Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Trojan virus


(!)

OCD's Avatar
OCD OCD is offline OCD is authorized to help remove malware.
Malware Removal Specialist with 273 posts.
 
Join Date: Sep 2012
Location: Florida
23-May-2013, 12:10 AM #16
Hi LindaStough,

Quote:
Thank you for not giving up on me.
You're doing fine.

1. Run OTL.exe

Windows Vista and Windows 7 users Right Click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code:
    :OTL
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCE665DD-F6DD-4808-968E-EAEC971F70EF} - No CLSID value found.
    
    :Files
    C:\Program Files (x86)\AVG\AVG10
    
    :Services
    AVG Security Toolbar Service
    
    :Commands
    [purity]
    [createrestorepoint]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

=========================

2. Folder Information

Can you tell me anything about this folder?
C:\! 130423 1321

=========================

In your next post please provide the following:

  • OTL fix log
  • Fresh OTL.txt log
  • Information about the folder
  • How is the computer running?
LindaStough's Avatar
LindaStough   (Linda) LindaStough is offline
Computer Specs
Member with 127 posts.
THREAD STARTER
 
Join Date: May 2013
Location: Canyon Lake, Texas
Experience: Beginner
23-May-2013, 07:54 AM #17
I ran OTL.exe but did not check the LOP and Purity. When I looked at the instructions, I saw your note not to run them this time and didn't realize it was referring to the second run. The log did not say OTL. As for the file 130423 1321. I have no idea. When I am making a lot of revisions in a day, I will copy the previous with just the date and time. If it is one of those from April, I don't need it. I don't know how it got saved to C. It should have been on the desktop or one of my files.

Do you want me to re-rum OTL.exe with the LOP and Purity checked?

This is what I got the first time.

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCE665DD-F6DD-4808-968E-EAEC971F70EF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCE665DD-F6DD-4808-968E-EAEC971F70EF}\ not found.
========== FILES ==========
C:\Program Files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\components folder moved successfully.
C:\Program Files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin folder moved successfully.
C:\Program Files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\icons\default folder moved successfully.
C:\Program Files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\icons folder moved successfully.
C:\Program Files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\libs folder moved successfully.
C:\Program Files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\Languages folder moved successfully.
C:\Program Files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html folder moved successfully.
C:\Program Files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content folder moved successfully.
C:\Program Files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome folder moved successfully.
C:\Program Files (x86)\AVG\AVG10\Toolbar.old\Firefox\avg@igeared folder moved successfully.
C:\Program Files (x86)\AVG\AVG10\Toolbar.old\Firefox folder moved successfully.
C:\Program Files (x86)\AVG\AVG10\Toolbar.old folder moved successfully.
C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox folder moved successfully.
C:\Program Files (x86)\AVG\AVG10\Toolbar folder moved successfully.
C:\Program Files (x86)\AVG\AVG10 folder moved successfully.
========== SERVICES/DRIVERS ==========
Service AVG Security Toolbar Service stopped successfully!
Service AVG Security Toolbar Service deleted successfully!
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Linda
->Temp folder emptied: 40293210 bytes
->Temporary Internet Files folder emptied: 9313194 bytes
->Java cache emptied: 2227496 bytes
->FireFox cache emptied: 91615045 bytes
->Flash cache emptied: 3173 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14412871 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows \Temporary Internet Files folder emptied: 42354285 bytes
RecycleBin emptied: 8866403 bytes

Total Files Cleaned = 199.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05232013_073654

Files\Folders moved on Reboot...
File move failed. C:\Users\Linda\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
File\Folder C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{EBFF9803-642D-495A-BCE8-0091FB011A8B}.tmp not found!
File move failed. C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
LindaStough's Avatar
LindaStough   (Linda) LindaStough is offline
Computer Specs
Member with 127 posts.
THREAD STARTER
 
Join Date: May 2013
Location: Canyon Lake, Texas
Experience: Beginner
23-May-2013, 07:58 AM #18
This is the name of the file I sent 05232013_073654
LindaStough's Avatar
LindaStough   (Linda) LindaStough is offline
Computer Specs
Member with 127 posts.
THREAD STARTER
 
Join Date: May 2013
Location: Canyon Lake, Texas
Experience: Beginner
23-May-2013, 09:02 AM #19
By the way - I haven't noticed a difference in the speed of my computer. It is still painfully slow. I did, however get the sound back. I had it on the computer but not when I played videos. Now I have both.
OCD's Avatar
OCD OCD is offline OCD is authorized to help remove malware.
Malware Removal Specialist with 273 posts.
 
Join Date: Sep 2012
Location: Florida
23-May-2013, 09:17 AM #20
Hi LindaStough,

That first log you posted was the OTL fix log, thank you that helps.

Quote:
This is the name of the file I sent 05232013_073654
Could you clarify this statement? You sent it where?

Quote:
I haven't noticed a difference in the speed of my computer. It is still painfully slow.
We'll see what we can do once the malware is cleaned up.

1. Run OTL.exe

Windows Vista and Windows 7 users Right Click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code:
    :Files
    C:\! 130423 1321
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

=========================

In your next post please provide the following:

  • OTL fix log
  • Fresh OTL.txt log
  • Any remaining issues we haven't addressed yet?
LindaStough's Avatar
LindaStough   (Linda) LindaStough is offline
Computer Specs
Member with 127 posts.
THREAD STARTER
 
Join Date: May 2013
Location: Canyon Lake, Texas
Experience: Beginner
23-May-2013, 11:29 AM #21
This is the name of the file I sent 05232013_073654- To clarify - That was the name of the OTL file I sent you.

The Fix I just ran was 0523213_110238. It looks like the Fix log is listed by time.

========== FILES ==========
File\Folder C:\! 130423 1321 not found.

OTL by OldTimer - Version 3.2.69.0 log created on 05232013_110238

This is the Scan log

OTL logfile created on: 5/23/2013 11:09:14 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Linda\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 50.97% Memory free
7.49 Gb Paging File | 5.68 Gb Available in Paging File | 75.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.79 Gb Total Space | 121.04 Gb Free Space | 55.32% Space Free | Partition Type: NTFS

