - BHO: (AdvanceElite) - {3b2cb4c8-72ab-4b25-8fa1-219b36a60bed} - C:\Program Files (x86)\AdvanceElite\AdvanceElitebho.dll (AdvanceElite)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (AlxHelper Class) - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
O3:64bit: - HKLM\..\Toolbar: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\10.0\iobitappsToolbarIE64.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (Amazon Browser Bar) - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Teresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
[2014/10/26 15:07:20 | 000,048,784 | ---- | C] (StdLib) -- C:\windows\SysNative\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}Gw64.sys
[2014/10/23 20:29:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2014/10/23 20:26:03 | 000,048,784 | ---- | C] (StdLib) -- C:\windows\SysNative\drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64.sys
[2014/10/22 21:05:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WSE_Astromenda
[2014/10/19 16:35:08 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\AskPartnerNetwork
[2014/10/19 16:35:04 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork
[2014/10/19 16:35:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AskPartnerNetwork
[2014/10/19 16:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2014/10/27 21:07:00 | 000,000,296 | ---- | M] () -- C:\windows\tasks\UpdaterEX.job
[2014/10/27 21:05:00 | 000,000,296 | ---- | M] () -- C:\windows\tasks\WSE_Astromenda.job
[2014/10/27 19:46:00 | 000,000,350 | ---- | M] () -- C:\windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

:Files
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c
ipconfig /flushdns /c
C:\Program Files (x86)\IObit
C:\Program Files (x86)\IObit\Advanced SystemCare 4
C:\Program Files (x86)\AdvanceElite
C:\Program Files (x86)\Common Files\Spigot
C:\Program Files (x86)\Application Updater
C:\Program Files (x86)\AVG Secure Search
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\Program Files (x86)\Amazon Browser Bar
C:\ProgramData\d2446020-ddff-402b-b064-199d2ce66b2b
C:\WINDOWS\SysNative\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}Gw64.sys
C:\WINDOWS\SysNative\drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64.sys
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbbmldjcnhopjhpifcocnmkooiadpbb
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj

:Commands
[emptytemp]
[resethosts]

  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.
If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Step 4: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 5: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
[b]Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.


OTL Fixlog

Junkware Removal Tool Log

AdwCleaner Log
  • 0

#3
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP