[ridethewave]

This is the new OTL after running the Norton Removal Tool.

 

 

 

All processes killed

========== COMMANDS ==========

System Restore Service not available.

========== OTL ==========

Unable to kill active process DatamngrUI.exe!

Unable to kill active process DatamngrCoordinator.exe!

Error: Unable to stop service DatamngrCoordinator!

Unable to delete service\driver key DatamngrCoordinator.

File move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe scheduled to be moved on reboot.

Error: No service named VIPAppService was found to stop!

Service\Driver key VIPAppService not found.

File C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe not found.

Error: No service named xsnrtsdx was found to stop!

Service\Driver key xsnrtsdx not found.

File C:\Windows\SysNative\drivers\xsnrtsdx.sys not found.

Error: No service named ojcuablt was found to stop!

Service\Driver key ojcuablt not found.

File C:\Windows\SysNative\drivers\ojcuablt.sys not found.

Error: No service named auxuxrdg was found to stop!

Service\Driver key auxuxrdg not found.

File C:\Windows\SysNative\drivers\auxuxrdg.sys not found.

Error: No service named ikgppjzx was found to stop!

Service\Driver key ikgppjzx not found.

File C:\Windows\SysNative\drivers\ikgppjzx.sys not found.

Error: Unable to stop service F06DEFF2-5B9C-490D-910F-35D3A91196222!

Unable to delete service\driver key F06DEFF2-5B9C-490D-910F-35D3A91196222.

File move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\setmgrc1.cfg scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{110a9ea2-8810-4c04-b916-cfd4e9427fec}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] not found.

File C:\Program Files (x86)\Symantec\VIP Access Client\ not found.

Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] not found.

File C:\Program Files (x86)\Symantec\VIP Access Client\ not found.

Folder C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.

File C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected] not found.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}\ not found.

File C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377e5d4d-77e5-476a-8716-7e70a9272da0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{377e5d4d-77e5-476a-8716-7e70a9272da0}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}\ not found.

File C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{377e5d4d-77e5-476a-8716-7e70a9272da0} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{377e5d4d-77e5-476a-8716-7e70a9272da0}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3BBD3C14-4C16-4989-8366-95BC9179779D} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BBD3C14-4C16-4989-8366-95BC9179779D}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DDE87865-83C5-48c4-8357-2F5B1AA84522}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDE87865-83C5-48c4-8357-2F5B1AA84522}\ not found.

Starting removal of ActiveX control {73ECB3AA-4717-450C-A2AB-D00DAD9EE203}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c00060e-f43b-11e3-8d11-e840f28c2101}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c00060e-f43b-11e3-8d11-e840f28c2101}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c00060e-f43b-11e3-8d11-e840f28c2101}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c00060e-f43b-11e3-8d11-e840f28c2101}\ not found.

File J:\LaunchU3.exe -a not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 deleted successfully.

File move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll scheduled to be moved on reboot.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 deleted successfully.

File move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll scheduled to be moved on reboot.

========== FILES ==========

Folder move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr\x64 scheduled to be moved on reboot.

Folder move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr scheduled to be moved on reboot.

Folder move failed. C:\Program Files (x86)\Movies Toolbar scheduled to be moved on reboot.

Folder C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh not found.

File\Folder C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc not found.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Chris\Desktop\cmd.bat deleted successfully.

C:\Users\Chris\Desktop\cmd.txt deleted successfully.

< netsh advfirewall reset /c >

Ok.

C:\Users\Chris\Desktop\cmd.bat deleted successfully.

C:\Users\Chris\Desktop\cmd.txt deleted successfully.

< netsh advfirewall set allprofiles state ON /c >

Ok.

C:\Users\Chris\Desktop\cmd.bat deleted successfully.

C:\Users\Chris\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: All Users

User: Chris

->Temp folder emptied: 20810648 bytes

->Temporary Internet Files folder emptied: 82394012 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 19846895 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 602 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: dub_cm_auto

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 7890 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 117.00 mb

 

OTL by OldTimer - Version 3.2.69.0 log created on 06262014_171524

Files\Folders moved on Reboot...

File move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe scheduled to be moved on reboot.

File move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\setmgrc1.cfg scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

File move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll scheduled to be moved on reboot.

File move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll scheduled to be moved on reboot.

Folder move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr\x64 scheduled to be moved on reboot.

Folder move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr\x64 scheduled to be moved on reboot.

Folder move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr scheduled to be moved on reboot.

Folder move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr\x64 scheduled to be moved on reboot.

Folder move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr scheduled to be moved on reboot.

Folder move failed. C:\Program Files (x86)\Movies Toolbar scheduled to be moved on reboot.

C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

[Advertisements]

Hi,

 

Please look in the C:\_OTL\MovedFiles folder for any files with the 06262014_hhmmss.log name (where the hhmmss would be the hour, minute and second the log was created. So you will be looking for files like C:\_OTL\MovedFiles\06262014_193035.log

Post any files you see plus please get me a current OTL scan.

[godawgs]

Hi,

 

Please look in the C:\_OTL\MovedFiles folder for any files with the 06262014_hhmmss.log name (where the hhmmss would be the hour, minute and second the log was created. So you will be looking for files like C:\_OTL\MovedFiles\06262014_193035.log

Post any files you see plus please get me a current OTL scan.

[ridethewave]

This is the last log

 

 

All processes killed
========== COMMANDS ==========
System Restore Service not available.
========== OTL ==========
Unable to kill active process DatamngrUI.exe!
Unable to kill active process DatamngrCoordinator.exe!
Error: Unable to stop service DatamngrCoordinator!
Unable to delete service\driver key DatamngrCoordinator.
File move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe scheduled to be moved on reboot.
Error: No service named VIPAppService was found to stop!
Service\Driver key VIPAppService not found.
File C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe not found.
Error: No service named xsnrtsdx was found to stop!
Service\Driver key xsnrtsdx not found.
File C:\Windows\SysNative\drivers\xsnrtsdx.sys not found.
Error: No service named ojcuablt was found to stop!
Service\Driver key ojcuablt not found.
File C:\Windows\SysNative\drivers\ojcuablt.sys not found.
Error: No service named auxuxrdg was found to stop!
Service\Driver key auxuxrdg not found.
File C:\Windows\SysNative\drivers\auxuxrdg.sys not found.
Error: No service named ikgppjzx was found to stop!
Service\Driver key ikgppjzx not found.
File C:\Windows\SysNative\drivers\ikgppjzx.sys not found.
Error: Unable to stop service F06DEFF2-5B9C-490D-910F-35D3A91196222!
Unable to delete service\driver key F06DEFF2-5B9C-490D-910F-35D3A91196222.
File move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\setmgrc1.cfg scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{110a9ea2-8810-4c04-b916-cfd4e9427fec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] not found.
File C:\Program Files (x86)\Symantec\VIP Access Client\ not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] not found.
File C:\Program Files (x86)\Symantec\VIP Access Client\ not found.
Folder C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected] not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}\ not found.
File C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377e5d4d-77e5-476a-8716-7e70a9272da0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{377e5d4d-77e5-476a-8716-7e70a9272da0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}\ not found.
File C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{377e5d4d-77e5-476a-8716-7e70a9272da0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{377e5d4d-77e5-476a-8716-7e70a9272da0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3BBD3C14-4C16-4989-8366-95BC9179779D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BBD3C14-4C16-4989-8366-95BC9179779D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DDE87865-83C5-48c4-8357-2F5B1AA84522}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDE87865-83C5-48c4-8357-2F5B1AA84522}\ not found.
Starting removal of ActiveX control {73ECB3AA-4717-450C-A2AB-D00DAD9EE203}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe\ not found.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe\ not found.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe\ not found.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe\ not found.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe\ not found.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe\ not found.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe\ not found.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip\ not found.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe\ not found.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe\ not found.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe\ not found.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe\ not found.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe\ not found.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe\ not found.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe\ not found.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe\ not found.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe\ not found.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe\ not found.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe\ not found.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro\ not found.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera\ not found.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe\ not found.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe\ not found.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image%2

[ridethewave]

Sorry for the dupilcate, my computer showed that the first post did not save.

 

 

All processes killed

========== COMMANDS ==========

System Restore Service not available.

========== OTL ==========

Unable to kill active process DatamngrUI.exe!

Unable to kill active process DatamngrCoordinator.exe!

Error: Unable to stop service DatamngrCoordinator!

Unable to delete service\driver key DatamngrCoordinator.

File move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe scheduled to be moved on reboot.

Error: No service named VIPAppService was found to stop!

Service\Driver key VIPAppService not found.

File C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe not found.

Error: No service named xsnrtsdx was found to stop!

Service\Driver key xsnrtsdx not found.

File C:\Windows\SysNative\drivers\xsnrtsdx.sys not found.

Error: No service named ojcuablt was found to stop!

Service\Driver key ojcuablt not found.

File C:\Windows\SysNative\drivers\ojcuablt.sys not found.

Error: No service named auxuxrdg was found to stop!

Service\Driver key auxuxrdg not found.

File C:\Windows\SysNative\drivers\auxuxrdg.sys not found.

Error: No service named ikgppjzx was found to stop!

Service\Driver key ikgppjzx not found.

File C:\Windows\SysNative\drivers\ikgppjzx.sys not found.

Error: Unable to stop service F06DEFF2-5B9C-490D-910F-35D3A91196222!

Unable to delete service\driver key F06DEFF2-5B9C-490D-910F-35D3A91196222.

File move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\setmgrc1.cfg scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{110a9ea2-8810-4c04-b916-cfd4e9427fec}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] not found.

File C:\Program Files (x86)\Symantec\VIP Access Client\ not found.

Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] not found.

File C:\Program Files (x86)\Symantec\VIP Access Client\ not found.

Folder C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.

File C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected] not found.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}\ not found.

File C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377e5d4d-77e5-476a-8716-7e70a9272da0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{377e5d4d-77e5-476a-8716-7e70a9272da0}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}\ not found.

File C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{377e5d4d-77e5-476a-8716-7e70a9272da0} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{377e5d4d-77e5-476a-8716-7e70a9272da0}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3BBD3C14-4C16-4989-8366-95BC9179779D} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BBD3C14-4C16-4989-8366-95BC9179779D}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DDE87865-83C5-48c4-8357-2F5B1AA84522}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDE87865-83C5-48c4-8357-2F5B1AA84522}\ not found.

Starting removal of ActiveX control {73ECB3AA-4717-450C-A2AB-D00DAD9EE203}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe\ not found.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe\ not found.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c00060e-f43b-11e3-8d11-e840f28c2101}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c00060e-f43b-11e3-8d11-e840f28c2101}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c00060e-f43b-11e3-8d11-e840f28c2101}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c00060e-f43b-11e3-8d11-e840f28c2101}\ not found.

File J:\LaunchU3.exe -a not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 deleted successfully.

File move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll scheduled to be moved on reboot.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 deleted successfully.

File move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll scheduled to be moved on reboot.

========== FILES ==========

Folder move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr\x64 scheduled to be moved on reboot.

Folder move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr scheduled to be moved on reboot.

Folder move failed. C:\Program Files (x86)\Movies Toolbar scheduled to be moved on reboot.

Folder C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh not found.

File\Folder C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc not found.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Chris\Desktop\cmd.bat deleted successfully.

C:\Users\Chris\Desktop\cmd.txt deleted successfully.

< netsh advfirewall reset /c >

Ok.

C:\Users\Chris\Desktop\cmd.bat deleted successfully.

C:\Users\Chris\Desktop\cmd.txt deleted successfully.

< netsh advfirewall set allprofiles state ON /c >

Ok.

C:\Users\Chris\Desktop\cmd.bat deleted successfully.

C:\Users\Chris\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: All Users

User: Chris

->Temp folder emptied: 20810648 bytes

->Temporary Internet Files folder emptied: 82394012 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 19846895 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 602 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: dub_cm_auto

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 7890 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 117.00 mb

 

OTL by OldTimer - Version 3.2.69.0 log created on 06262014_171524

Files\Folders moved on Reboot...

File move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe scheduled to be moved on reboot.

File move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\setmgrc1.cfg scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.

File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.

File move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll scheduled to be moved on reboot.

File move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll scheduled to be moved on reboot.

Folder move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr\x64 scheduled to be moved on reboot.

Folder move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr\x64 scheduled to be moved on reboot.

Folder move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr scheduled to be moved on reboot.

Folder move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr\x64 scheduled to be moved on reboot.

Folder move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr scheduled to be moved on reboot.

Folder move failed. C:\Program Files (x86)\Movies Toolbar scheduled to be moved on reboot.

C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

Edited by ridethewave, 27 June 2014 - 06:35 AM.

[godawgs]

Thanks for the log.

 

Step-1.
OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the box in OTL. To do that:

• Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
rpcss.dll
/md5stop
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C

2. Re-open on the desktop. To do that:

• Vista / 7 Users: Right click on the icon and click Run as Administrator)

Make sure all other windows are closed.

• You will see a console like the one below:
  
  
• Click the box beside Scan All Users at the top of the console
• Click the box beside Include 64bit Scans at the top of the console.
• Make sure the Output box at the top is set to Standard Output.
• Check the boxes beside LOP Check and Purity Check.
• Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
• Click the button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted.
• When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
• Please copy the contents of this file and paste it into your reply. To do that:
• On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
• Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The new OTL.txt log

[ridethewave]

 OTL logfile created on: 6/27/2014 9:34:54 AM - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Chris\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17126)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

7.91 Gb Total Physical Memory | 7.01 Gb Available Physical Memory | 88.70% Memory free

15.82 Gb Paging File | 14.52 Gb Available in Paging File | 91.79% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 914.76 Gb Total Space | 773.58 Gb Free Space | 84.57% Space Free | Partition Type: NTFS

Drive D: | 16.66 Gb Total Space | 2.05 Gb Free Space | 12.30% Space Free | Partition Type: NTFS

 

Computer Name: CHRIS-HP | User Name: Chris | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/06/24 14:27:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe

PRC - [2014/05/12 04:11:01 | 003,584,000 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe

PRC - [2014/05/12 04:10:54 | 003,544,064 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe

PRC - [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

 

========== Modules (No Company Name) ==========

 

MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2014/05/30 02:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2010/10/11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)

SRV - [2014/06/05 21:38:37 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2014/05/14 06:14:23 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/05/12 04:10:54 | 003,544,064 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe -- (DatamngrCoordinator)

SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2012/03/20 00:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2011/09/28 16:18:02 | 000,212,944 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)

SRV - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)

SRV - [2011/08/03 07:55:11 | 002,656,536 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2011/08/03 07:54:41 | 000,326,424 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2014/06/24 15:33:07 | 000,423,240 | ---- | M] (AVAST Software) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\boqiyubl.sys -- (boqiyubl)

DRV:64bit: - [2013/10/01 19:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/12/06 09:42:12 | 002,350,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)

DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/04/09 18:36:16 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)

DRV:64bit: - [2012/04/09 18:10:05 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2012/04/09 18:10:05 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2012/03/20 00:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/11/30 03:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011/09/19 01:02:35 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2011/09/14 03:35:45 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/08/03 07:51:56 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2014/05/12 04:10:55 | 000,036,216 | ---- | M] (Bandoo Media Inc.) [Kernel | System | Running] -- C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\setmgrc1.cfg -- (F06DEFF2-5B9C-490D-910F-35D3A91196222)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

========== Standard Registry (SafeList) ==========

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF

IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}

IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF

IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

IE - HKU\S-1-5-21-1450463833-1716714491-3263300153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKU\S-1-5-21-1450463833-1716714491-3263300153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.c...TF-8&gws_rd=ssl

IE - HKU\S-1-5-21-1450463833-1716714491-3263300153-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-1450463833-1716714491-3263300153-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKU\S-1-5-21-1450463833-1716714491-3263300153-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GGNI_enUS487

IE - HKU\S-1-5-21-1450463833-1716714491-3263300153-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.c...F-8&gws_rd=ssl"

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

 

[2014/06/26 15:21:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions

[2014/06/26 16:28:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\extensions

[2014/06/26 16:28:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions

[2014/06/26 16:08:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\w24xywz3.default\extensions

[2014/06/26 15:21:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[2014/06/26 15:21:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome  ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.co...client&ie=UTF-8

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll

CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll

CHR - Extension: Google Docs = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2014/06/18 16:00:38 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-21-1450463833-1716714491-3263300153-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-21-1450463833-1716714491-3263300153-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)

O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsu...oad/tgctlsr.cab (SupportSoft Script Runner Class)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1189782-F148-430E-B2B0-8C873FF7D3A6}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O36 - AppCertDlls: x64 - (c:\program files (x86)\movies toolbar\datamngr\x64\apcrtldr.dll) - c:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll ()

O36 - AppCertDlls: x86 - (c:\program files (x86)\movies toolbar\datamngr\apcrtldr.dll) - c:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll ()

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

CREATERESTOREPOINT

System Restore Service not available.