Computer Name: DESTY | User Name: Linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Linda\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Linda\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
PRC - C:\Users\Linda\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Speeding Software\SpeedyComputer\SPPCSmartScan.exe (Speeding Software Inc)
PRC - C:\Program Files (x86)\Speeding Software\SpeedyComputer\SPPCReminder.exe (Speeding Software Inc)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmon.exe ()
PRC - C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmsdmon.exe ()
PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Linda\AppData\Roaming\Spotify\Data\libcef.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089 \System.Windows.Forms.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\Syste m.Drawing.dll ()
MOD - C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xm l.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a \System.Configuration.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmon.exe ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmsdmon.exe ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\app4r.monitor.core.dll ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\app4r.monitor.common.dll ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.dll ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdndrs.dll ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnscw.dll ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Access ibility.dll ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdncaps.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdncnv4.dll ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdndatr.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (MotoHelper) -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()
DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (motccgp) -- C:\Windows\SysNative\drivers\motccgp.sys (Motorola)
DRV:64bit: - (motmodem) -- C:\Windows\SysNative\drivers\motmodem.sys (Motorola)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdserd) -- C:\Windows\SysNative\drivers\sscdserd.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (Motousbnet) -- C:\Windows\SysNative\drivers\Motousbnet.sys (Motorola)
DRV:64bit: - (motusbdevice) -- C:\Windows\SysNative\drivers\motusbdevice.sys (Motorola Inc)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (motccgpfl) -- C:\Windows\SysNative\drivers\motccgpfl.sys (Motorola)
DRV:64bit: - (BTCFilterService) -- C:\Windows\SysNative\drivers\motfilt.sys (Motorola Inc)
DRV:64bit: - (MotoSwitchService) -- C:\Windows\SysNative\drivers\motswch.sys (Motorola)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/en/index.php?rvs=hompag
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{1FC0236A-0AF9-4B3F-8093-123948130575}: "URL" = http://downloads.phpnuke.org/en/index.php?rvs=hompag
IE - HKLM\..\SearchScopes\{CF4CC076-72AE-4286-A122-A503227B718B}: "URL" = http://downloads.phpnuke.org/en/index.php?rvs=hompag
IE - HKLM\..\SearchScopes\{FB74C8BF-9286-47FC-9D66-ED713432DF2E}: "URL" = http://downloads.phpnuke.org/en/index.php?rvs=hompag

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{1FC0236A-0AF9-4B3F-8093-123948130575}: "URL" = http://downloads.phpnuke.org/en/index.php?rvs=hompag
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searc---- | M] (Broadcom Corporation)
IE - HKCU\..\SearchScopes\{6D7C3717-97CB-443E-AE38-372D74A2FD4E}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{CF4CC076-72AE-4286-A122-A503227B718B}: "URL" = http://downloads.phpnuke.org/en/index.php?rvs=hompag
IE - HKCU\..\SearchScopes\{FB74C8BF-9286-47FC-9D66-ED713432DF2E}: "URL" = http://downloads.phpnuke.org/en/index.php?rvs=hompag
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..backup.old.browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B003e1c8f-ebd6-f074-7551-4b31c0f547ec%7D:1.300.436
FF - prefs.js..extensions.enabledAddons: ConsumerInput%40Compete:11722
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..extensions.enabledItems: ConsumerInput@Compete:8477
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Linda\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2013/05/14 09:13:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/07 19:03:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/17 08:45:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/17 08:45:03 | 000,000,000 | ---D | M]

[2011/02/28 07:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Extensions
[2013/05/22 22:16:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\v3e8s1lt.default\ex tensions
[2013/04/17 12:19:28 | 000,293,806 | ---- | M] () (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\v3e8s1lt.default\ex tensions\ConsumerInput@Compete.xpi
[2013/03/07 22:28:49 | 000,555,727 | ---- | M] () (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\v3e8s1lt.default\ex tensions\{003e1c8f-ebd6-f074-7551-4b31c0f547ec}.xpi
[2013/05/17 08:45:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/17 08:45:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [lxdnamon] C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnamon.exe ()
O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmon.exe ()
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [SpeedyComputer] C:\Program Files (x86)\Speeding Software\SpeedyComputer\SPPCLauncher.exe (Speeding Software Inc)
O4 - HKCU..\Run: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe" File not found
O4 - HKCU..\Run: [Spotify] C:\Users\Linda\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Linda\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 216.177.160.35 216.177.160.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF110CCB-1B7E-4607-8F07-4898D92E2312}: DhcpNameServer = 192.168.2.1 192.168.2.1 216.177.160.35 216.177.160.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F155DD59-0A2E-4DF7-B466-405901E5C5E2}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{08956cd3-b5fb-11e0-a186-1c7508416a31}\Shell - "" = AutoRun
O33 - MountPoints2\{08956cd3-b5fb-11e0-a186-1c7508416a31}\Shell\AutoRun\command - "" = E:\TLBootstrap_WPP.exe
O33 - MountPoints2\{08956d23-b5fb-11e0-a186-1c7508416a31}\Shell - "" = AutoRun
O33 - MountPoints2\{08956d23-b5fb-11e0-a186-1c7508416a31}\Shell\AutoRun\command - "" = E:\TLBootstrap_WPP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/23 08:00:57 | 000,000,000 | ---D | C] -- C:\Users\Linda\Desktop\130518 Tech Guys
[2013/05/23 07:59:29 | 000,000,000 | ---D | C] -- C:\Users\Linda\Desktop\130523 0800 Tech Guys
[2013/05/23 07:58:27 | 000,000,000 | ---D | C] -- C:\Users\Linda\Desktop\130522 Tech Guys
[2013/05/23 07:36:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/22 22:12:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/05/22 22:11:25 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/22 19:16:06 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/22 19:16:06 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/05/22 19:16:06 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/05/22 19:16:06 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/05/22 19:16:06 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/05/22 19:16:06 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/05/22 19:16:06 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/05/22 19:16:06 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/22 19:16:06 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/05/22 19:16:06 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/05/22 19:16:06 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/22 19:16:06 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/05/22 19:16:06 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/22 19:16:06 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/05/22 19:16:06 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/22 19:16:06 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/05/22 19:16:06 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/05/22 19:16:06 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/22 19:16:06 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/05/22 19:16:06 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/05/22 19:16:06 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/05/22 19:16:06 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/05/22 19:16:06 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/05/22 19:16:06 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/05/22 19:16:06 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/05/22 19:16:06 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/05/22 19:16:06 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/05/22 19:16:06 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/05/22 19:16:06 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/05/22 19:16:06 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/05/22 19:16:06 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/05/22 19:16:06 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/05/22 19:16:06 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/05/22 19:16:06 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/05/22 19:16:06 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/05/22 19:16:06 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/05/22 19:16:06 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/05/22 19:16:06 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/05/22 19:16:06 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/05/22 19:16:06 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/05/22 19:16:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/05/22 19:16:06 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/05/22 19:16:06 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/05/22 19:16:06 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/05/22 19:16:06 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/05/22 19:16:06 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/05/22 19:16:06 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/05/22 19:16:06 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/05/22 19:16:06 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/05/22 19:16:06 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/05/22 19:16:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/22 19:16:06 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/05/22 19:16:06 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/05/22 19:16:06 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/05/22 19:16:06 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/05/22 19:16:06 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/05/22 19:16:06 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/05/22 19:16:06 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/05/22 19:16:06 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/05/22 19:16:06 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/05/22 19:16:06 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/05/22 19:16:06 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/05/22 19:16:06 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/05/22 19:16:06 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/05/22 19:16:06 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/05/22 19:16:06 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/05/22 19:16:06 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/05/22 19:16:06 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/05/21 06:55:19 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\SpeedyComputer
[2013/05/21 06:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speeding Software
[2013/05/21 06:51:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Speeding Software
[2013/05/21 06:43:27 | 000,000,000 | ---D | C] -- C:\Users\Linda\Desktop\rkill
[2013/05/18 15:07:49 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\ISL Online Cache
[2013/05/17 10:58:03 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\LavasoftStatistics
[2013/05/17 10:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/05/17 10:09:27 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/05/17 08:45:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/05/16 16:45:18 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\SlimWare Utilities Inc
[2013/05/16 16:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
[2013/05/16 16:45:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverUpdate
[2013/05/16 16:45:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2013/05/15 09:51:10 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/05/15 09:51:10 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/05/15 09:51:09 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/05/15 09:51:09 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/05/15 08:58:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013/05/15 08:36:22 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/05/15 08:36:22 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/05/14 09:13:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Standalone LinkScanner
[2013/04/23 13:21:40 | 000,000,000 | ---D | C] -- C:\! 130423 1321

