1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan keeps coming back.

Discussion in 'Virus & Other Malware Removal' started by zan.w, Feb 13, 2014.

Thread Status:
Not open for further replies.
Advertisement
  1. zan.w

    zan.w Thread Starter

    Joined:
    Dec 28, 2004
    Messages:
    54
    Trojan horse downloader Generic13.BVUR keeps reappearing after deleting it in avg..Please find attached files as requested. Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: AMD Athlon(tm) II X2 215 Processor, AMD64 Family 16 Model 6 Stepping 2
    Processor Count: 2
    RAM: 3839 Mb
    Graphics Card: ATI Radeon HD 3200 Graphics, 256 Mb
    Hard Drives: C: Total - 595439 MB, Free - 508533 MB;
    Motherboard: Dell Inc., 0F896N
    Antivirus: AVG Internet Security 2014, Updated and Enabled

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: BrowserJavaVersion: 10.51.2
    Run by Wells at 11:36:29 on 2014-02-13
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2048 [GMT -8:00]
    .
    AV: AVG Internet Security 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
    SP: AVG Internet Security 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
    C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    C:\Program Files (x86)\Glary Utilities\webupdate.exe
    C:\Program Files (x86)\Glary Utilities 4\x64\Win64ShellLink.exe
    C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
    C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
    C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe
    C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    C:\Program Files (x86)\AVG\AVG2014\avgui.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
    C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2009 Deluxe\Planner\PLNRnote.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Browny02\BrYNSvc.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 7\RealTimeProtector.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.babylon.com/?affID=112542&tt=3012_2&babsrc=HP_ss&mntrId=badca421000000000000002564d33dee
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
    BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
    BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
    uRun: [Google Update] "C:\Users\WellsJnS\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    mRun: [RoxioDragToDisc] "C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe"
    mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
    mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
    mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
    mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
    mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
    mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
    StartupFolder: C:\Users\WellsJnS\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CORELD~1.LNK - C:\Corel\Suite8\Programs\DAD8.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTP~1.LNK - C:\Windows\Installer\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Evernote 4 - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
    DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {DE3135A8-D948-49DC-ABBC-B2EFF418E5FD} - hxxp://www.iradiopop.com/IRD/pages/AIRJ01FPlayer.CAB
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{00B1BBC4-7E69-4AB6-95D6-1475F348FB9A} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{CFDD65DC-7EDA-446A-89F4-DE9D357E4B25} : DHCPNameServer = 192.168.1.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
    x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll
    x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\WellsJnS\AppData\Roaming\Mozilla\Firefox\Profiles\3ciq9x11.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://webmail.excite.com/6058f750/gds/index_rich.php|https://mail.google.com/mail/u/0/?shva=1#inbox
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\WellsJnS\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
    FF - ExtSQL: 2013-12-30 12:41; [email protected]; C:\Users\WellsJnS\AppData\Roaming\Mozilla\Firefox\Profiles\3ciq9x11.default\extensions\[email protected]
    FF - ExtSQL: 2013-12-30 12:41; [email protected]; C:\Program Files (x86)\IObit Apps Toolbar\FF
    FF - ExtSQL: 2014-02-12 15:00; [email protected]; C:\Users\WellsJnS\AppData\Roaming\Mozilla\Firefox\Profiles\3ciq9x11.default\extensions\[email protected]
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112542&tt=3012_2
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
    FF - user.js: extensions.BabylonToolbar.id - badca421000000000000002564d33dee
    FF - user.js: extensions.BabylonToolbar.instlDay - 15548
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.118:53:31
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - base
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 2250000
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\System32\drivers\aswNdis.sys [2012-11-20 12368]
    R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\System32\drivers\aswNdis2.sys [2012-11-20 262656]
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-11-25 196376]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
    R0 DLACDBHE;DLACDBHE;C:\Windows\System32\drivers\DLACDBHE.SYS [2010-1-9 17776]
    R0 DRVECDB;DRVECDB;C:\Windows\System32\drivers\DRVECDB.SYS [2010-1-9 124112]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-1-9 55280]
    R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2014-2-12 21184]
    R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-11-20 21136]
    R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-25 150808]
    R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2013-9-26 57144]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 243480]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-11-27 46368]
    R1 DLARTL_E;DLARTL_E;C:\Windows\System32\drivers\DLARTL_E.SYS [2010-1-9 41072]
    R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2013-12-2 881440]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-10-25 238080]
    R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2013-9-24 1358944]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-1-22 3788816]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
    R2 DLABMFSE;DLABMFSE;C:\Windows\System32\drivers\DLABMFSE.SYS [2010-1-9 46448]
    R2 DLABOIOE;DLABOIOE;C:\Windows\System32\drivers\DLABOIOE.SYS [2010-1-9 42352]
    R2 DLADResE;DLADResE;C:\Windows\System32\drivers\DLADResE.SYS [2010-1-9 9968]
    R2 DLAIFS_E;DLAIFS_E;C:\Windows\System32\drivers\DLAIFS_E.SYS [2010-1-9 146672]
    R2 DLAOPIOE;DLAOPIOE;C:\Windows\System32\drivers\DLAOPIOE.SYS [2010-1-9 35056]
    R2 DLAPoolE;DLAPoolE;C:\Windows\System32\drivers\DLAPoolE.SYS [2010-1-9 19824]
    R2 DLAUDF_E;DLAUDF_E;C:\Windows\System32\drivers\DLAUDF_E.SYS [2010-1-9 144112]
    R2 DLAUDFAE;DLAUDFAE;C:\Windows\System32\drivers\DLAUDFAE.SYS [2010-1-9 135152]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    R2 DRVEDDM;DRVEDDM;C:\Windows\System32\drivers\DRVEDDM.SYS [2010-1-9 63984]
    R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
    R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2014-2-12 341824]
    R2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-12-2 2151200]
    R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-8 144672]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-10-25 689472]
    R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [2014-1-8 1771544]
    R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-6-9 266240]
    R3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2009-10-25 411136]
    R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2014-2-12 23048]
    R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2014-2-12 34848]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-4 346144]
    R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2014-2-12 23016]
    S1 aswFW;avast! TDI Firewall driver;C:\Windows\System32\drivers\aswFW.sys [2012-11-20 132864]
    S2 avast! Firewall;avast! Firewall; [x]
    S2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-9-19 38440]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-3-22 25072]
    S3 rcmirror;rcmirror;C:\Windows\System32\drivers\rcmirror.sys [2008-10-9 5120]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-31 19456]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-31 57856]