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/06/26 15:21:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2014/06/26 15:21:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2014/06/25 20:18:51 | 000,000,000 | ---D | C] -- C:\_OTL

[2014/06/24 15:33:07 | 000,423,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\boqiyubl.sys

[2014/06/24 14:27:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe

[2014/06/22 21:06:18 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\ElevatedDiagnostics

[2014/06/22 10:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2014/06/21 19:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy

[2014/06/21 19:18:43 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy

[2014/06/20 14:19:56 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Adobe

[2014/06/19 06:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2014/06/18 16:05:15 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2014/06/18 16:04:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2

[2014/06/18 13:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

[2014/06/14 17:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com

[2014/06/14 15:53:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hp

[2014/06/14 08:37:31 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\FixPrinterProblems

[2014/06/14 08:36:29 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Stuff

[2014/06/12 17:27:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\x64

[2014/06/12 14:59:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D6BED4A5-FD6C-4A9A-B8D1-8E326FBE0645}

[2014/06/12 14:59:10 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1601A01C-D3E6-4F1B-AF31-DB7FC4C12F56}

[2014/06/11 21:51:29 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

[2014/06/11 15:08:02 | 000,439,296 | ---- | C] (Sendori) -- C:\Windows\SysNative\plsapp64.dll

[2014/06/11 15:07:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\DVDVideoSoft

[2014/06/11 14:58:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{5E6E88AC-2CF6-4364-A55E-1AC5EB0BD596}

[2014/06/11 14:55:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Trista

[2014/06/10 19:31:41 | 000,000,000 | ---D | C] -- C:\Windows\System\x64

[2014/06/10 15:05:53 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll

[2014/06/10 15:05:44 | 000,288,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS

[2014/06/10 15:05:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll

[2014/06/10 15:05:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll

[2014/06/10 15:05:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll

[2014/06/10 15:05:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll

[2014/06/10 15:05:14 | 003,178,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll

[2014/06/10 15:05:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll

[2014/06/10 15:05:10 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll

[2014/06/10 15:05:10 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2014/06/10 15:05:10 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll

[2014/06/10 15:05:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll

[2014/06/10 15:05:10 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll

[2014/06/10 15:05:10 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll

[2014/06/10 15:05:09 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2014/06/10 15:05:09 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2014/06/10 15:05:09 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll

[2014/06/10 15:05:09 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2014/06/10 15:05:09 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe

[2014/06/10 15:05:09 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2014/06/10 15:05:09 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2014/06/10 15:05:09 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll

[2014/06/10 15:05:08 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2014/06/10 15:05:08 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2014/06/10 15:05:08 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2014/06/10 15:05:07 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll

[2014/06/10 15:05:07 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2014/06/10 15:05:07 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2014/06/10 15:05:07 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll

[2014/06/10 15:05:07 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2014/06/10 15:05:07 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2014/06/10 15:05:07 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2014/06/10 15:05:06 | 005,782,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2014/06/10 15:05:06 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll

[2014/06/10 15:05:06 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll

[2014/06/10 15:05:06 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2014/06/10 15:05:06 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2014/06/10 15:05:06 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2014/06/10 15:05:05 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe

[2014/06/10 15:05:05 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2014/06/10 15:05:05 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll

[2014/06/10 15:03:53 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll

[2014/06/10 15:03:53 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll

[2014/06/09 18:22:44 | 000,000,000 | ---D | C] -- C:\RegBackup

[2014/06/09 16:47:16 | 000,000,000 | ---D | C] -- C:\CAT-Logs

[2014/06/09 16:15:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Installer Clean Up

[2014/06/09 15:57:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com

[2014/06/08 20:46:05 | 000,741,480 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM5C12.dll

[2014/06/08 16:03:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group

[2014/06/07 17:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2014/06/07 17:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2014/06/07 17:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2014/06/07 17:06:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2014/06/07 17:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[2014/06/05 14:35:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\QuickScan

[2014/06/05 14:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartPCScan

[2014/06/04 21:50:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrickHouse

[2014/06/04 21:50:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrickHouse

[2014/06/01 20:19:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{E96472EE-EC82-4BF5-B3B5-8DCA7B8EF26B}

[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2014/06/27 09:33:00 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/06/27 09:33:00 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/06/27 09:31:55 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2014/06/27 09:31:55 | 000,650,642 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2014/06/27 09:31:55 | 000,118,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2014/06/27 09:30:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/06/27 09:23:21 | 2073,964,543 | -HS- | M] () -- C:\hiberfil.sys

[2014/06/26 15:21:18 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2014/06/24 15:33:07 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\boqiyubl.sys

[2014/06/24 14:27:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe

[2014/06/24 13:53:46 | 000,002,150 | ---- | M] () -- C:\Windows\epplauncher.mif

[2014/06/21 05:37:03 | 000,550,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2014/06/18 16:06:41 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk

[2014/06/18 16:00:38 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2014/06/18 15:58:27 | 000,782,470 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2014/06/18 15:45:58 | 000,002,165 | ---- | M] () -- C:\Users\Chris\Desktop\Tweaking.com - Windows Repair (All in One).lnk

[2014/06/14 18:13:21 | 000,010,230 | ---- | M] () -- C:\Users\Chris\Documents\cc_20140614_181314.reg

[2014/06/14 16:57:35 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_137

[2014/06/14 14:44:57 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_681

[2014/06/14 05:54:08 | 000,010,868 | ---- | M] () -- C:\Users\Chris\Documents\cc_20140614_055402.reg

[2014/06/13 21:44:07 | 000,676,910 | ---- | M] () -- C:\Users\Chris\Desktop\BusinessCardREI_edited-4.psd

[2014/06/13 18:46:45 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_269

[2014/06/13 16:53:35 | 000,176,992 | ---- | M] () -- C:\Users\Chris\Documents\cc_20140613_165328.reg

[2014/06/13 13:44:29 | 000,802,526 | ---- | M] () -- C:\Users\Chris\Documents\cc_20140613_134417.reg

[2014/06/12 21:14:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2014/06/12 15:04:32 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT

[2014/06/10 21:06:05 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_278

[2014/06/10 20:29:56 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_91

[2014/06/10 20:00:01 | 000,028,640 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) -- C:\Windows\SysNative\DriveCleanup.exe

[2014/06/09 19:02:04 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_498

[2014/06/09 18:43:16 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-CHRIS-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat

[2014/06/08 02:13:05 | 000,506,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll

[2014/06/08 02:08:04 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll

[2014/06/07 17:06:23 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2014/06/06 11:27:10 | 000,015,456 | ---- | M] () -- C:\Users\Chris\Documents\cc_20140606_112706.reg

[2014/05/30 03:02:09 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll

[2014/05/30 02:39:43 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2014/05/30 02:39:23 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2014/05/30 02:38:29 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll

[2014/05/30 02:27:57 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2014/05/30 02:24:28 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2014/05/30 02:21:23 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2014/05/30 02:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe

[2014/05/30 02:20:36 | 000,752,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll

[2014/05/30 02:11:24 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe

[2014/05/30 02:08:22 | 005,782,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2014/05/30 02:06:42 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll

[2014/05/30 01:55:36 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll

[2014/05/30 01:49:21 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll

[2014/05/30 01:46:48 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2014/05/30 01:44:23 | 000,295,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll

[2014/05/30 01:43:06 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2014/05/30 01:42:16 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll

[2014/05/30 01:35:44 | 000,608,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2014/05/30 01:33:48 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2014/05/30 01:30:43 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2014/05/30 01:29:31 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2014/05/30 01:28:33 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2014/05/30 01:27:56 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll

[2014/05/30 01:24:19 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll

[2014/05/30 01:23:22 | 002,040,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2014/05/30 01:10:46 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll

[2014/05/30 01:06:06 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2014/05/30 01:04:20 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2014/05/30 00:50:09 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll

[2014/05/30 00:49:38 | 001,964,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2014/05/30 00:13:47 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2014/05/30 00:13:09 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2014/06/26 15:21:18 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2014/06/26 15:21:18 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2014/06/22 10:46:48 | 000,002,150 | ---- | C] () -- C:\Windows\epplauncher.mif

[2014/06/21 05:36:53 | 000,550,784 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2014/06/18 15:45:58 | 000,002,165 | ---- | C] () -- C:\Users\Chris\Desktop\Tweaking.com - Windows Repair (All in One).lnk

[2014/06/18 13:23:23 | 000,002,010 | ---- | C] () -- C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk

[2014/06/14 18:13:19 | 000,010,230 | ---- | C] () -- C:\Users\Chris\Documents\cc_20140614_181314.reg

[2014/06/14 15:53:33 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk

[2014/06/14 05:54:06 | 000,010,868 | ---- | C] () -- C:\Users\Chris\Documents\cc_20140614_055402.reg

[2014/06/13 16:53:30 | 000,176,992 | ---- | C] () -- C:\Users\Chris\Documents\cc_20140613_165328.reg

[2014/06/13 13:44:23 | 000,802,526 | ---- | C] () -- C:\Users\Chris\Documents\cc_20140613_134417.reg

[2014/06/09 18:43:16 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-CHRIS-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat

[2014/06/09 16:15:36 | 000,002,853 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk

[2014/06/07 17:06:22 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2014/06/06 11:27:08 | 000,015,456 | ---- | C] () -- C:\Users\Chris\Documents\cc_20140606_112706.reg

[2013/12/11 22:02:47 | 000,000,000 | ---- | C] () -- C:\ProgramData\Nature

[2013/12/11 22:02:47 | 000,000,000 | ---- | C] () -- C:\ProgramData\Jazz

[2013/06/27 07:09:23 | 000,049,640 | ---- | C] () -- C:\Windows\SysWow64\MyDefrag.dat

[2013/06/26 13:55:34 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

[2013/04/03 17:35:03 | 001,083,149 | ---- | C] () -- C:\Users\Chris\AppData\Local\census.cache

[2013/04/03 17:35:00 | 000,112,127 | ---- | C] () -- C:\Users\Chris\AppData\Local\ars.cache

[2013/04/03 17:29:27 | 000,000,036 | ---- | C] () -- C:\Users\Chris\AppData\Local\housecall.guid.cache

[2013/02/09 21:59:03 | 000,000,268 | RH-- | C] () -- C:\Users\Chris\AppData\Roaming\MIDI Configurations

[2013/02/09 21:59:03 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Machines

[2013/02/09 21:58:42 | 000,000,268 | RH-- | C] () -- C:\ProgramData\MIDI Patch Names

[2013/02/09 21:58:42 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Mail

[2013/02/09 21:58:20 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Organs

[2013/02/09 21:58:20 | 000,000,268 | RH-- | C] () -- C:\Users\Chris\AppData\Roaming\Nature Sounds

[2013/02/09 21:58:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLeo.DAT

[2012/09/27 15:09:01 | 000,000,268 | RH-- | C] () -- C:\Users\Chris\AppData\Roaming\MIDI Devices

[2012/09/27 15:09:01 | 000,000,268 | RH-- | C] () -- C:\Users\Chris\AppData\Roaming\MAS

[2012/09/27 15:09:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT

[2012/09/27 15:09:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT

[2012/09/27 15:09:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT

[2012/06/29 05:54:48 | 000,000,089 | ---- | C] () -- C:\Users\Chris\AppData\Local\msmathematics.qat.Chris

[2012/06/27 14:31:48 | 000,178,853 | ---- | C] () -- C:\Windows\hpwins14.dat.temp

[2012/06/27 14:02:54 | 000,218,182 | ---- | C] () -- C:\Windows\hpwins14.dat

[2012/06/27 14:02:54 | 000,000,411 | ---- | C] () -- C:\Windows\hpwmdl14.dat

[2012/06/22 06:10:12 | 000,007,628 | ---- | C] () -- C:\Users\Chris\AppData\Local\resmon.resmoncfg

 

========== ZeroAccess Check ==========

 

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 19:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 19:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = c:\windows\syswow64\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2013/03/19 07:28:41 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\AnvSoft

[2013/03/10 17:16:56 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\AVICFeeds

[2014/01/04 15:49:52 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\chc

[2012/07/08 16:11:40 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2014/04/18 14:59:13 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\com.nikonimagespace.uploader

[2012/06/26 07:06:14 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Digiarty

[2014/03/09 08:57:13 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\eM Client

[2012/06/27 13:16:27 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\enchant

[2013/09/17 20:26:52 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Flexrise

[2012/12/17 10:40:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Flexrise.9F3FBFC56E7DF11606748B3513468A7A7FB809D1.1

[2014/03/28 12:17:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leadertech

[2012/10/05 17:17:08 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Nikon

[2013/06/09 13:21:30 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Nuance

[2013/06/09 13:39:00 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Nuclear Coffee

[2014/06/11 16:39:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenCandy

[2012/06/28 05:18:53 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PowerISO

[2014/06/05 14:35:37 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\QuickScan

[2012/07/17 05:49:59 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Softland

[2014/06/09 13:46:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\WildTangent

[2012/06/05 16:26:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\WinBatch

[2013/01/23 17:18:04 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Windows Live Writer

[2013/06/09 08:24:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Zeon

========== Purity Check ==========

 

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

 

< MD5 for: RPCSS.DLL  >

[2010/11/20 20:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll

[2010/11/20 20:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll

 

< c:\program files (x86)\Google\Desktop >

[2009/07/13 22:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

[2009/07/13 22:08:49 | 000,032,606 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2013/06/29 06:40:21 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< c:\program files\Google\Desktop >

< dir "%systemdrive%\*" /S /A:L /C >

Volume in drive C is OS

Volume Serial Number is AA8C-4363

Directory of C:\

07/13/2009  10:08 PM    <JUNCTION>     Documents and Settings [..]

               0 File(s)              0 bytes

Directory of C:\ProgramData

07/13/2009  10:08 PM    <JUNCTION>     Application Data [..]

07/13/2009  10:08 PM    <JUNCTION>     Desktop [..]

07/13/2009  10:08 PM    <JUNCTION>     Documents [..]

07/13/2009  10:08 PM    <JUNCTION>     Favorites [..]

07/13/2009  10:08 PM    <JUNCTION>     Start Menu [..]

07/13/2009  10:08 PM    <JUNCTION>     Templates [..]

               0 File(s)              0 bytes

Directory of C:\Users

07/13/2009  10:08 PM    <SYMLINKD>     All Users [C:\ProgramData]

07/13/2009  10:08 PM    <JUNCTION>     Default User [..]

               0 File(s)              0 bytes

Directory of C:\Users\Administrator

06/14/2014  03:42 PM    <JUNCTION>     Application Data [..]

06/14/2014  03:42 PM    <JUNCTION>     Cookies [..]

06/14/2014  03:42 PM    <JUNCTION>     Local Settings [..]

06/14/2014  03:42 PM    <JUNCTION>     My Documents [..]

06/14/2014  03:42 PM    <JUNCTION>     NetHood [..]

06/14/2014  03:42 PM    <JUNCTION>     PrintHood [..]

06/14/2014  03:42 PM    <JUNCTION>     Recent [..]

06/14/2014  03:42 PM    <JUNCTION>     SendTo [..]

06/14/2014  03:42 PM    <JUNCTION>     Start Menu [..]

06/14/2014  03:42 PM    <JUNCTION>     Templates [..]

               0 File(s)              0 bytes

Directory of C:\Users\Administrator\AppData\Local

06/14/2014  03:42 PM    <JUNCTION>     Application Data [..]