========== Files - Modified Within 30 Days ==========

[2013/05/23 11:12:15 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/23 11:12:15 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/23 11:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/23 11:04:59 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/23 11:04:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/23 11:04:42 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/23 10:31:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/23 07:26:26 | 002,446,362 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/23 07:26:26 | 000,746,218 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/23 07:26:26 | 000,005,358 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/22 22:05:25 | 000,015,712 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013/05/22 21:49:14 | 000,061,792 | ---- | M] () -- C:\Users\Linda\Desktop\District-55-Calendar-of-dates-for-2012-2013_update1202.pdf
[2013/05/22 19:16:06 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/22 19:16:06 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/05/22 19:16:06 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/05/22 19:16:06 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/05/22 19:16:06 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/05/22 19:16:06 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/05/22 19:16:06 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/05/22 19:16:06 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/22 19:16:06 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/05/22 19:16:06 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/05/22 19:16:06 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/22 19:16:06 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/05/22 19:16:06 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/22 19:16:06 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/05/22 19:16:06 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/22 19:16:06 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/05/22 19:16:06 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/05/22 19:16:06 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/22 19:16:06 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/05/22 19:16:06 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/05/22 19:16:06 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/05/22 19:16:06 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/05/22 19:16:06 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/05/22 19:16:06 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/05/22 19:16:06 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/05/22 19:16:06 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/05/22 19:16:06 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/05/22 19:16:06 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/05/22 19:16:06 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/05/22 19:16:06 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/05/22 19:16:06 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/05/22 19:16:06 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/05/22 19:16:06 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/05/22 19:16:06 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/05/22 19:16:06 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/05/22 19:16:06 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/05/22 19:16:06 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/05/22 19:16:06 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/05/22 19:16:06 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/05/22 19:16:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/05/22 19:16:06 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/05/22 19:16:06 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/05/22 19:16:06 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/05/22 19:16:06 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/05/22 19:16:06 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/05/22 19:16:06 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/05/22 19:16:06 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/05/22 19:16:06 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/05/22 19:16:06 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/05/22 19:16:06 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/05/22 19:16:06 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/22 19:16:06 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/05/22 19:16:06 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/05/22 19:16:06 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/05/22 19:16:06 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/05/22 19:16:06 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/05/22 19:16:06 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/05/22 19:16:06 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/05/22 19:16:06 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/05/22 19:16:06 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/05/22 19:16:06 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/05/22 19:16:06 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/05/22 19:16:06 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/05/22 19:16:06 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/05/22 19:16:06 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/05/22 19:16:06 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/05/22 19:16:06 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/05/22 19:16:06 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/05/22 19:16:06 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/05/22 19:16:06 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/05/21 06:58:44 | 000,070,203 | ---- | M] () -- C:\Users\Linda\Desktop\Installed.JPG
[2013/05/21 06:58:05 | 000,102,384 | ---- | M] () -- C:\Users\Linda\Desktop\RogueKiller log.JPG
[2013/05/21 06:54:57 | 000,001,046 | ---- | M] () -- C:\Users\Linda\Desktop\SpeedyComputer.lnk
[2013/05/20 13:38:31 | 000,547,505 | ---- | M] () -- C:\Users\Linda\Desktop\D55 Membership H only -Address file.csv
[2013/05/20 11:55:23 | 000,739,428 | ---- | M] () -- C:\Users\Linda\Desktop\D55 Membership H only - no edits.csv
[2013/05/18 23:26:45 | 526,498,984 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/05/18 15:48:14 | 000,005,168 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/17 10:58:05 | 000,002,048 | ---- | M] () -- C:\Users\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/05/17 10:09:27 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/05/16 16:45:08 | 000,002,469 | ---- | M] () -- C:\Users\Public\Desktop\DriverUpdate.lnk
[2013/05/15 11:41:18 | 000,413,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/15 10:21:13 | 000,311,994 | ---- | M] () -- C:\Users\Linda\Documents\email 130415.pdf
[2013/05/15 08:10:53 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/15 08:10:53 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/14 09:13:11 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2013/05/03 11:59:16 | 000,255,824 | ---- | M] () -- C:\Users\Linda\Documents\Original speech.pdf

========== Files Created - No Company Name ==========

[2013/05/22 21:49:14 | 000,061,792 | ---- | C] () -- C:\Users\Linda\Desktop\District-55-Calendar-of-dates-for-2012-2013_update1202.pdf
[2013/05/22 19:16:06 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/05/22 19:16:06 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/05/21 06:58:44 | 000,070,203 | ---- | C] () -- C:\Users\Linda\Desktop\Installed.JPG
[2013/05/21 06:58:05 | 000,102,384 | ---- | C] () -- C:\Users\Linda\Desktop\RogueKiller log.JPG
[2013/05/21 06:54:57 | 000,001,046 | ---- | C] () -- C:\Users\Linda\Desktop\SpeedyComputer.lnk
[2013/05/20 11:55:52 | 000,547,505 | ---- | C] () -- C:\Users\Linda\Desktop\D55 Membership H only -Address file.csv
[2013/05/20 11:55:22 | 000,739,428 | ---- | C] () -- C:\Users\Linda\Desktop\D55 Membership H only - no edits.csv
[2013/05/18 23:26:45 | 526,498,984 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/05/16 16:45:20 | 000,015,712 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013/05/16 16:45:08 | 000,002,469 | ---- | C] () -- C:\Users\Public\Desktop\DriverUpdate.lnk
[2013/05/15 10:21:12 | 000,311,994 | ---- | C] () -- C:\Users\Linda\Documents\email 130415.pdf
[2013/05/03 11:59:16 | 000,255,824 | ---- | C] () -- C:\Users\Linda\Documents\Original speech.pdf
[2012/10/15 16:22:11 | 000,103,832 | ---- | C] () -- C:\Users\Linda\GoToAssistDownloadHelper.exe
[2012/08/26 12:38:27 | 000,006,144 | ---- | C] () -- C:\Users\Linda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/18 19:35:11 | 000,005,358 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/06 20:02:23 | 000,060,304 | ---- | C] () -- C:\Users\Linda\g2mdlhlpx.exe
[2011/08/14 18:12:57 | 000,000,113 | ---- | C] () -- C:\Windows\(null)toolkit.ini
[2011/07/16 19:08:57 | 000,037,689 | ---- | C] () -- C:\Users\Linda\AppData\Roaming\Comma Separated Values (DOS).ADR
[2011/06/11 21:45:18 | 000,000,000 | ---- | C] () -- C:\Users\Linda\AppData\Local\prvlcl.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Last week the computer was shutting down several times a day. It hasn't done it this week but I have lifted it off the desk and opened the window. It might have been just overheating. I had a very small, old fan that doesn't seem to be working very well. I just thought I would mention it in case I am wrong.
LindaStough's Avatar
LindaStough   (Linda) LindaStough is offline
Computer Specs
Member with 127 posts.
THREAD STARTER
 