    S3 UsbGps;LGE CDMA USB GPS NMEA Port;C:\Windows\System32\drivers\lgx64gps.sys [2010-11-4 27136]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-1-4 1224704]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-29 1255736]
    .
    =============== File Associations ===============
    .
    FileExt: .vbs: VBSFile=C:\Windows\SysWow64\WScript.exe "%1" %*
    FileExt: .js: jsfile=C:\Windows\System32\Notepad.exe %1 [default=Edit - 'Open' doesn't exist]
    ShellExec: pi11.exe: Open="C:\Program Files (x86)\Microsoft Digital Image 2006\pi.exe" "%1"
    .
    =============== Created Last 30 ================
    .
    2014-02-13 17:58:22 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
    2014-02-13 06:36:04 69632 ----a-w- C:\Windows\System32\coinst_8.97.100.11.dll
    2014-02-13 06:36:04 48544 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2014-02-13 06:36:03 61464 ----a-w- C:\Windows\System32\atiuxp64.dll
    2014-02-13 06:36:03 4782960 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2014-02-13 06:36:03 1978240 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
    2014-02-13 06:36:02 6288832 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2014-02-13 06:36:02 1065720 ----a-w- C:\Windows\System32\atiumd6v.dll
    2014-02-13 06:32:31 34080 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe
    2014-02-13 06:31:47 21184 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys
    2014-02-13 06:31:47 121856 ----a-w- C:\Windows\System32\IObitSmartDefragExtension.dll
    2014-02-12 04:20:33 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
    2014-02-12 04:20:33 2048 ----a-w- C:\Windows\System32\msxml3r.dll
    2014-02-12 04:20:33 1882112 ----a-w- C:\Windows\System32\msxml3.dll
    2014-02-12 04:20:33 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2014-02-07 16:59:15 -------- d-----w- C:\Users\WellsJnS\AppData\Local\{C9671673-6D19-4B2B-81BA-225B121B883A}
    2014-02-03 21:23:31 -------- d-----w- C:\Users\WellsJnS\AppData\Local\{671470E6-4F3C-4DF8-98E5-BFFA4B72B5B7}
    2014-01-21 18:49:32 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-01-19 18:47:07 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2014-01-19 18:47:06 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2014-01-19 18:47:06 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2014-01-19 18:47:06 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2014-01-19 18:47:06 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2014-01-19 18:47:06 3156480 ----a-w- C:\Windows\System32\win32k.sys
    2014-01-19 18:47:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2014-01-19 18:47:06 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2014-01-19 18:47:05 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
    2014-01-16 23:13:35 -------- d-----w- C:\ProgramData\GlarySoft
    2014-01-15 21:55:28 -------- d-----w- C:\Program Files (x86)\Glary Utilities
    2014-01-14 21:56:29 -------- d-----w- C:\Users\WellsJnS\AppData\Local\ATI
    .
    ==================== Find3M ====================
    .
    2014-02-13 06:36:02 4292192 ----a-w- C:\Windows\System32\atiumd6a.dll
    2014-02-05 10:00:21 2334720 ----a-w- C:\Windows\System32\jscript9.dll
    2014-02-05 09:54:06 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2014-02-05 09:52:51 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-02-05 09:51:59 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-02-05 09:51:52 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2014-02-05 09:50:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-02-05 08:56:17 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-02-05 08:50:39 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-02-05 08:49:56 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-02-05 08:48:40 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-02-05 08:48:27 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-02-05 08:47:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-02-05 01:39:06 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-02-05 01:39:06 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-12-17 05:35:14 117024 ----a-w- C:\Windows\System32\BootDefrag.exe
    2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
    2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
    2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
    2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
    2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
    2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
    2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
    2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
    2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
    2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
    2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
    2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
    2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
    2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
    2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
    2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
    2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
    2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
    2013-11-26 05:47:22 196376 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
    2013-11-26 05:47:20 243480 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
    2013-11-26 05:47:20 150808 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
    .
    ============= FINISH: 11:37:51.81 ===============
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:34:54 AM, on 2/13/2014
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe
    C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    C:\Program Files (x86)\AVG\AVG2014\avgui.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
    C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2009 Deluxe\Planner\PLNRnote.exe
    C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\WellsJnS\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=11...HP_ss&mntrId=badca421000000000000002564d33dee
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
    O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
    O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
    O4 - HKLM\..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
    O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
    O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
    O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
    O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
    O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
    O4 - HKCU\..\Run: [Google Update] "C:\Users\WellsJnS\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
    O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
    O4 - Global Startup: Event Planner Reminder 2009.lnk = ?
    O8 - Extra context menu item: Add to Evernote 4 - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {DE3135A8-D948-49DC-ABBC-B2EFF418E5FD} (AIRJ01FPlayer.Player) - http://www.iradiopop.com/IRD/pages/AIRJ01FPlayer.CAB
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
    O23 - Service: Computer Backup (MyPC Backup) (BackupStack) - Just Develop It - C:\Program Files (x86)\MyPC Backup\BackupStack.exe
    O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
    O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater17.3.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    --
    End of file - 14830 bytes
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/18/2009 11:18:01 AM
    System Uptime: 2/13/2014 11:07:24 AM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0F896N
    Processor: AMD Athlon(tm) II X2 215 Processor | AM2 | 2700/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 581 GiB total, 496.615 GiB free.
    D: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    K: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Photosmart Plus B209a-m
    Device ID: ROOT\IMAGE\0000
    Manufacturer: HP
    Name: Photosmart Plus B209a-m
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: avast! TDI Firewall driver
    Device ID: ROOT\LEGACY_ASWFW\0000
    Manufacturer:
    Name: avast! TDI Firewall driver
    PNP Device ID: ROOT\LEGACY_ASWFW\0000
    Service: aswFW