06/14/2014  03:42 PM    <JUNCTION>     History [..]

06/14/2014  03:42 PM    <JUNCTION>     Temporary Internet Files [..]

               0 File(s)              0 bytes

Directory of C:\Users\Administrator\Documents

06/14/2014  03:42 PM    <JUNCTION>     My Music [..]

06/14/2014  03:42 PM    <JUNCTION>     My Pictures [..]

06/14/2014  03:42 PM    <JUNCTION>     My Videos [..]

               0 File(s)              0 bytes

Directory of C:\Users\All Users

07/13/2009  10:08 PM    <JUNCTION>     Application Data [..]

07/13/2009  10:08 PM    <JUNCTION>     Desktop [..]

07/13/2009  10:08 PM    <JUNCTION>     Documents [..]

07/13/2009  10:08 PM    <JUNCTION>     Favorites [..]

07/13/2009  10:08 PM    <JUNCTION>     Start Menu [..]

07/13/2009  10:08 PM    <JUNCTION>     Templates [..]

               0 File(s)              0 bytes

Directory of C:\Users\Chris

06/04/2012  12:20 PM    <JUNCTION>     Application Data [..]

06/04/2012  12:20 PM    <JUNCTION>     Cookies [..]

06/04/2012  12:20 PM    <JUNCTION>     Local Settings [..]

06/04/2012  12:20 PM    <JUNCTION>     My Documents [..]

06/04/2012  12:20 PM    <JUNCTION>     NetHood [..]

06/04/2012  12:20 PM    <JUNCTION>     PrintHood [..]

06/04/2012  12:20 PM    <JUNCTION>     Recent [..]

06/04/2012  12:20 PM    <JUNCTION>     SendTo [..]

06/04/2012  12:20 PM    <JUNCTION>     Start Menu [..]

06/04/2012  12:20 PM    <JUNCTION>     Templates [..]

               0 File(s)              0 bytes

Directory of C:\Users\Chris\AppData\Local

06/04/2012  12:20 PM    <JUNCTION>     Application Data [..]

06/04/2012  12:20 PM    <JUNCTION>     History [..]

06/04/2012  12:20 PM    <JUNCTION>     Temporary Internet Files [..]

               0 File(s)              0 bytes

Directory of C:\Users\Chris\AppData\LocalLow

06/06/2012  07:09 AM    <JUNCTION>     PlayReady [C:\ProgramData\Microsoft\PlayReady]

               0 File(s)              0 bytes

Directory of C:\Users\Chris\Documents

06/04/2012  12:20 PM    <JUNCTION>     My Music [..]

06/04/2012  12:20 PM    <JUNCTION>     My Pictures [..]

06/04/2012  12:20 PM    <JUNCTION>     My Videos [..]

               0 File(s)              0 bytes

Directory of C:\Users\Default

07/13/2009  10:08 PM    <JUNCTION>     Application Data [..]

07/13/2009  10:08 PM    <JUNCTION>     Cookies [..]

07/13/2009  10:08 PM    <JUNCTION>     Local Settings [..]

07/13/2009  10:08 PM    <JUNCTION>     My Documents [..]

07/13/2009  10:08 PM    <JUNCTION>     NetHood [..]

07/13/2009  10:08 PM    <JUNCTION>     PrintHood [..]

07/13/2009  10:08 PM    <JUNCTION>     Recent [..]

07/13/2009  10:08 PM    <JUNCTION>     SendTo [..]

07/13/2009  10:08 PM    <JUNCTION>     Start Menu [..]

07/13/2009  10:08 PM    <JUNCTION>     Templates [..]

               0 File(s)              0 bytes

Directory of C:\Users\Default\AppData\Local

07/13/2009  10:08 PM    <JUNCTION>     Application Data [..]

07/13/2009  10:08 PM    <JUNCTION>     History [..]

07/13/2009  10:08 PM    <JUNCTION>     Temporary Internet Files [..]

               0 File(s)              0 bytes

Directory of C:\Users\Default\Documents

07/13/2009  10:08 PM    <JUNCTION>     My Music [..]

07/13/2009  10:08 PM    <JUNCTION>     My Pictures [..]

07/13/2009  10:08 PM    <JUNCTION>     My Videos [..]

               0 File(s)              0 bytes

Directory of C:\Users\Public\Documents

07/13/2009  10:08 PM    <JUNCTION>     My Music [..]

07/13/2009  10:08 PM    <JUNCTION>     My Pictures [..]

07/13/2009  10:08 PM    <JUNCTION>     My Videos [..]

               0 File(s)              0 bytes

Directory of C:\Windows\System32\config\systemprofile

09/27/2012  03:09 PM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]

09/27/2012  03:09 PM    <JUNCTION>     Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]

09/27/2012  03:09 PM    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]

09/27/2012  03:09 PM    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]

09/27/2012  03:09 PM    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

09/27/2012  03:09 PM    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

09/27/2012  03:09 PM    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]

09/27/2012  03:09 PM    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]

09/27/2012  03:09 PM    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]

09/27/2012  03:09 PM    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]

               0 File(s)              0 bytes

Directory of C:\Windows\System32\config\systemprofile\AppData\Local

09/27/2012  03:09 PM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]

09/27/2012  03:09 PM    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]

09/27/2012  03:09 PM    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]

               0 File(s)              0 bytes

Directory of C:\Windows\System32\config\systemprofile\Documents

09/27/2012  03:09 PM    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]

09/27/2012  03:09 PM    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]

09/27/2012  03:09 PM    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]

               0 File(s)              0 bytes

Directory of C:\Windows\SysWOW64\config\systemprofile

09/27/2012  03:09 PM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]

09/27/2012  03:09 PM    <JUNCTION>     Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]

09/27/2012  03:09 PM    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]

09/27/2012  03:09 PM    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]

09/27/2012  03:09 PM    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

09/27/2012  03:09 PM    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

09/27/2012  03:09 PM    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]

09/27/2012  03:09 PM    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]

09/27/2012  03:09 PM    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]

09/27/2012  03:09 PM    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]

               0 File(s)              0 bytes

Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local

09/27/2012  03:09 PM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]

09/27/2012  03:09 PM    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]

09/27/2012  03:09 PM    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]

               0 File(s)              0 bytes

Directory of C:\Windows\SysWOW64\config\systemprofile\Documents

09/27/2012  03:09 PM    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]

09/27/2012  03:09 PM    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]

09/27/2012  03:09 PM    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]

               0 File(s)              0 bytes

     Total Files Listed:

               0 File(s)              0 bytes

              99 Dir(s)  829,649,600,512 bytes free

< End of report >

[ridethewave]

OTL logfile created on: 6/27/2014 9:52:35 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Chris\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 6.36 Gb Available Physical Memory | 80.41% Memory free
15.82 Gb Paging File | 13.99 Gb Available in Paging File | 88.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.76 Gb Total Space | 772.67 Gb Free Space | 84.47% Space Free | Partition Type: NTFS
Drive D: | 16.66 Gb Total Space | 2.05 Gb Free Space | 12.30% Space Free | Partition Type: NTFS

Computer Name: CHRIS-HP | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/06/24 14:27:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2014/06/05 21:38:12 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/05/12 04:11:01 | 003,584,000 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe
PRC - [2014/05/12 04:10:54 | 003,544,064 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
PRC - [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2014/06/05 21:38:46 | 003,852,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/05/12 04:10:59 | 000,020,480 | ---- | M] () -- c:\Program Files (x86)\Movies Toolbar\Datamngr\mgrldr.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/05/30 02:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/10/11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2014/06/05 21:38:37 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/14 06:14:23 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/12 04:10:54 | 003,544,064 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe -- (DatamngrCoordinator)
SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/03/20 00:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011/09/28 16:18:02 | 000,212,944 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011/08/03 07:55:11 | 002,656,536 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/08/03 07:54:41 | 000,326,424 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/06/24 15:33:07 | 000,423,240 | ---- | M] (AVAST Software) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\boqiyubl.sys -- (boqiyubl)
DRV:64bit: - [2013/10/01 19:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/06 09:42:12 | 002,350,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/09 18:36:16 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2012/04/09 18:10:05 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/04/09 18:10:05 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/03/20 00:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/30 03:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/09/19 01:02:35 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2011/09/14 03:35:45 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/03 07:51:56 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/05/12 04:10:55 | 000,036,216 | ---- | M] (Bandoo Media Inc.) [Kernel | System | Running] -- C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\setmgrc1.cfg -- (F06DEFF2-5B9C-490D-910F-35D3A91196222)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.c...TF-8&gws_rd=ssl
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GGNI_enUS487
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.c...F-8&gws_rd=ssl"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