Join Date: May 2013
Location: Canyon Lake, Texas
Experience: Beginner
23-May-2013, 11:37 AM #22
How do I find out what programs I don't need? I would like to clean this up and only have the programs I am using. I guess I have to keep all the Mac stuff because I don't know if David put it there for a reason.

Thanks,
Linda
LindaStough's Avatar
LindaStough   (Linda) LindaStough is offline
Computer Specs
Member with 127 posts.
THREAD STARTER
 
Join Date: May 2013
Location: Canyon Lake, Texas
Experience: Beginner
23-May-2013, 11:41 AM #23
I forgot to mention the start menu. Can you tell me how to clean out all the junk?
OCD's Avatar
OCD OCD is offline OCD is authorized to help remove malware.
Malware Removal Specialist with 273 posts.
 
Join Date: Sep 2012
Location: Florida
23-May-2013, 06:05 PM #24
Hi LindaStough,

Please check your desktop for a file called "checkup.txt". If it is there include it in you next reply, and skip step 1. If not run step 1.

=========================

1. Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Right click SecurityCheck.exe, select "Run as Administrator" and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================

2. Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

  • McAfee Security Scan

=========================

3. Run OTL.exe

Windows Vista and Windows 7 users Right Click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code:
    :OTL
    PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
    O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
    [2013/04/23 13:21:40 | 000,000,000 | ---D | C] -- C:\! 130423 1321
    
    :Files
    C:\Program Files (x86)\McAfee Security Scan
    
    :Services
    McComponentHostService
    
    :Reg
    
    :Commands
    [purity]
    [createrestorepoint]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

=========================

4. How do I find out what programs I don't need?
  • That's generally a personal preference. You have to go through the Control Panel to Programs & Features to see what programs are installed.
  • Once in Programs & Features locate the drop-down menu in the right upper corner that give you "more options".
  • Select "Details" this will give you information about when the program was installed and hopefully help you determine if you need it.
  • As a precaution I would not remove any Windows, Microsoft or programs installed by your computer's manufacturer.
=========================

5. Can you tell me how to clean out all the junk from the Start Menu?
  • Click the Start right click All Programs choose Properties
  • Select the Start Menu tab, choose the Customize button.
  • At the bottom of the window locate Start menu size
  • Change the number of Recent Programs to Display to a lower number
  • Select OK, and exit.
=========================

Quote:
Last week the computer was shutting down several times a day. It hasn't done it this week but I have lifted it off the desk and opened the window. It might have been just overheating.
Adequate ventilation around the computer is vital to a smooth running machine. Check your computer fans for excessive dust. Get a can of compressed air if necessary to clean the fans.

In your next post please provide the following:
  • checkup.txt
  • OTL fix log
  • How is the computer running at the moment? What issues still remain?
LindaStough's Avatar
LindaStough   (Linda) LindaStough is offline
Computer Specs
Member with 127 posts.
THREAD STARTER
 
Join Date: May 2013
Location: Canyon Lake, Texas
Experience: Beginner
23-May-2013, 07:14 PM #25
The computer is still slow as molases. Don't have any other complaints.

Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
AVG2012 successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 11.7.700.202
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox (21.0)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


OTL logfile created on: 5/23/2013 6:59:03 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Linda\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 56.11% Memory free
7.49 Gb Paging File | 5.78 Gb Available in Paging File | 77.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.79 Gb Total Space | 120.83 Gb Free Space | 55.23% Space Free | Partition Type: NTFS

Computer Name: DESTY | User Name: Linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Linda\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Linda\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
PRC - C:\Users\Linda\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\_OTL\MovedFiles\05232013_185005\C_Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Speeding Software\SpeedyComputer\SPPCSmartScan.exe (Speeding Software Inc)
PRC - C:\Program Files (x86)\Speeding Software\SpeedyComputer\SPPCReminder.exe (Speeding Software Inc)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmon.exe ()
PRC - C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmsdmon.exe ()
PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Linda\AppData\Roaming\Spotify\Data\libcef.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089 \System.Windows.Forms.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\Syste m.Drawing.dll ()
MOD - C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xm l.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a \System.Configuration.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmon.exe ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmsdmon.exe ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\app4r.monitor.core.dll ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\app4r.monitor.common.dll ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.dll ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdndrs.dll ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnscw.dll ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Access ibility.dll ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdncaps.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdncnv4.dll ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdndatr.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (MotoHelper) -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()
DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (motccgp) -- C:\Windows\SysNative\drivers\motccgp.sys (Motorola)
DRV:64bit: - (motmodem) -- C:\Windows\SysNative\drivers\motmodem.sys (Motorola)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdserd) -- C:\Windows\SysNative\drivers\sscdserd.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (Motousbnet) -- C:\Windows\SysNative\drivers\Motousbnet.sys (Motorola)
DRV:64bit: - (motusbdevice) -- C:\Windows\SysNative\drivers\motusbdevice.sys (Motorola Inc)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (motccgpfl) -- C:\Windows\SysNative\drivers\motccgpfl.sys (Motorola)
DRV:64bit: - (BTCFilterService) -- C:\Windows\SysNative\drivers\motfilt.sys (Motorola Inc)
DRV:64bit: - (MotoSwitchService) -- C:\Windows\SysNative\drivers\motswch.sys (Motorola)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/en/index.php?rvs=hompag
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{1FC0236A-0AF9-4B3F-8093-123948130575}: "URL" = http://downloads.phpnuke.org/en/index.php?rvs=hompag
IE - HKLM\..\SearchScopes\{CF4CC076-72AE-4286-A122-A503227B718B}: "URL" = http://downloads.phpnuke.org/en/index.php?rvs=hompag
IE - HKLM\..\SearchScopes\{FB74C8BF-9286-47FC-9D66-ED713432DF2E}: "URL" = http://downloads.phpnuke.org/en/index.php?rvs=hompag