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart Plus B209a-m
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart Plus B209a-m
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP660: 1/15/2014 10:36:19 PM - Windows Update
    RP661: 1/19/2014 11:15:43 PM - Windows Update
    RP662: 1/21/2014 10:47:50 AM - Installed Java 7 Update 51
    RP663: 1/28/2014 11:11:05 AM - Scheduled Checkpoint
    RP664: 2/4/2014 5:04:54 PM - Scheduled Checkpoint
    RP665: 2/12/2014 10:28:49 AM - Scheduled Checkpoint
    RP666: 2/12/2014 10:34:10 PM - Driver Booster : ATI Radeon HD 3200 Graphics
    RP669: 2/12/2014 10:38:14 PM - Windows Update
    RP670: 2/12/2014 11:16:03 PM - Windows Modules Installer
    RP671: 2/13/2014 9:53:48 AM - Installed AVG 2014
    .
    ==== Installed Programs ======================
    .
    µTorrent
    64 Bit HP CIO Components Installer
    Adobe Flash Player 12 ActiveX
    Adobe Flash Player 12 Plugin
    Adobe Reader XI (11.0.05)
    Advanced SystemCare 7
    AVG 2014
    AVG Security Toolbar
    B209a-m
    Brother MFL-Pro Suite MFC-J435W
    BufferChm
    calibre
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    Compatibility Pack for the 2007 Office system
    Conexant D850 PCI V.92 Modem
    Corel WordPerfect Suite 8
    Coupon Companion
    D3DX10
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell Dock
    Dell Edoc Viewer
    Dell Getting Started Guide
    Dell Resource CD
    Dell Support Center
    Destinations
    DeviceDiscovery
    Digital Line Detect
    Driver Booster
    eReg
    erLT
    Evernote v. 4.6.1
    Full Tilt Poker.Net
    GadgetPack (remove only)
    Glary Utilities 2.56.0.1822
    Glary Utilities PRO 4.4
    Google Chrome
    Google Earth
    Google Update Helper
    GoToAssist Corporate
    GPBaseService2
    Greeting Card Factory Deluxe
    Greeting Card Factory Deluxe 7.0
    Hallmark Card Studio 2009 Deluxe
    HP Customer Participation Program 13.0
    HP Imaging Device Functions 13.0
    HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6
    HP Print Projects 1.0
    HP Smart Web Printing 4.60
    HP Solution Center 13.0
    HP Update
    HPDiagnosticAlert
    HPPhotoGadget
    hpPrintProjects
    HPProductAssistant
    hpWLPGInstaller
    Intel RSX 3D
    Internet TV for Windows Media Center
    IObit Malware Fighter
    IObit Uninstaller
    Java 7 Update 51
    Java Auto Updater
    Junk Mail filter update
    LG USB Modem driver
    LightScribe System Software
    Logitech SetPoint 6.32
    Logitech Unifying Software 2.10
    Malwarebytes Anti-Malware version 1.75.0.1300
    MarketResearch
    Mavis Beacon Teaches Typing Deluxe 20
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Digital Image Suite 2006
    Microsoft Digital Image Suite 2006 Editor
    Microsoft Digital Image Suite 2006 Library
    Microsoft Mouse and Keyboard Center
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Web Publishing Wizard 1.52
    Microsoft Works
    MMI
    Modem Diagnostic Tool
    Mozilla Firefox 26.0 (x86 en-US)
    Mozilla Maintenance Service
    MP3 Rocket
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB2758694)
    MSXML 4.0 SP3 Parser (KB973685)
    MyPC Backup
    Network64
    Nuance PaperPort 12
    Nuance PDF Viewer Plus
    OpenOffice 4.0.1
    PaperPort Image Printer 64-bit
    Picasa 3
    Platform
    PMB
    PokerStars
    PokerStars.net
    PowerDVD DX
    Print Artist 22 Platinum
    PS_AIO_06_B209a-m_SW_Min
    RAIDXpert
    Realtek 8136 8168 8169 Ethernet Driver
    Roxio Burn
    Roxio Creator 9.1 XE
    Roxio Drag-to-Disc
    Roxio Update Manager
    Scan
    Scansoft PDF Professional
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
    Serif AlbumPlus SE PRO
    Serif PhotoPlus X3
    Shockwave
    Skins
    Skype™ 5.10
    Smart Defrag 3
    SmartWebPrinting
    SMPlayer 0.6.9
    SolutionCenter
    Status
    Surfing Protection
    Toolbox
    TrayApp
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
    VD64Inst
    VIA Platform Device Manager
    Video Converter Bundle
    Visual Studio 2008 x64 Redistributables
    Visual Studio 2010 x64 Redistributables
    Visual Studio 2012 x64 Redistributables
    Visual Studio 2012 x86 Redistributables
    WebReg
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Center Add-in for Silverlight
    Windows Media Player Firefox Plugin
    Windows Movie Maker 2.6
    Works Suite OS Pack
    Works Synchronization
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/13/2014 8:49:48 AM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
    2/13/2014 11:10:24 AM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
    2/13/2014 11:10:24 AM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
    2/13/2014 11:10:24 AM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
    2/13/2014 11:09:03 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswFW
    2/13/2014 11:09:03 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{00B1BBC4-7E69-4AB6-95D6-1475F348FB9A} because another computer on the network has the same name. The server could not start.
    2/13/2014 11:09:03 AM, Error: NetBT [4321] - The name "SUZANNE-PC :20" could not be registered on the interface with IP address 192.168.1.5. The computer with the IP address 192.168.1.11 did not allow the name to be claimed by this computer.
    2/13/2014 11:08:49 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
    2/13/2014 11:08:49 AM, Error: Service Control Manager [7000] - The Computer Backup (MyPC Backup) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/13/2014 11:08:23 AM, Error: NetBT [4321] - The name "SUZANNE-PC :0" could not be registered on the interface with IP address 192.168.1.5. The computer with the IP address 192.168.1.11 did not allow the name to be claimed by this computer.
    2/13/2014 11:08:11 AM, Error: Service Control Manager [7000] - The avast! Firewall service failed to start due to the following error: The system cannot find the path specified.
    2/13/2014 11:08:01 AM, Error: volmgr [46] - Crash dump initialization failed!
    2/13/2014 10:05:03 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    2/13/2014 10:03:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    2/13/2014 10:03:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    2/13/2014 10:03:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    2/13/2014 10:03:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    2/13/2014 10:03:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/13/2014 10:03:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    2/13/2014 10:03:13 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswFW Avgdiska Avgfwfd AVGIDSDriver Avgldx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx TermDD Wanarpv6 WfpLwf
    2/13/2014 10:03:13 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/13/2014 10:03:13 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    2/13/2014 10:03:13 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    2/13/2014 10:03:13 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    2/13/2014 10:03:13 AM, Error: Service Control Manager [7001] - The Remote Desktop Services service depends on the Terminal Device Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/13/2014 10:03:13 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/13/2014 10:03:13 AM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/13/2014 10:03:08 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    2/13/2014 10:03:08 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    2/13/2014 10:03:08 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/13/2014 10:03:08 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    2/12/2014 10:38:08 PM, Error: volsnap [8] - The flush and hold writes operation on volume C: timed out while waiting for a release writes command.
    2/12/2014 10:37:02 PM, Error: volsnap [8] - The flush and hold writes operation on volume \\?\Volume{dc97fa5d-c1b8-11de-a707-806e6f6e6963} timed out while waiting for a release writes command.
    2/12/2014 10:31:03 PM, Error: Service Control Manager [7034] - The IMF Service service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2014-02-13 11:41:18
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD6400AAKS-75A7B2 rev.01.03B01 596.17GB
    Running: 2s3jwuh1.exe; Driver: C:\Users\WellsJnS\AppData\Local\Temp\pxdirfow.sys