[2014/06/26 15:21:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2014/06/26 16:28:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\extensions
[2014/06/26 16:28:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2014/06/26 16:08:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\w24xywz3.default\extensions
[2014/06/26 15:21:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/06/26 15:21:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome  ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.co...client&ie=UTF-8
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/06/18 16:00:38 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsu...oad/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1189782-F148-430E-B2B0-8C873FF7D3A6}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: x64 - (c:\program files (x86)\movies toolbar\datamngr\x64\apcrtldr.dll) - c:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll ()
O36 - AppCertDlls: x86 - (c:\program files (x86)\movies toolbar\datamngr\apcrtldr.dll) - c:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll ()
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/06/26 15:21:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/06/26 15:21:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/06/25 20:18:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/24 15:33:07 | 000,423,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\boqiyubl.sys
[2014/06/24 14:27:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2014/06/22 21:06:18 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\ElevatedDiagnostics
[2014/06/22 10:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/06/21 19:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2014/06/21 19:18:43 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2014/06/20 14:19:56 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Adobe
[2014/06/19 06:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/06/18 16:05:15 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/06/18 16:04:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2014/06/18 13:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2014/06/14 17:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/06/14 15:53:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hp
[2014/06/14 08:37:31 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\FixPrinterProblems
[2014/06/14 08:36:29 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Stuff
[2014/06/12 17:27:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\x64
[2014/06/12 14:59:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D6BED4A5-FD6C-4A9A-B8D1-8E326FBE0645}
[2014/06/12 14:59:10 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1601A01C-D3E6-4F1B-AF31-DB7FC4C12F56}
[2014/06/11 21:51:29 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/06/11 15:08:02 | 000,439,296 | ---- | C] (Sendori) -- C:\Windows\SysNative\plsapp64.dll
[2014/06/11 15:07:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\DVDVideoSoft
[2014/06/11 14:58:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{5E6E88AC-2CF6-4364-A55E-1AC5EB0BD596}
[2014/06/11 14:55:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Trista
[2014/06/10 19:31:41 | 000,000,000 | ---D | C] -- C:\Windows\System\x64
[2014/06/10 15:05:53 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2014/06/10 15:05:44 | 000,288,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2014/06/10 15:05:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2014/06/10 15:05:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2014/06/10 15:05:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/06/10 15:05:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/06/10 15:05:14 | 003,178,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2014/06/10 15:05:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2014/06/10 15:05:10 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/06/10 15:05:10 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/06/10 15:05:10 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/06/10 15:05:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/06/10 15:05:10 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/06/10 15:05:10 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/06/10 15:05:09 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/06/10 15:05:09 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/06/10 15:05:09 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/06/10 15:05:09 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/06/10 15:05:09 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/06/10 15:05:09 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/06/10 15:05:09 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/06/10 15:05:09 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/06/10 15:05:08 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/06/10 15:05:08 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/06/10 15:05:08 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/06/10 15:05:07 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/06/10 15:05:07 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/06/10 15:05:07 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/06/10 15:05:07 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/06/10 15:05:07 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/06/10 15:05:07 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/06/10 15:05:07 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/06/10 15:05:06 | 005,782,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/06/10 15:05:06 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/06/10 15:05:06 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/06/10 15:05:06 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/06/10 15:05:06 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/06/10 15:05:06 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/06/10 15:05:05 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/06/10 15:05:05 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/06/10 15:05:05 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/06/10 15:03:53 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/06/10 15:03:53 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/06/09 18:22:44 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/06/09 16:47:16 | 000,000,000 | ---D | C] -- C:\CAT-Logs
[2014/06/09 16:15:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Installer Clean Up
[2014/06/09 15:57:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014/06/08 20:46:05 | 000,741,480 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM5C12.dll
[2014/06/08 16:03:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/06/07 17:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/06/07 17:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/06/07 17:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/06/07 17:06:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/06/07 17:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/06/05 14:35:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\QuickScan
[2014/06/05 14:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartPCScan
[2014/06/04 21:50:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrickHouse
[2014/06/04 21:50:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrickHouse
[2014/06/01 20:19:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{E96472EE-EC82-4BF5-B3B5-8DCA7B8EF26B}
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/06/27 09:33:00 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/27 09:33:00 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/27 09:31:55 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/27 09:31:55 | 000,650,642 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/27 09:31:55 | 000,118,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/27 09:30:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/27 09:23:21 | 2073,964,543 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/26 15:21:18 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/24 15:33:07 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\boqiyubl.sys
[2014/06/24 14:27:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2014/06/24 13:53:46 | 000,002,150 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/06/21 05:37:03 | 000,550,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/06/18 16:06:41 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
[2014/06/18 16:00:38 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/06/18 15:58:27 | 000,782,470 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/06/18 15:45:58 | 000,002,165 | ---- | M] () -- C:\Users\Chris\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2014/06/14 18:13:21 | 000,010,230 | ---- | M] () -- C:\Users\Chris\Documents\cc_20140614_181314.reg
[2014/06/14 16:57:35 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_137
[2014/06/14 14:44:57 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_681
[2014/06/14 05:54:08 | 000,010,868 | ---- | M] () -- C:\Users\Chris\Documents\cc_20140614_055402.reg
[2014/06/13 21:44:07 | 000,676,910 | ---- | M] () -- C:\Users\Chris\Desktop\BusinessCardREI_edited-4.psd
[2014/06/13 18:46:45 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_269
[2014/06/13 16:53:35 | 000,176,992 | ---- | M] () -- C:\Users\Chris\Documents\cc_20140613_165328.reg
[2014/06/13 13:44:29 | 000,802,526 | ---- | M] () -- C:\Users\Chris\Documents\cc_20140613_134417.reg
[2014/06/12 21:14:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/12 15:04:32 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2014/06/10 21:06:05 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_278
[2014/06/10 20:29:56 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_91
[2014/06/10 20:00:01 | 000,028,640 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) -- C:\Windows\SysNative\DriveCleanup.exe
[2014/06/09 19:02:04 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_498
[2014/06/09 18:43:16 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-CHRIS-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/06/08 02:13:05 | 000,506,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/06/08 02:08:04 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/06/07 17:06:23 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/06/06 11:27:10 | 000,015,456 | ---- | M] () -- C:\Users\Chris\Documents\cc_20140606_112706.reg
[2014/05/30 03:02:09 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/05/30 02:39:43 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/05/30 02:39:23 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/05/30 02:38:29 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/05/30 02:27:57 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/05/30 02:24:28 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/05/30 02:21:23 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/05/30 02:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/05/30 02:20:36 | 000,752,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/05/30 02:11:24 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/05/30 02:08:22 | 005,782,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/05/30 02:06:42 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/05/30 01:55:36 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/05/30 01:49:21 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/05/30 01:46:48 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/30 01:44:23 | 000,295,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/05/30 01:43:06 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/05/30 01:42:16 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/05/30 01:35:44 | 000,608,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/05/30 01:33:48 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/05/30 01:30:43 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/05/30 01:29:31 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/05/30 01:28:33 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/05/30 01:27:56 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/05/30 01:24:19 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/05/30 01:23:22 | 002,040,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/05/30 01:10:46 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/05/30 01:06:06 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/05/30 01:04:20 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/30 00:50:09 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/05/30 00:49:38 | 001,964,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/05/30 00:13:47 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/05/30 00:13:09 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/06/26 15:21:18 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/06/26 15:21:18 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/22 10:46:48 | 000,002,150 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/06/21 05:36:53 | 000,550,784 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/06/18 15:45:58 | 000,002,165 | ---- | C] () -- C:\Users\Chris\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2014/06/18 13:23:23 | 000,002,010 | ---- | C] () -- C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
[2014/06/14 18:13:19 | 000,010,230 | ---- | C] () -- C:\Users\Chris\Documents\cc_20140614_181314.reg
[2014/06/14 15:53:33 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2014/06/14 05:54:06 | 000,010,868 | ---- | C] () -- C:\Users\Chris\Documents\cc_20140614_055402.reg
[2014/06/13 16:53:30 | 000,176,992 | ---- | C] () -- C:\Users\Chris\Documents\cc_20140613_165328.reg
[2014/06/13 13:44:23 | 000,802,526 | ---- | C] () -- C:\Users\Chris\Documents\cc_20140613_134417.reg
[2014/06/09 18:43:16 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-CHRIS-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/06/09 16:15:36 | 000,002,853 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk
[2014/06/07 17:06:22 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/06/06 11:27:08 | 000,015,456 | ---- | C] () -- C:\Users\Chris\Documents\cc_20140606_112706.reg
[2013/12/11 22:02:47 | 000,000,000 | ---- | C] () -- C:\ProgramData\Nature
[2013/12/11 22:02:47 | 000,000,000 | ---- | C] () -- C:\ProgramData\Jazz
[2013/06/27 07:09:23 | 000,049,640 | ---- | C] () -- C:\Windows\SysWow64\MyDefrag.dat
[2013/06/26 13:55:34 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/04/03 17:35:03 | 001,083,149 | ---- | C] () -- C:\Users\Chris\AppData\Local\census.cache
[2013/04/03 17:35:00 | 000,112,127 | ---- | C] () -- C:\Users\Chris\AppData\Local\ars.cache
[2013/04/03 17:29:27 | 000,000,036 | ---- | C] () -- C:\Users\Chris\AppData\Local\housecall.guid.cache
[2013/02/09 21:59:03 | 000,000,268 | RH-- | C] () -- C:\Users\Chris\AppData\Roaming\MIDI Configurations
[2013/02/09 21:59:03 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Machines
[2013/02/09 21:58:42 | 000,000,268 | RH-- | C] () -- C:\ProgramData\MIDI Patch Names
[2013/02/09 21:58:42 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Mail
[2013/02/09 21:58:20 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Organs
[2013/02/09 21:58:20 | 000,000,268 | RH-- | C] () -- C:\Users\Chris\AppData\Roaming\Nature Sounds
[2013/02/09 21:58:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLeo.DAT
[2012/09/27 15:09:01 | 000,000,268 | RH-- | C] () -- C:\Users\Chris\AppData\Roaming\MIDI Devices
[2012/09/27 15:09:01 | 000,000,268 | RH-- | C] () -- C:\Users\Chris\AppData\Roaming\MAS
[2012/09/27 15:09:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012/09/27 15:09:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012/09/27 15:09:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012/06/29 05:54:48 | 000,000,089 | ---- | C] () -- C:\Users\Chris\AppData\Local\msmathematics.qat.Chris
[2012/06/27 14:31:48 | 000,178,853 | ---- | C] () -- C:\Windows\hpwins14.dat.temp
[2012/06/27 14:02:54 | 000,218,182 | ---- | C] () -- C:\Windows\hpwins14.dat
[2012/06/27 14:02:54 | 000,000,411 | ---- | C] () -- C:\Windows\hpwmdl14.dat
[2012/06/22 06:10:12 | 000,007,628 | ---- | C] () -- C:\Users\Chris\AppData\Local\resmon.resmoncfg