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{1FC0236A-0AF9-4B3F-8093-123948130575}: "URL" = http://downloads.phpnuke.org/en/index.php?rvs=hompag
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searc---- | M] (Broadcom Corporation)
IE - HKCU\..\SearchScopes\{6D7C3717-97CB-443E-AE38-372D74A2FD4E}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{CF4CC076-72AE-4286-A122-A503227B718B}: "URL" = http://downloads.phpnuke.org/en/index.php?rvs=hompag
IE - HKCU\..\SearchScopes\{FB74C8BF-9286-47FC-9D66-ED713432DF2E}: "URL" = http://downloads.phpnuke.org/en/index.php?rvs=hompag
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..backup.old.browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B003e1c8f-ebd6-f074-7551-4b31c0f547ec%7D:1.300.436
FF - prefs.js..extensions.enabledAddons: ConsumerInput%40Compete:11722
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..extensions.enabledItems: ConsumerInput@Compete:8477
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Linda\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2013/05/14 09:13:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/07 19:03:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/17 08:45:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/17 08:45:03 | 000,000,000 | ---D | M]

[2011/02/28 07:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Extensions
[2013/05/22 22:16:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\v3e8s1lt.default\ex tensions
[2013/04/17 12:19:28 | 000,293,806 | ---- | M] () (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\v3e8s1lt.default\ex tensions\ConsumerInput@Compete.xpi
[2013/03/07 22:28:49 | 000,555,727 | ---- | M] () (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\v3e8s1lt.default\ex tensions\{003e1c8f-ebd6-f074-7551-4b31c0f547ec}.xpi
[2013/05/17 08:45:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/17 08:45:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [lxdnamon] C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnamon.exe ()
O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmon.exe ()
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [SpeedyComputer] C:\Program Files (x86)\Speeding Software\SpeedyComputer\SPPCLauncher.exe (Speeding Software Inc)
O4 - HKCU..\Run: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe" File not found
O4 - HKCU..\Run: [Spotify] C:\Users\Linda\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Linda\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 216.177.160.35 216.177.160.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF110CCB-1B7E-4607-8F07-4898D92E2312}: DhcpNameServer = 192.168.2.1 192.168.2.1 216.177.160.35 216.177.160.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F155DD59-0A2E-4DF7-B466-405901E5C5E2}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{08956cd3-b5fb-11e0-a186-1c7508416a31}\Shell - "" = AutoRun
O33 - MountPoints2\{08956cd3-b5fb-11e0-a186-1c7508416a31}\Shell\AutoRun\command - "" = E:\TLBootstrap_WPP.exe
O33 - MountPoints2\{08956d23-b5fb-11e0-a186-1c7508416a31}\Shell - "" = AutoRun
O33 - MountPoints2\{08956d23-b5fb-11e0-a186-1c7508416a31}\Shell\AutoRun\command - "" = E:\TLBootstrap_WPP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/23 11:20:52 | 000,000,000 | ---D | C] -- C:\Users\Linda\Desktop\130523 1130
[2013/05/23 08:00:57 | 000,000,000 | ---D | C] -- C:\Users\Linda\Desktop\130518 Tech Guys
[2013/05/23 07:59:29 | 000,000,000 | ---D | C] -- C:\Users\Linda\Desktop\130523 0800 Tech Guys
[2013/05/23 07:58:27 | 000,000,000 | ---D | C] -- C:\Users\Linda\Desktop\130522 Tech Guys
[2013/05/23 07:36:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/22 22:12:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/05/22 22:11:25 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/22 19:16:06 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/22 19:16:06 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/05/22 19:16:06 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/05/22 19:16:06 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/05/22 19:16:06 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/05/22 19:16:06 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/05/22 19:16:06 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/05/22 19:16:06 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/22 19:16:06 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/05/22 19:16:06 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/05/22 19:16:06 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/22 19:16:06 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/05/22 19:16:06 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/22 19:16:06 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/05/22 19:16:06 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/22 19:16:06 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/05/22 19:16:06 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/05/22 19:16:06 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/22 19:16:06 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/05/22 19:16:06 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/05/22 19:16:06 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/05/22 19:16:06 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/05/22 19:16:06 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/05/22 19:16:06 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/05/22 19:16:06 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/05/22 19:16:06 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/05/22 19:16:06 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/05/22 19:16:06 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/05/22 19:16:06 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/05/22 19:16:06 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/05/22 19:16:06 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/05/22 19:16:06 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/05/22 19:16:06 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/05/22 19:16:06 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/05/22 19:16:06 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/05/22 19:16:06 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/05/22 19:16:06 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/05/22 19:16:06 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/05/22 19:16:06 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/05/22 19:16:06 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/05/22 19:16:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/05/22 19:16:06 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/05/22 19:16:06 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/05/22 19:16:06 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/05/22 19:16:06 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/05/22 19:16:06 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/05/22 19:16:06 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/05/22 19:16:06 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/05/22 19:16:06 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/05/22 19:16:06 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/05/22 19:16:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/22 19:16:06 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/05/22 19:16:06 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/05/22 19:16:06 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/05/22 19:16:06 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/05/22 19:16:06 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/05/22 19:16:06 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/05/22 19:16:06 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/05/22 19:16:06 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/05/22 19:16:06 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/05/22 19:16:06 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/05/22 19:16:06 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/05/22 19:16:06 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/05/22 19:16:06 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/05/22 19:16:06 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/05/22 19:16:06 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/05/22 19:16:06 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/05/22 19:16:06 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/05/21 06:55:19 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\SpeedyComputer
[2013/05/21 06:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speeding Software
[2013/05/21 06:51:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Speeding Software
[2013/05/21 06:43:27 | 000,000,000 | ---D | C] -- C:\Users\Linda\Desktop\rkill
[2013/05/18 15:07:49 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\ISL Online Cache
[2013/05/17 10:58:03 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\LavasoftStatistics
[2013/05/17 10:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/05/17 10:09:27 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/05/17 08:45:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/05/16 16:45:18 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\SlimWare Utilities Inc
[2013/05/16 16:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
[2013/05/16 16:45:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverUpdate
[2013/05/16 16:45:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2013/05/15 09:51:10 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/05/15 09:51:10 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/05/15 09:51:09 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/05/15 09:51:09 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/05/15 08:58:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013/05/15 08:36:22 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/05/15 08:36:22 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/05/14 09:13:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Standalone LinkScanner