    ---- Threads - GMER 2.1 ----

    Thread C:\Windows\system32\svchost.exe [1392:1532] 000007fef9f08274
    Thread C:\Windows\system32\svchost.exe [1392:1852] 000007fef9f08274
    Thread C:\Windows\System32\spoolsv.exe [1636:2084] 000007fef8b210c8
    Thread C:\Windows\System32\spoolsv.exe [1636:2244] 000007fef8ae6144
    Thread C:\Windows\System32\spoolsv.exe [1636:2312] 000007fef8775fd0
    Thread C:\Windows\System32\spoolsv.exe [1636:2352] 000007fef97f3438
    Thread C:\Windows\System32\spoolsv.exe [1636:2356] 000007fef87763ec
    Thread C:\Windows\System32\spoolsv.exe [1636:2400] 000007fef8c05e5c
    Thread C:\Windows\System32\spoolsv.exe [1636:2440] 000007fef8cc5074
    Thread C:\Windows\System32\spoolsv.exe [1636:2556] 000007fef8b78760
    Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2344:4468] 000007fefb56c680
    Thread C:\Windows\system32\svchost.exe [3512:3612] 000007fef97f3438
    Thread C:\Windows\system32\svchost.exe [3512:3636] 00000000005ba988
    Thread C:\Windows\system32\svchost.exe [3512:3644] 0000000000704bf8
    Thread C:\Windows\system32\svchost.exe [3512:3652] 000007fef92da850
    Thread C:\Windows\SysWOW64\ntdll.dll [4364:4368] 00000000004548ce
    Thread C:\Program Files\Windows Sidebar\sidebar.exe [4888:1108] 000007fef6521ebc
    Thread C:\Windows\SysWOW64\ntdll.dll [4980:4984] 0000000000419982
    Thread C:\Windows\SysWOW64\ntdll.dll [4980:4636] 0000000074071c2f
    Thread C:\Windows\SysWOW64\ntdll.dll [4980:2732] 0000000071fe17a4
    Thread C:\Windows\SysWOW64\ntdll.dll [4980:3304] 000000000474369f

    ---- EOF - GMER 2.1 ----
     
  2. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Hi zan.w,
    You have multiple Antivirus programs running. That will make your system unstable, and actually less secure.
    We will remove one. The other programs we are removing dump adware/spyware on your machine.
    We can talk about substitutes after the machine is clean.

    Also be aware that all Poker sites track your surfing and use the data for their own purposes, which may not be yours.
    I would consider Uninstalling any Poker sites that are not important to you.

    Be aware that the trojan called out by AVG could be a false positive, but if it is not, it's what is called a "backdoor", and it could put personal data at risk. (any credit cards used, etc.)
    If you get another message from AVG, please record any file name associated with it.
    -----------------------------------------------
    It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like µTorrent, Bearshare, Bittorrent, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
    Criminals have "planted" thousands upon thousands of infections in the "free" shared torrent files.
    Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".
    This is a VERY likely source of trojans.
    ------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Programs and Features
    Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

    µTorrent
    Advanced SystemCare 7
    Coupon Companion
    IObit Malware Fighter
    MyPC Backup
    Nuance PDF Viewer Plus
    Smart Defrag 3

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    -------------------------------------------------------------
    AdwCleaner Download and Run

    Click on this link to download : ADWCleaner
    Be careful NOT to click on any sponsored advertisement download.
    The one by Xplode is correct. Click on the Download Now button and save it to your desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and double click on this icon on your desktop:

    [​IMG]

    You will then see the screen below. Click on the Scan button (as indicated), accept any prompts that appear and allow it to run.
    It may take several minutes to complete.
    When it is done, click on the Clean button, accept any prompts that appear and allow the system to Reboot.
    You will then be presented with the report. Copy & Paste it into a reply here before running any other programs.

    [​IMG]
    If you lose track of the log, it is saved in this folder C:\AdwCleaner\
    The filename will be adwcleaner[xx].txt where [xx] will be S1, or S2, etc. whichever filename is newest.
    ---------------------------------------------
    Download the OTL Scanner
    Please download OTL.exe by OldTimer and save it to your desktop.
    ---------------------------------------------
    Run a Scan with OTL
    • Right click the OTL icon and choose "Run as administrator" to run it.
    • Check the box at the top, labeled Include 64 bit scans
    • Check the boxes labeled :
      • Scan All Users
      • LOP check
      • Purity check
      • Extra Registry > Use SafeList
    • Make sure all other windows are closed to let it run uninterrupted.
    • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
    OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
    The Extras.txt file will only appear the very first time you run OTL.
    Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.
    ---------------------------------------------------
    So, In Your Replies, we will be looking for the following :
    The contents of:
    • The log from AdwCleaner
    • OTL.txt
    • Extras.txt
    Please feel free to use separate replies.