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 19:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 19:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\syswow64\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

[godawgs]

Thanks. The OTL fix didn't remove the MovieToolbar so we will try it again.
There is only one file that I see left from the Avast antivirus failed installation. We will remove it. But you don't have any antivirus protection on the system now. So I would recommend that you disconnect this computer from the internet until we get a antivirus program installed and running. Hopefully that will be right after this fix.
In the meantime, only reconnect the internet connection to come here and read my replies and download any tools we may need. Then disconnect the internet connection and run them.

The last OTL scan shows that the Windows Sidebar is running. We will get to that.

There are also some data, .dat, files related to the hp printer still on the machine. These may have something to do with the printer installation issues so we will rename those files.

Your System Restore isn't working. We will get to that, but you are going to need to install a program and back up the registry until we do.

You also didn't answer my question about the BrickHouse program that I asked earlier.

Let's download the Registry backup program, install it and back the registry up.

 

Download Tweking.com Registry Backup and Backup the Registry:

Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
 

• Please download the installer for Registry Backup from  one of the links below and save it to the desktop :
  
  Link 1 Click the Download Now button.
  Link 2 Click one of the Download buttons under Installer
• Right click the tweaking.com_registry_backup_setup.exe file to install the program and select Run as Administrator
• Follow the prompts for a default installation
• Ensure the option Open "Tweaking.com - Registry Backup"  When Install Completes is selected. Click  Next > then Finish
• The GUI(graphical user interface) should open with the Backup Registry tab selected and all options checked (see the image below)

• Click on Backup Now to create a backup of the Registry.
• While the backup is being created you will see a screen similar to the one below ...
  
  
• When completed you should see a message saying something like ... Successful 12/12 Registry Files Backed Up ... (the number of files may vary)
  
  
• This means you have successfully backed up your Registry, and you can now exit out of the program.
• Close Tweaking.com - Registry Backup

Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.
A tutorial for Registry Backup explaining the various features can be viewed here

 

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.

1. Let me know when you have backed up the registry,

2. Answer my question about the BrickHouse program. Do you know what it is?

[ridethewave]

The BrickHouse progrram is a mini security camera I have.

 

 

The registry backup is complete.

Edited by ridethewave, 27 June 2014 - 02:08 PM.

[godawgs]

Thanks for the information.

Step-1.
Windows Sidebar Advice

Your log shows Windows sidebar running. I recommend that you disable the sidebar.

Microsoft has discovered a security vulnerability in Windows Sidebar and Gadgets. If you are not aware of this, Windows Sidebar(gadgets) has the potential to compromise the security of a machine it is running on as mentioned here. So it would be best to disable this feature.

Download the Disable Windows Sidebar and Gadgets Fix-it on this page to your desktop.

Once downloaded, double-click on MicrosoftFixit50906.msi >> follow the prompts >> reboot your machine if not advised to do so.


Step-2.
OTL Fix

Please close all open windows and browsers
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:OTL
PRC - [2014/05/12 04:11:01 | 003,584,000 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe
PRC - [2014/05/12 04:10:54 | 003,544,064 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
MOD - [2014/05/12 04:10:59 | 000,020,480 | ---- | M] () -- c:\Program Files (x86)\Movies Toolbar\Datamngr\mgrldr.dll
SRV - [2014/05/12 04:10:54 | 003,544,064 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe -- (DatamngrCoordinator)
DRV:64bit: - [2014/06/24 15:33:07 | 000,423,240 | ---- | M] (AVAST Software) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\boqiyubl.sys -- (boqiyubl)
DRV - [2014/05/12 04:10:55 | 000,036,216 | ---- | M] (Bandoo Media Inc.) [Kernel | System | Running] -- C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\setmgrc1.cfg -- (F06DEFF2-5B9C-490D-910F-35D3A91196222)
O36 - AppCertDlls: x64 - (c:\program files (x86)\movies toolbar\datamngr\x64\apcrtldr.dll) - c:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll ()
O36 - AppCertDlls: x86 - (c:\program files (x86)\movies toolbar\datamngr\apcrtldr.dll) - c:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll ()
[2014/06/22 10:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

:REG
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2247C94B-D49F-4CBA-8F43-F6E72FC7D9DA}" = -
"{F66FD08F-5DF8-440C-866A-E16F2D3D4BFF}" = -

 

:FILES

C:\Program Files (x86)\Movies Toolbar

:COMMANDS
[emptytemp]

Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open on your desktop. To do that:

• Vista and 7 users: Right click the icon and click Run as Administrator

3. Place the mouse pointer inside the textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-3.
AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.
Or here.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

• Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  You will see the following console:
  
  
• Click the Scan button and wait for the scan to finish.
• After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Please Please don't delete anything at this time.
• Click the Report button to get the log.
• Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
• Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.

1. The OTL fixes log

2. The AdwCleaner[R0].txt log

[ridethewave]

Windows Sidebar and Gadgets fix had to be done in safe mode.