========== Files - Modified Within 30 Days ==========

[2013/05/23 19:01:25 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/23 19:01:25 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/23 18:52:38 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/23 18:52:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/23 18:52:20 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/23 18:31:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/23 18:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/23 07:26:26 | 002,446,362 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/23 07:26:26 | 000,746,218 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/23 07:26:26 | 000,005,358 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/22 22:05:25 | 000,015,712 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013/05/22 21:49:14 | 000,061,792 | ---- | M] () -- C:\Users\Linda\Desktop\District-55-Calendar-of-dates-for-2012-2013_update1202.pdf
[2013/05/22 19:16:06 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/22 19:16:06 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/05/22 19:16:06 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/05/22 19:16:06 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/05/22 19:16:06 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/05/22 19:16:06 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/05/22 19:16:06 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/05/22 19:16:06 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/22 19:16:06 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/05/22 19:16:06 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/05/22 19:16:06 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/22 19:16:06 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/05/22 19:16:06 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/22 19:16:06 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/05/22 19:16:06 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/22 19:16:06 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/05/22 19:16:06 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/05/22 19:16:06 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/22 19:16:06 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/05/22 19:16:06 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/05/22 19:16:06 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/05/22 19:16:06 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/05/22 19:16:06 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/05/22 19:16:06 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/05/22 19:16:06 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/05/22 19:16:06 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/05/22 19:16:06 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/05/22 19:16:06 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/05/22 19:16:06 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/05/22 19:16:06 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/05/22 19:16:06 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/05/22 19:16:06 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/05/22 19:16:06 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/05/22 19:16:06 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/05/22 19:16:06 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/05/22 19:16:06 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/05/22 19:16:06 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/05/22 19:16:06 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/05/22 19:16:06 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/05/22 19:16:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/05/22 19:16:06 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/05/22 19:16:06 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/05/22 19:16:06 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/05/22 19:16:06 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/05/22 19:16:06 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/05/22 19:16:06 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/05/22 19:16:06 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/05/22 19:16:06 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/05/22 19:16:06 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/05/22 19:16:06 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/05/22 19:16:06 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/22 19:16:06 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/05/22 19:16:06 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/05/22 19:16:06 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/05/22 19:16:06 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/05/22 19:16:06 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/05/22 19:16:06 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/05/22 19:16:06 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/05/22 19:16:06 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/05/22 19:16:06 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/05/22 19:16:06 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/05/22 19:16:06 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/05/22 19:16:06 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/05/22 19:16:06 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/05/22 19:16:06 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/05/22 19:16:06 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/05/22 19:16:06 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/05/22 19:16:06 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/05/22 19:16:06 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/05/22 19:16:06 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/05/21 06:58:44 | 000,070,203 | ---- | M] () -- C:\Users\Linda\Desktop\Installed.JPG
[2013/05/21 06:58:05 | 000,102,384 | ---- | M] () -- C:\Users\Linda\Desktop\RogueKiller log.JPG
[2013/05/21 06:54:57 | 000,001,046 | ---- | M] () -- C:\Users\Linda\Desktop\SpeedyComputer.lnk
[2013/05/20 13:38:31 | 000,547,505 | ---- | M] () -- C:\Users\Linda\Desktop\D55 Membership H only -Address file.csv
[2013/05/20 11:55:23 | 000,739,428 | ---- | M] () -- C:\Users\Linda\Desktop\D55 Membership H only - no edits.csv
[2013/05/18 23:26:45 | 526,498,984 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/05/18 15:48:14 | 000,005,168 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/17 10:58:05 | 000,002,048 | ---- | M] () -- C:\Users\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/05/17 10:09:27 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/05/16 16:45:08 | 000,002,469 | ---- | M] () -- C:\Users\Public\Desktop\DriverUpdate.lnk
[2013/05/15 11:41:18 | 000,413,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/15 10:21:13 | 000,311,994 | ---- | M] () -- C:\Users\Linda\Documents\email 130415.pdf
[2013/05/15 08:10:53 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/15 08:10:53 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/14 09:13:11 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2013/05/03 11:59:16 | 000,255,824 | ---- | M] () -- C:\Users\Linda\Documents\Original speech.pdf

========== Files Created - No Company Name ==========

[2013/05/22 21:49:14 | 000,061,792 | ---- | C] () -- C:\Users\Linda\Desktop\District-55-Calendar-of-dates-for-2012-2013_update1202.pdf
[2013/05/22 19:16:06 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/05/22 19:16:06 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/05/21 06:58:44 | 000,070,203 | ---- | C] () -- C:\Users\Linda\Desktop\Installed.JPG
[2013/05/21 06:58:05 | 000,102,384 | ---- | C] () -- C:\Users\Linda\Desktop\RogueKiller log.JPG
[2013/05/21 06:54:57 | 000,001,046 | ---- | C] () -- C:\Users\Linda\Desktop\SpeedyComputer.lnk
[2013/05/20 11:55:52 | 000,547,505 | ---- | C] () -- C:\Users\Linda\Desktop\D55 Membership H only -Address file.csv
[2013/05/20 11:55:22 | 000,739,428 | ---- | C] () -- C:\Users\Linda\Desktop\D55 Membership H only - no edits.csv
[2013/05/18 23:26:45 | 526,498,984 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/05/16 16:45:20 | 000,015,712 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013/05/16 16:45:08 | 000,002,469 | ---- | C] () -- C:\Users\Public\Desktop\DriverUpdate.lnk
[2013/05/15 10:21:12 | 000,311,994 | ---- | C] () -- C:\Users\Linda\Documents\email 130415.pdf
[2013/05/03 11:59:16 | 000,255,824 | ---- | C] () -- C:\Users\Linda\Documents\Original speech.pdf
[2012/10/15 16:22:11 | 000,103,832 | ---- | C] () -- C:\Users\Linda\GoToAssistDownloadHelper.exe
[2012/08/26 12:38:27 | 000,006,144 | ---- | C] () -- C:\Users\Linda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/18 19:35:11 | 000,005,358 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/06 20:02:23 | 000,060,304 | ---- | C] () -- C:\Users\Linda\g2mdlhlpx.exe
[2011/08/14 18:12:57 | 000,000,113 | ---- | C] () -- C:\Windows\(null)toolkit.ini
[2011/07/16 19:08:57 | 000,037,689 | ---- | C] () -- C:\Users\Linda\AppData\Roaming\Comma Separated Values (DOS).ADR
[2011/06/11 21:45:18 | 000,000,000 | ---- | C] () -- C:\Users\Linda\AppData\Local\prvlcl.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
OCD's Avatar
OCD OCD is offline OCD is authorized to help remove malware.
Malware Removal Specialist with 273 posts.
 
Join Date: Sep 2012
Location: Florida
24-May-2013, 12:19 AM #26
Hi LindaStough,

1. Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Right click and select "Run as Administrator" mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan as shown below.

  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
=========================

2. ESET Online Scanner

*Note:
  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.

=========================

In your next post please provide the following:

  • MBAM log
  • ESET's log.txt
LindaStough's Avatar
LindaStough   (Linda) LindaStough is offline
Computer Specs
Member with 127 posts.
THREAD STARTER
 
Join Date: May 2013
Location: Canyon Lake, Texas
Experience: Beginner
24-May-2013, 10:13 AM #27
I had a couple of problems but I think I got through everything ok. Correct me if I am wrong...

During the Malwarebytes scan - I got a pop up from PC Fix Speed - 792 issues found - Options were 1)continue with errors 2) fix issues now. I had no other options so I went into the program and ended it.

I lost your scan so I started it again. Everything went smoothly.