    askey127
     
  3. zan.w

    zan.w Thread Starter

    Joined:
    Dec 28, 2004
    Messages:
    54
    # AdwCleaner v3.018 - Report created 13/02/2014 at 15:24:22
    # Updated 28/01/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Wells - SUZANNE-PC
    # Running from : C:\Users\WellsJnS\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\SpeedMaxPc
    Folder Deleted : C:\Program Files (x86)\AVG Secure Search
    Folder Deleted : C:\Program Files (x86)\MyPC Backup
    Folder Deleted : C:\Program Files (x86)\sweetpacks bundle uninstaller
    Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
    File Deleted : C:\Windows\Tasks\SpeedMaxPc.job
    File Deleted : C:\Windows\System32\Tasks\SpeedMaxPc

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedmaxpc_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedmaxpc_RASMANCS
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader44840_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader44840_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_android-market-apk_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_android-market-apk_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_smplayer_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_smplayer_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_youtube_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_youtube_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\Software\SearchProtect
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

    ***** [ Browsers ] *****

    -\\ Internet Explorer v0.0.0.0

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

    -\\ Mozilla Firefox v26.0 (en-US)

    -\\ Google Chrome v

    *************************

    AdwCleaner[R0].txt - [9175 octets] - [13/02/2014 15:17:26]
    AdwCleaner[S0].txt - [8646 octets] - [13/02/2014 15:24:22]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8706 octets] ##########
     
  4. zan.w

    zan.w Thread Starter

    Joined:
    Dec 28, 2004
    Messages:
    54
    OTL logfile created on: 2/13/2014 3:33:15 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\WellsJnS\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 61.23% Memory free
    7.50 Gb Paging File | 5.89 Gb Available in Paging File | 78.53% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.48 Gb Total Space | 496.45 Gb Free Space | 85.38% Space Free | Partition Type: NTFS

    Computer Name: SUZANNE-PC | User Name: Wells | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/02/13 15:30:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\WellsJnS\Downloads\OTL.exe
    PRC - [2014/01/22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
    PRC - [2014/01/22 12:17:36 | 004,962,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
    PRC - [2013/12/25 14:22:15 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2013/10/25 12:07:24 | 002,151,200 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
    PRC - [2013/09/24 01:35:44 | 001,358,944 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
    PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
    PRC - [2013/05/27 16:52:12 | 000,093,472 | ---- | M] (Glarysoft Ltd) -- C:\Program Files (x86)\Glary Utilities\webupdate.exe
    PRC - [2013/05/11 02:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/06/06 14:31:56 | 003,076,096 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
    PRC - [2012/06/05 14:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
    PRC - [2010/11/26 23:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    PRC - [2010/11/26 23:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    PRC - [2010/08/20 12:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    PRC - [2010/07/21 07:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
    PRC - [2010/03/08 23:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
    PRC - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2009/05/05 15:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    PRC - [2008/08/12 13:15:28 | 000,257,880 | ---- | M] (Creative Home) -- C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2009 Deluxe\Planner\PLNRnote.exe
    PRC - [2007/08/09 12:07:38 | 000,227,824 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    PRC - [2007/08/09 12:07:18 | 000,018,416 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    PRC - [2007/07/27 09:10:00 | 001,133,040 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/12/25 14:22:15 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2010/07/21 07:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
    MOD - [2010/07/21 07:34:20 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
    MOD - [2010/07/21 07:34:00 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
    MOD - [2010/07/21 07:33:58 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
    MOD - [2010/07/21 07:33:52 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
    MOD - [2010/07/21 07:33:50 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
    MOD - [2010/07/21 07:33:46 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
    MOD - [2010/07/21 07:33:22 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
    MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
    MOD - [2007/07/23 15:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files (x86)\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
    MOD - [2007/07/03 17:07:42 | 000,044,016 | ---- | M] () -- C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\apm.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2014/02/12 22:35:43 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2011/09/27 11:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV:64bit: - [2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (getPlusHelper)
    SRV:64bit: - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV - [2014/02/04 17:39:06 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/01/22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2013/12/25 14:22:15 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/10/25 12:07:24 | 002,151,200 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
    SRV - [2013/09/24 01:35:44 | 001,358,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe -- (avgfws)
    SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
    SRV - [2013/05/11 02:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/06/05 14:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
    SRV - [2010/11/26 23:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
    SRV - [2010/11/20 13:02:51 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
    SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2010/08/20 12:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/08 23:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
    SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/04/29 08:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
    SRV - [2006/12/11 22:16:32 | 000,064,248 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
    SRV - [2006/12/11 22:16:28 | 000,301,816 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2014/02/12 22:35:48 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2014/02/12 22:35:47 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2014/02/12 22:35:47 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2013/11/25 21:47:22 | 000,196,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2013/11/25 21:47:20 | 000,243,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2013/11/25 21:47:20 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
    DRV:64bit: - [2013/11/10 21:31:46 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2013/10/31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2013/10/31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
    DRV:64bit: - [2013/10/01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2013/09/26 09:44:54 | 000,057,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
    DRV:64bit: - [2013/09/10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2013/08/01 15:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/10/31 10:03:15 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/10/31 10:03:15 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/10/30 15:51:55 | 000,262,656 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
    DRV:64bit: - [2012/10/30 15:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
    DRV:64bit: - [2012/10/30 15:51:53 | 000,132,864 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
    DRV:64bit: - [2012/09/21 01:26:08 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
    DRV:64bit: - [2012/03/22 10:41:12 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
    DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/09/01 22:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV:64bit: - [2011/09/01 22:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2011/09/01 22:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/03/04 12:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/07/24 20:23:40 | 001,224,704 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 16:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/04 23:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2009/05/20 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/04/29 08:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
    DRV:64bit: - [2009/02/13 11:21:20 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWBS2.sys -- (CAXHWBS2)
    DRV:64bit: - [2009/02/13 11:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
    DRV:64bit: - [2009/02/12 19:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
    DRV:64bit: - [2008/11/11 12:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
    DRV:64bit: - [2008/11/11 12:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64gps.sys -- (UsbGps)
    DRV:64bit: - [2008/11/11 12:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
    DRV:64bit: - [2008/11/11 12:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
    DRV:64bit: - [2008/10/09 10:17:06 | 000,005,120 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
    DRV:64bit: - [2007/07/23 15:05:22 | 000,009,968 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLADResE.SYS -- (DLADResE)
    DRV:64bit: - [2007/07/23 15:05:12 | 000,135,152 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAUDFAE.SYS -- (DLAUDFAE)
    DRV:64bit: - [2007/07/23 15:05:12 | 000,046,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLABMFSE.SYS -- (DLABMFSE)
    DRV:64bit: - [2007/07/23 15:05:10 | 000,144,112 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAUDF_E.SYS -- (DLAUDF_E)
    DRV:64bit: - [2007/07/23 15:05:08 | 000,035,056 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAOPIOE.SYS -- (DLAOPIOE)
    DRV:64bit: - [2007/07/23 15:05:06 | 000,042,352 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLABOIOE.SYS -- (DLABOIOE)
    DRV:64bit: - [2007/07/23 15:05:06 | 000,019,824 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAPoolE.SYS -- (DLAPoolE)
    DRV:64bit: - [2007/07/23 15:05:04 | 000,146,672 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAIFS_E.SYS -- (DLAIFS_E)
    DRV:64bit: - [2007/07/23 14:55:46 | 000,124,112 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DRVECDB.SYS -- (DRVECDB)
    DRV:64bit: - [2007/07/23 14:49:50 | 000,041,072 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\SysNative\drivers\DLARTL_E.SYS -- (DLARTL_E)
    DRV:64bit: - [2007/07/23 14:49:50 | 000,017,776 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DLACDBHE.SYS -- (DLACDBHE)
    DRV:64bit: - [2007/07/23 14:43:46 | 000,063,984 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DRVEDDM.SYS -- (DRVEDDM)
    DRV:64bit: - [2006/11/01 09:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV:64bit: - [2006/06/18 03:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
    DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{126C19CF-365F-435F-B36D-F4C2406B74DA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{ACABD4B7-3FFF-48A4-A271-F9AD3475E831}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-2922394718-1656526869-328638602-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    IE - HKU\S-1-5-21-2922394718-1656526869-328638602-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-21-2922394718-1656526869-328638602-1003\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-2922394718-1656526869-328638602-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://registration.excite.com/excitereg/login.jsp|https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/u/0/?shva%3D1&ss=1&scc=1&authuser=0&ltmpl=default&ltmplcache=2&emr=1#inbox"
    FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
    FF - prefs.js..extensions.enabledAddons: avg%40toolbar:17.3.1.91
    FF - prefs.js..extensions.enabledAddons: %7Bc0c588b6-b11d-4898-af00-079fed05aa32%7D:27.6