 

 

All processes killed

========== OTL ==========

Unable to kill active process DatamngrUI.exe!

Unable to kill active process DatamngrCoordinator.exe!

Error: Unable to stop service DatamngrCoordinator!

Unable to delete service\driver key DatamngrCoordinator.

File move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe scheduled to be moved on reboot.

Service boqiyubl stopped successfully!

Service boqiyubl deleted successfully!

C:\Windows\SysNative\drivers\boqiyubl.sys moved successfully.

Error: Unable to stop service F06DEFF2-5B9C-490D-910F-35D3A91196222!

Unable to delete service\driver key F06DEFF2-5B9C-490D-910F-35D3A91196222.

File move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\setmgrc1.cfg scheduled to be moved on reboot.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 deleted successfully.

File move failed. c:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll scheduled to be moved on reboot.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 deleted successfully.

File move failed. c:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll scheduled to be moved on reboot.

C:\ProgramData\AVAST Software\Persistent Data\Avast\Logs folder moved successfully.

C:\ProgramData\AVAST Software\Persistent Data\Avast folder moved successfully.

C:\ProgramData\AVAST Software\Persistent Data folder moved successfully.

C:\ProgramData\AVAST Software folder moved successfully.

File EY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] not found.

File ptytemp] not found.

 

OTL by OldTimer - Version 3.2.69.0 log created on 06272014_194009

 

Files\Folders moved on Reboot...

File move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe scheduled to be moved on reboot.

File move failed. C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\setmgrc1.cfg scheduled to be moved on reboot.

File move failed. c:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll scheduled to be moved on reboot.

File move failed. c:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll scheduled to be moved on reboot.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

[ridethewave]

# AdwCleaner v3.213 - Report created 27/06/2014 at 19:53:50
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Chris - CHRIS-HP
# Running from : C:\Users\Chris\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : DatamngrCoordinator
Service Found : F06DEFF2-5B9C-490D-910F-35D3A91196222

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\0\user.js
File Found : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xc1cftgh.default\user.js
File Found : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
File Found : C:\Windows\System32\Tasks\BrowserSafeguard Update Task
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Movies Toolbar
Folder Found : C:\Program Files (x86)\Search Results Toolbar
Folder Found : C:\Program Files (x86)\TornTV.com
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Barowasse2saave
Folder Found : C:\ProgramData\BitGuard
Folder Found : C:\ProgramData\Breowase22save
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\ProgramData\BrowserProtect
Folder Found : C:\ProgramData\Conduit
Folder Found : C:\ProgramData\DataMngr
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browsersafeguard
Folder Found : C:\ProgramData\SoftSafe
Folder Found : C:\ProgramData\wincert
Folder Found : C:\Users\Administrator\AppData\LocalLow\DataMngr
Folder Found : C:\Users\Chris\AppData\Local\Conduit
Folder Found : C:\Users\Chris\AppData\Local\PackageAware
Folder Found : C:\Users\Chris\AppData\LocalLow\Barowasse2saave
Folder Found : C:\Users\Chris\AppData\LocalLow\Breowase22save
Folder Found : C:\Users\Chris\AppData\LocalLow\Conduit
Folder Found : C:\Users\Chris\AppData\LocalLow\DataMngr
Folder Found : C:\Users\Chris\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Chris\AppData\Roaming\OpenCandy

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\APN DTX
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SweetIM
Key Found : [x64] HKCU\Software\1ClickDownload
Key Found : [x64] HKCU\Software\APN DTX
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\DataMngr_Toolbar
Key Found : [x64] HKCU\Software\IGearSettings
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKCU\Software\PIP
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\SweetIM
Key Found : HKLM\Software\BrowserSafeGuard
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Found : HKLM\Software\iLividSRTB
Key Found : HKLM\Software\Iminent
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\SweetIM
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Key Found : [x64] HKLM\SOFTWARE\DataMngr
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Found : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x86]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]

[ File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\w24xywz3.default\prefs.js ]

[ File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xc1cftgh.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Found [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Found [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Found [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Found [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Found [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
Found [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

*************************

AdwCleaner[R0].txt - [8160 octets] - [27/06/2014 19:53:50]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8220 octets] ##########

[godawgs]

Thanks for the logs and info. OTL still didn't get the Datamngr Movies Toolbar. There were a couple of services hiding. We will use AdCleaner to kill the bugger. And another junkware removal tool to double check. If all goes well with running those tools, I want you to see if an antivirus program can install. We will use Microsoft Security Essentials for the moment. After we have made sure an antivirus program will install and cleaned everything up, you can uninstall MSE and install the antivirus program of your choice. Or just stick with MSE.

There is a good bit to do here so take your time. And if you have any questions, stop and ask.


Step-1.
Programs to Download

Microsoft Security Essentials

• Click here to go to the Microsoft Security Essentials download page.
• Click the download now button.
• Download the mseinstall.exe file and save it to the desktop.

Junkware Ramoval Tool

• Click here to go to the bleepingcomputer Junkware Removal Tool download page.
• Click the Download now button.
• Download the JRT.exe file and save it to the desktop.

 

Step-2.
Re-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner

• Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
• Click the Scan button and wait for the scan to complete.
• When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
• Click the Clean button.
• Everything checked will be deleted.
• When the program has finished cleaning a report appears.
• Once done it will ask to reboot, allow this
  
  
• On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

 

Step-3.
Scan with JRT:

• Right click the JRT icon   and click Run as Administrator to run the application.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

NOTE: Reboot the machine and ensure that all security software is now enabled.

 

Step-4.
Install MSSE

• Right click the mseinstall.exe file and click Run as Administrator to start the application.
• Follow the on screen prompts to install MSE.

 

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The AdwCleaner[S0].txt log
2. The JRT.txt log
3. Let me know if the Microsoft Security Essentials antivirus program installed successfully.

[ridethewave]

MSE did not install:   Cannot complete the Security Essentials installation.

                                 An error has prevented the security essentials setup wizard from completing successfulley.  Error Code:  0x80070643

 

 

Blow is the log you asked for.  Waiting to here from you before I go any further.

 

 

 

# AdwCleaner v3.213 - Report created 28/06/2014 at 08:34:26
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Chris - CHRIS-HP
# Running from : C:\Users\Chris\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : DatamngrCoordinator
[#] Service Deleted : F06DEFF2-5B9C-490D-910F-35D3A91196222

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
[#] Folder Deleted : C:\ProgramData\BitGuard
Folder Deleted : C:\ProgramData\Browser Manager
[#] Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\Conduit
[!] Folder Deleted : C:\ProgramData\DataMngr
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\ProgramData\wincert
Folder Deleted : C:\ProgramData\Barowasse2saave
Folder Deleted : C:\ProgramData\Breowase22save
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browsersafeguard
Folder Deleted : C:\Program Files (x86)\Conduit
[!] Folder Deleted : C:\Program Files (x86)\Movies Toolbar
Folder Deleted : C:\Program Files (x86)\Search Results Toolbar
Folder Deleted : C:\Program Files (x86)\TornTV.com
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Chris\AppData\Local\Conduit
Folder Deleted : C:\Users\Chris\AppData\Local\PackageAware
Folder Deleted : C:\Users\Chris\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Chris\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Chris\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Chris\AppData\LocalLow\Barowasse2saave
Folder Deleted : C:\Users\Chris\AppData\LocalLow\Breowase22save
Folder Deleted : C:\Users\Chris\AppData\Roaming\OpenCandy
File Deleted : C:\END
File Deleted : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\0\user.js
File Deleted : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xc1cftgh.default\user.js
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
File Deleted : C:\Windows\System32\Tasks\BrowserSafeguard Update Task

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\BrowserSafeGuard
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\iLividSRTB
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]

[ File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\w24xywz3.default\prefs.js ]

[ File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xc1cftgh.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

*************************

AdwCleaner[R0].txt - [8376 octets] - [27/06/2014 19:53:50]
AdwCleaner[R1].txt - [8436 octets] - [28/06/2014 08:33:54]
AdwCleaner[S0].txt - [7728 octets] - [28/06/2014 08:34:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7788 octets] ##########

[godawgs]

Please run the Junkware Removal Tool and post the log.