During the ESET program, I got a message that I had Antivirus software running. I couldn't find ALWIL anywhere so I removed every program you did not specifically have me install - including PC FixSpeed. I was able to run the scan - or at least the first half hour or so before I hit the space bar (accidentally). I ran it again - and left the room. It took about 1-1/2 hrs. but finished with no more incidents.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.24.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Linda :: DESTY [administrator]

5/24/2013 6:09:23 AM
mbam-log-2013-05-24 (06-09-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213901
Time elapsed: 5 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Linda\Downloads\PDFReaderSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Linda\Downloads\Setup(5).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Linda\Downloads\Setup(6).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Linda\Downloads\Setup(7).exe (Adware.IBryte) -> Quarantined and deleted successfully.

(end)

C:\! 130423 1321\! 130423 Downloads\audacity_installer_2079.exe a variant of Win32/InstallIQ application
C:\! 130423 1321\! 130423 Downloads\ccleanerSetup(1).exe a variant of Win32/DomaIQ.A application
C:\! 130423 1321\! 130423 Downloads\ccleanerSetup(2).exe a variant of Win32/DomaIQ.A application
C:\! 130423 1321\! 130423 Downloads\ccleanerSetup.exe a variant of Win32/DomaIQ.A application
C:\! 130423 1321\! 130423 Downloads\installer_driver_sony_dsc-s75_cyber-shot_dsc-s75_English(2).exe Win32/Toggle application
C:\! 130423 1321\! 130423 Downloads\installer_driver_sony_dsc-s75_cyber-shot_dsc-s75_English.exe Win32/Toggle application
C:\! 130423 1321\! 130423 Downloads\nuancepdf_d165400(1).exe probably a variant of Win32/InstallIQ application
C:\! 130423 1321\! 130423 Downloads\nuancepdf_d165400.exe probably a variant of Win32/InstallIQ application
C:\! 130423 1321\! 130423 Downloads\PDFReaderSetup.exe a variant of Win32/InstallCore.BH application
C:\! 130423 1321\! 130423 Downloads\setup(4).exe a variant of Win32/AirAdInstaller.A application
C:\! 130423 1321\! 130423 Downloads\Setup(5).exe a variant of Win32/Adware.iBryte.C application
C:\! 130423 1321\! 130423 Downloads\Setup(6).exe a variant of Win32/Adware.iBryte.D application
C:\! 130423 1321\! 130423 Downloads\Setup(7).exe a variant of Win32/Adware.iBryte.F application
C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FTZF8L7R\DeltaTB[1].exe a variant of Win32/Toolbar.Babylon.A application
C:\Users\Linda\AppData\Local\Temp\211909F0-BAB0-7891-A33F-08D24E6DF5BD\Latest\IEHelper.dll Win32/Toolbar.Babylon.E application
C:\Users\Linda\AppData\Local\Temp\211909F0-BAB0-7891-A33F-08D24E6DF5BD\Latest\Setup.exe a variant of Win32/Toolbar.Babylon.E application
C:\Users\Linda\AppData\Local\Temp\211909F0-BAB0-7891-A33F-08D24E6DF5BD\Setup.exe a variant of Win32/Toolbar.Babylon.E application
C:\Users\Linda\Downloads\audacity_installer_2079.exe a variant of Win32/InstallIQ application
C:\Users\Linda\Downloads\ccleanerSetup(1).exe a variant of Win32/DomaIQ.A application
C:\Users\Linda\Downloads\ccleanerSetup(2).exe a variant of Win32/DomaIQ.A application
C:\Users\Linda\Downloads\ccleanerSetup.exe a variant of Win32/DomaIQ.A application
C:\Users\Linda\Downloads\installer_driver_sony_dsc-s75_cyber-shot_dsc-s75_English(2).exe Win32/Toggle application
C:\Users\Linda\Downloads\installer_driver_sony_dsc-s75_cyber-shot_dsc-s75_English.exe Win32/Toggle application
C:\Users\Linda\Downloads\Malwarebytes Anti-Malware provided through GetNow.exe a variant of Win32/GetNow.A application
C:\Users\Linda\Downloads\nuancepdf_d165400(1).exe probably a variant of Win32/InstallIQ application
C:\Users\Linda\Downloads\nuancepdf_d165400.exe probably a variant of Win32/InstallIQ application
C:\Users\Linda\Downloads\setup(4).exe a variant of Win32/AirAdInstaller.A application

Can you suggest a good Antivirus software? I used Norton when it first came out but didn't like it after Peter Norton left the company. My daughter just downloads the free stuff and I leave it at that.
OCD's Avatar
OCD OCD is offline OCD is authorized to help remove malware.
Malware Removal Specialist with 273 posts.
 
Join Date: Sep 2012
Location: Florida
24-May-2013, 10:41 AM #28
Hi LindaStough,

All the steps you took look good.

=========================

1. Run OTL.exe

Windows Vista and Windows 7 users Right Click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code:
    :Files
    C:\! 130423 1321\! 130423 Downloads\audacity_installer_2079.exe
    C:\! 130423 1321\! 130423 Downloads\ccleanerSetup(1).exe
    C:\! 130423 1321\! 130423 Downloads\ccleanerSetup(2).exe
    C:\! 130423 1321\! 130423 Downloads\ccleanerSetup.exe
    C:\! 130423 1321\! 130423 Downloads\installer_driver_sony_dsc-s75_cyber-shot_dsc-s75_English(2).exe
    C:\! 130423 1321\! 130423 Downloads\installer_driver_sony_dsc-s75_cyber-shot_dsc-s75_English.exe
    C:\! 130423 1321\! 130423 Downloads\nuancepdf_d165400(1).exe
    C:\! 130423 1321\! 130423 Downloads\nuancepdf_d165400.exe
    C:\! 130423 1321\! 130423 Downloads\PDFReaderSetup.exe
    C:\! 130423 1321\! 130423 Downloads\setup(4).exe
    C:\! 130423 1321\! 130423 Downloads\setup(5).exe
    C:\! 130423 1321\! 130423 Downloads\setup(6).exe
    C:\! 130423 1321\! 130423 Downloads\setup(7).exe
    C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FTZF8L7R\DeltaTB[1].exe
    C:\Users\Linda\AppData\Local\Temp\211909F0-BAB0-7891-A33F-08D24E6DF5BD\Latest\IEHelper.dll
    C:\Users\Linda\AppData\Local\Temp\211909F0-BAB0-7891-A33F-08D24E6DF5BD\Latest\Setup.exe
    C:\Users\Linda\AppData\Local\Temp\211909F0-BAB0-7891-A33F-08D24E6DF5BD\Setup.exe
    C:\Users\Linda\Downloads\audacity_installer_2079.exe
    C:\Users\Linda\Downloads\ccleanerSetup(1).exe
    C:\Users\Linda\Downloads\ccleanerSetup(2).exe
    C:\Users\Linda\Downloads\ccleanerSetup.exe
    C:\Users\Linda\Downloads\installer_driver_sony_dsc-s75_cyber-shot_dsc-s75_English(2).exe
    C:\Users\Linda\Downloads\installer_driver_sony_dsc-s75_cyber-shot_dsc-s75_English.exe
    C:\Users\Linda\Downloads\Malwarebytes Anti-Malware provided through GetNow.exe
    C:\Users\Linda\Downloads\nuancepdf_d165400(1).exe
    C:\Users\Linda\Downloads\nuancepdf_d165400.exe
    C:\Users\Linda\Downloads\setup(4).exe
    