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\WellsJnS\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\WellsJnS\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/01 23:30:49 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/07/26 11:26:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WellsJnS\AppData\Roaming\mozilla\Extensions
    [2014/02/13 15:04:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WellsJnS\AppData\Roaming\mozilla\Firefox\Profiles\3ciq9x11.default\extensions
    [2013/12/02 11:32:34 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\WellsJnS\AppData\Roaming\mozilla\Firefox\Profiles\3ciq9x11.default\extensions\[email protected]
    [2012/12/20 10:52:42 | 000,679,123 | ---- | M] () (No name found) -- C:\Users\WellsJnS\AppData\Roaming\mozilla\firefox\profiles\3ciq9x11.default\extensions\[email protected]
    [2014/02/08 13:40:58 | 002,660,299 | ---- | M] () (No name found) -- C:\Users\WellsJnS\AppData\Roaming\mozilla\firefox\profiles\3ciq9x11.default\extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi
    [2013/01/23 12:44:39 | 000,002,763 | ---- | M] () -- C:\Users\WellsJnS\AppData\Roaming\mozilla\firefox\profiles\3ciq9x11.default\searchplugins\web-search.xml
    [2013/11/17 11:20:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/11/17 11:20:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2013/11/17 11:20:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2013/12/25 14:22:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage:
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\WellsJnS\AppData\Local\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\WellsJnS\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\WellsJnS\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: PCShow Player Plugin (Disabled) = C:\Users\WellsJnS\AppData\Local\DIRECTV Player\npPlayerPlugin.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
    CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
    CHR - Extension: Bejeweled = C:\Users\WellsJnS\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
    CHR - Extension: Angry Birds = C:\Users\WellsJnS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
    CHR - Extension: PriceBlink = C:\Users\WellsJnS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh\4.0.2_0\
    CHR - Extension: Brushed = C:\Users\WellsJnS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg\1.0_0\
    CHR - Extension: YouTube = C:\Users\WellsJnS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\WellsJnS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Ads Removal = C:\Users\WellsJnS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\
    CHR - Extension: AVG Secure Search = C:\Users\WellsJnS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.5.0.2_0\
    CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\WellsJnS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
    CHR - Extension: PAC-Match Party = C:\Users\WellsJnS\AppData\Local\Google\Chrome\User Data\Default\Extensions\njhglkgppclbkpakbalpciidkcpkjfhj\1.102_0\
    CHR - Extension: Google Wallet = C:\Users\WellsJnS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
    CHR - Extension: Gmail = C:\Users\WellsJnS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll File not found
    O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
    O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2922394718-1656526869-328638602-1003..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
    O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O4 - Startup: C:\Users\WellsJnS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8:64bit: - Extra context menu item: Add to Evernote 4 - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html ()
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
    O8 - Extra context menu item: Add to Evernote 4 - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html ()
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
    O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
    O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
    O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Reg Error: Key error.)
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Value error.)
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (Reg Error: Key error.)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Reg Error: Key error.)
    O16 - DPF: {DE3135A8-D948-49DC-ABBC-B2EFF418E5FD} http://www.iradiopop.com/IRD/pages/AIRJ01FPlayer.CAB (AIRJ01FPlayer.Player)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00B1BBC4-7E69-4AB6-95D6-1475F348FB9A}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFDD65DC-7EDA-446A-89F4-DE9D357E4B25}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
    O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - File not found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{80635258-27c1-11df-82a9-002564d33dee}\Shell - "" = AutoRun
    O33 - MountPoints2\{80635258-27c1-11df-82a9-002564d33dee}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/02/13 15:33:35 | 000,000,000 | ---D | C] -- C:\Users\WellsJnS\Desktop\Computer fix files
    [2014/02/13 15:17:03 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/02/13 15:01:54 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
    [2014/02/12 22:39:33 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2014/02/12 22:39:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2014/02/12 22:39:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2014/02/12 22:39:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2014/02/12 22:39:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2014/02/12 22:39:30 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2014/02/12 22:39:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2014/02/12 22:39:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2014/02/12 22:39:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2014/02/12 22:39:29 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2014/02/12 22:39:28 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2014/02/12 22:39:28 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2014/02/12 22:39:28 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2014/02/12 22:39:28 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2014/02/12 22:39:27 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2014/02/12 22:36:04 | 000,069,632 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_8.97.100.11.dll
    [2014/02/12 22:36:04 | 000,048,544 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
    [2014/02/12 22:36:03 | 004,782,960 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