    :Commands
    [createrestorepoint]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

=========================

Free Anti-Virus


In your next post please provide the following:
  • OTL fix log
LindaStough's Avatar
LindaStough   (Linda) LindaStough is offline
Computer Specs
Member with 127 posts.
THREAD STARTER
 
Join Date: May 2013
Location: Canyon Lake, Texas
Experience: Beginner
24-May-2013, 11:57 AM #29
All processes killed
========== FILES ==========
File\Folder C:\! 130423 1321\! 130423 Downloads\audacity_installer_2079.exe not found.
File\Folder C:\! 130423 1321\! 130423 Downloads\ccleanerSetup(1).exe not found.
File\Folder C:\! 130423 1321\! 130423 Downloads\ccleanerSetup(2).exe not found.
File\Folder C:\! 130423 1321\! 130423 Downloads\ccleanerSetup.exe not found.
File\Folder C:\! 130423 1321\! 130423 Downloads\installer_driver_sony_dsc-s75_cyber-shot_dsc-s75_English(2).exe not found.
File\Folder C:\! 130423 1321\! 130423 Downloads\installer_driver_sony_dsc-s75_cyber-shot_dsc-s75_English.exe not found.
File\Folder C:\! 130423 1321\! 130423 Downloads\nuancepdf_d165400(1).exe not found.
File\Folder C:\! 130423 1321\! 130423 Downloads\nuancepdf_d165400.exe not found.
File\Folder C:\! 130423 1321\! 130423 Downloads\PDFReaderSetup.exe not found.
File\Folder C:\! 130423 1321\! 130423 Downloads\setup(4).exe not found.
File\Folder C:\! 130423 1321\! 130423 Downloads\setup(5).exe not found.
File\Folder C:\! 130423 1321\! 130423 Downloads\setup(6).exe not found.
File\Folder C:\! 130423 1321\! 130423 Downloads\setup(7).exe not found.
C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FTZF8L7R\DeltaTB[1].exe moved successfully.
C:\Users\Linda\AppData\Local\Temp\211909F0-BAB0-7891-A33F-08D24E6DF5BD\Latest\IEHelper.dll moved successfully.
C:\Users\Linda\AppData\Local\Temp\211909F0-BAB0-7891-A33F-08D24E6DF5BD\Latest\Setup.exe moved successfully.
C:\Users\Linda\AppData\Local\Temp\211909F0-BAB0-7891-A33F-08D24E6DF5BD\Setup.exe moved successfully.
C:\Users\Linda\Downloads\audacity_installer_2079.exe moved successfully.
C:\Users\Linda\Downloads\ccleanerSetup(1).exe moved successfully.
C:\Users\Linda\Downloads\ccleanerSetup(2).exe moved successfully.
C:\Users\Linda\Downloads\ccleanerSetup.exe moved successfully.
C:\Users\Linda\Downloads\installer_driver_sony_dsc-s75_cyber-shot_dsc-s75_English(2).exe moved successfully.
C:\Users\Linda\Downloads\installer_driver_sony_dsc-s75_cyber-shot_dsc-s75_English.exe moved successfully.
C:\Users\Linda\Downloads\Malwarebytes Anti-Malware provided through GetNow.exe moved successfully.
C:\Users\Linda\Downloads\nuancepdf_d165400(1).exe moved successfully.
C:\Users\Linda\Downloads\nuancepdf_d165400.exe moved successfully.
C:\Users\Linda\Downloads\setup(4).exe moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Linda
->Temp folder emptied: 7069401 bytes
->Temporary Internet Files folder emptied: 21239098 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 17034623 bytes
->Flash cache emptied: 638 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10098 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows \Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 2305 bytes

Total Files Cleaned = 43.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05242013_113342

Files\Folders moved on Reboot...
File move failed. C:\Users\Linda\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
File\Folder C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6576D94F-AF6A-43D4-8C85-7830F11D136D}.tmp not found!
File\Folder C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6C9DC4EF-2390-4417-AE09-0456FF656381}.tmp not found!
File\Folder C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{77C4B27C-97F0-4E0D-A213-86F7831B61AB}.tmp not found!
File\Folder C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{97D00FC5-CB9C-4757-B194-AF00CF7D972D}.tmp not found!
File\Folder C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{BE3BF670-48F9-480C-8F8F-555A01689F83}.tmp not found!
File\Folder C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F70E2506-93F0-4718-A470-49C129A9BB2A}.tmp not found!
File move failed. C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
OCD's Avatar
OCD OCD is offline OCD is authorized to help remove malware.
Malware Removal Specialist with 273 posts.
 
Join Date: Sep 2012
Location: Florida
24-May-2013, 09:49 PM #30
Hi LindaStough,

Please navigate to the following folder and delete it and all it's contents.

=========================

1. Enable Hidden Files & Folders :

To enable the viewing of hidden and protected system files in Windows please follow these steps:
  1. Close all programs so that you are at your desktop.
  2. Click on the Start button. (This is the small round button with the Windows flag in the lower left corner.)
  3. Click on the Control Panel menu option.
  4. When the control panel opens you can either be in Classic View or Control Panel Home view:

    If you are in the Classic View do the following:
    1. Double-click on the Folder Options icon.
    2. Click on the View tab.
    3. Go to step 5

    If you are in the Control Panel Home view do the following:
    1. Click on the Appearance and Personalization link.
    2. Click on Show Hidden Files or Folders.
    3. Go to step 5.

  5. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  6. Remove the check mark from the check box labeled Hide extensions for known file types.
  7. Remove the check mark from the check box labeled Hide protected operating system files.
  8. Press the Apply button and then the OK button.

=========================

2. Delete a File/Folder

Using Windows Explorer (Windows Key + E), locate the following files/folders, and DELETE them (if still present):
  • C:\! 130423 1321 <-- delete the folder, if present
Exit Explorer

=========================

3. Re-hide Files & Folders:

In the Control Panel Home view do the following:
  1. Click on the Appearance and Personalization link.
  2. Click on Show Hidden Files or Folders.
  3. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  4. Add a check mark to the check box labeled Hide extensions for known file types.
  5. Add a check mark to the check box labeled Hide protected operating system files.
  6. Press the Apply button and then the OK button.

=========================

4. TFC

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
    • Vista, Windows 7 & 8 Right click and select "Run as Administrator"
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean

In your next post please provide the following:
  • Report back with the results
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2