    [2014/02/12 22:36:03 | 001,978,240 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdmv.dll
    [2014/02/12 22:36:03 | 000,061,464 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll
    [2014/02/12 22:36:02 | 006,288,832 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
    [2014/02/12 22:36:02 | 001,065,720 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6v.dll
    [2014/02/12 22:35:59 | 004,292,192 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
    [2014/02/12 22:35:58 | 007,528,440 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd64.dll
    [2014/02/12 22:35:58 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
    [2014/02/12 22:35:58 | 000,051,152 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
    [2014/02/12 22:35:58 | 000,038,768 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll
    [2014/02/12 22:35:53 | 019,584,512 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
    [2014/02/12 22:35:52 | 000,332,800 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIODE.exe
    [2014/02/12 22:35:50 | 000,051,200 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIODCLI.exe
    [2014/02/12 22:35:48 | 026,017,280 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
    [2014/02/12 22:35:48 | 000,062,976 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
    [2014/02/12 22:35:48 | 000,062,976 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
    [2014/02/12 22:35:48 | 000,062,464 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
    [2014/02/12 22:35:48 | 000,062,464 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
    [2014/02/12 22:35:48 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
    [2014/02/12 22:35:47 | 000,359,936 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
    [2014/02/12 22:35:43 | 011,922,944 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
    [2014/02/12 22:35:43 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
    [2014/02/12 22:35:43 | 000,041,984 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
    [2014/02/12 22:35:43 | 000,033,280 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
    [2014/02/12 22:35:43 | 000,017,920 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
    [2014/02/12 22:35:43 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
    [2014/02/12 22:35:43 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
    [2014/02/12 22:35:40 | 006,857,392 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
    [2014/02/12 22:35:40 | 001,094,024 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\aticfx64.dll
    [2014/02/12 22:35:40 | 000,929,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
    [2014/02/12 22:35:40 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
    [2014/02/12 22:35:40 | 000,051,200 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
    [2014/02/12 22:35:40 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
    [2014/02/12 22:35:33 | 015,827,456 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
    [2014/02/12 22:35:27 | 013,402,112 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
    [2014/02/12 22:35:27 | 000,364,544 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
    [2014/02/12 22:35:27 | 000,159,744 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
    [2014/02/12 22:35:27 | 000,044,544 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
    [2014/02/12 22:35:27 | 000,044,544 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
    [2014/02/12 22:35:26 | 000,053,248 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
    [2014/02/12 22:35:26 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
    [2014/02/12 22:35:26 | 000,000,000 | ---D | C] -- C:\DrvInstall
    [2014/02/12 22:32:31 | 000,034,080 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
    [2014/02/12 22:31:47 | 000,121,856 | ---- | C] (IObit) -- C:\Windows\SysNative\IObitSmartDefragExtension.dll
    [2014/02/12 22:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
    [2014/02/11 20:20:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
    [2014/02/11 20:20:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
    [2014/02/11 20:19:03 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
    [2014/02/11 20:19:03 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
    [2014/02/11 20:19:03 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
    [2014/02/11 20:19:03 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
    [2014/02/11 20:19:03 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
    [2014/02/11 20:19:03 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
    [2014/02/11 20:19:03 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
    [2014/02/11 20:19:03 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
    [2014/02/11 20:19:03 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
    [2014/02/11 20:19:03 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
    [2014/02/11 20:19:02 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
    [2014/02/11 20:19:02 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
    [2014/02/11 20:19:02 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
    [2014/02/11 20:19:02 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
    [2014/02/11 20:19:02 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
    [2014/02/11 20:19:02 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
    [2014/02/11 20:19:02 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
    [2014/02/07 08:59:15 | 000,000,000 | ---D | C] -- C:\Users\WellsJnS\AppData\Local\{C9671673-6D19-4B2B-81BA-225B121B883A}
    [2014/02/03 13:23:31 | 000,000,000 | ---D | C] -- C:\Users\WellsJnS\AppData\Local\{671470E6-4F3C-4DF8-98E5-BFFA4B72B5B7}
    [2014/01/21 10:49:40 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2014/01/21 10:49:32 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2014/01/21 10:49:32 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2014/01/21 10:49:32 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2014/01/21 10:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    [2014/01/19 10:47:06 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
    [2014/01/19 10:47:06 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
    [2014/01/19 10:47:05 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
    [2014/01/16 15:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\GlarySoft
    [2014/01/15 13:55:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
    [2014/01/15 13:55:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities

    ========== Files - Modified Within 30 Days ==========

    [2014/02/13 15:34:11 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/02/13 15:34:11 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/02/13 15:31:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
    [2014/02/13 15:31:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
    [2014/02/13 15:27:51 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 4.job
    [2014/02/13 15:26:51 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/02/13 15:26:43 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\Driver Booster Update.job
    [2014/02/13 15:26:39 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
    [2014/02/13 15:26:28 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
    [2014/02/13 15:26:28 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
    [2014/02/13 15:26:19 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\iMeshNAG.job
    [2014/02/13 15:26:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/02/13 15:26:08 | 3019,202,560 | -HS- | M] () -- C:\hiberfil.sys
    [2014/02/13 15:24:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2922394718-1656526869-328638602-1001UA.job
    [2014/02/13 15:24:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2922394718-1656526869-328638602-1001Core.job
    [2014/02/13 15:17:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/02/13 15:08:15 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2922394718-1656526869-328638602-1003UA.job
    [2014/02/13 14:39:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/02/13 12:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\PerfectOptimizer_home.job
    [2014/02/13 11:41:32 | 000,000,000 | -H-- | M] () -- C:\Users\WellsJnS\Documents\Default.rdp
    [2014/02/13 09:59:03 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
    [2014/02/13 09:58:53 | 000,003,736 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
    [2014/02/13 08:48:39 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
    [2014/02/12 22:36:04 | 000,204,952 | ---- | M] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2014/02/12 22:36:04 | 000,204,952 | ---- | M] () -- C:\Windows\SysNative\ativvsvl.dat
    [2014/02/12 22:36:04 | 000,157,144 | ---- | M] () -- C:\Windows\SysWow64\ativvsva.dat
    [2014/02/12 22:36:04 | 000,157,144 | ---- | M] () -- C:\Windows\SysNative\ativvsva.dat
    [2014/02/12 22:36:04 | 000,069,632 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst_8.97.100.11.dll
    [2014/02/12 22:36:04 | 000,061,464 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll
    [2014/02/12 22:36:04 | 000,048,544 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
    [2014/02/12 22:36:03 | 006,288,832 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
    [2014/02/12 22:36:03 | 004,782,960 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
    [2014/02/12 22:36:03 | 002,852,480 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
    [2014/02/12 22:36:03 | 001,978,240 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdmv.dll
    [2014/02/12 22:36:02 | 004,292,192 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
    [2014/02/12 22:36:02 | 001,065,720 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6v.dll
    [2014/02/12 22:35:59 | 007,528,440 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd64.dll
    [2014/02/12 22:35:59 | 002,818,784 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
    [2014/02/12 22:35:58 | 019,584,512 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
    [2014/02/12 22:35:58 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
    [2014/02/12 22:35:58 | 000,051,152 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
    [2014/02/12 22:35:58 | 000,038,768 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll
    [2014/02/12 22:35:58 | 000,003,917 | ---- | M] () -- C:\Windows\SysWow64\atipblag.dat
    [2014/02/12 22:35:58 | 000,003,917 | ---- | M] () -- C:\Windows\SysNative\atipblag.dat
    [2014/02/12 22:35:52 | 000,332,800 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIODE.exe
    [2014/02/12 22:35:52 | 000,051,200 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIODCLI.exe
    [2014/02/12 22:35:52 | 000,038,177 | ---- | M] () -- C:\Windows\atiogl.xml
    [2014/02/12 22:35:50 | 026,017,280 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
    [2014/02/12 22:35:48 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
    [2014/02/12 22:35:48 | 000,062,976 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
    [2014/02/12 22:35:48 | 000,062,976 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
    [2014/02/12 22:35:48 | 000,062,464 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
    [2014/02/12 22:35:48 | 000,062,464 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
    [2014/02/12 22:35:48 | 000,021,504 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
    [2014/02/12 22:35:47 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
    [2014/02/12 22:35:43 | 007,560,424 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atidxx64.dll
    [2014/02/12 22:35:43 | 000,618,823 | ---- | M] () -- C:\Windows\SysNative\atiicdxx.dat
    [2014/02/12 22:35:43 | 000,514,048 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
    [2014/02/12 22:35:43 | 000,238,080 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
    [2014/02/12 22:35:43 | 000,059,392 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
    [2014/02/12 22:35:43 | 000,041,984 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
    [2014/02/12 22:35:43 | 000,033,280 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
    [2014/02/12 22:35:43 | 000,017,920 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
    [2014/02/12 22:35:43 | 000,014,848 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
    [2014/02/12 22:35:43 | 000,014,848 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
    [2014/02/12 22:35:40 | 006,857,392 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
    [2014/02/12 22:35:40 | 001,094,024 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\aticfx64.dll
    [2014/02/12 22:35:40 | 000,929,736 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
    [2014/02/12 22:35:40 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
    [2014/02/12 22:35:40 | 000,051,200 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
    [2014/02/12 22:35:40 | 000,046,080 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
    [2014/02/12 22:35:39 | 015,827,456 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
    [2014/02/12 22:35:33 | 013,402,112 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
    [2014/02/12 22:35:27 | 000,535,552 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
    [2014/02/12 22:35:27 | 000,364,544 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
    [2014/02/12 22:35:27 | 000,246,000 | ---- | M] () -- C:\Windows\SysWow64\atiapfxx.blb
    [2014/02/12 22:35:27 | 000,246,000 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
    [2014/02/12 22:35:27 | 000,159,744 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
    [2014/02/12 22:35:27 | 000,044,544 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
    [2014/02/12 22:35:27 | 000,044,544 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
    [2014/02/12 22:35:26 | 000,053,248 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
    [2014/02/12 22:35:26 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
    [2014/02/12 22:31:41 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Driver Booster.lnk
    [2014/02/12 19:23:00 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\COMODO System Cleaner Update.job
    [2014/02/12 10:08:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2922394718-1656526869-328638602-1003Core.job
    [2014/02/05 02:00:21 | 002,334,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2014/02/05 01:52:51 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2014/02/05 01:52:37 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2014/02/05 01:51:59 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2014/02/05 01:51:52 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2014/02/05 01:51:43 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2014/02/05 01:51:34 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2014/02/05 01:50:50 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2014/02/05 01:50:05 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2014/02/05 00:49:56 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2014/02/05 00:49:14 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2014/02/05 00:48:40 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2014/02/05 00:48:08 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2014/02/05 00:47:22 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2014/02/05 00:46:50 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2014/02/04 17:39:06 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2014/02/04 17:39:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2014/01/20 11:03:00 | 000,726,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2014/01/15 13:58:49 | 000,001,066 | ---- | M] () -- C:\Users\WellsJnS\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 4.lnk
    [2014/01/15 13:58:49 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\Glary Utilities 4.lnk

    ========== Files Created - No Company Name ==========

    [2014/02/13 11:41:32 | 000,000,000 | -H-- | C] () -- C:\Users\WellsJnS\Documents\Default.rdp
    [2014/02/13 08:48:39 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
    [2014/02/12 22:36:04 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2014/02/12 22:36:04 | 000,204,952 | ---- | C] () -- C:\Windows\SysNative\ativvsvl.dat
    [2014/02/12 22:36:04 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2014/02/12 22:36:04 | 000,157,144 | ---- | C] () -- C:\Windows\SysNative\ativvsva.dat
    [2014/02/12 22:36:03 | 002,852,480 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
    [2014/02/12 22:35:59 | 002,818,784 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
    [2014/02/12 22:35:58 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2014/02/12 22:35:58 | 000,003,917 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
    [2014/02/12 22:35:52 | 000,038,177 | ---- | C] () -- C:\Windows\atiogl.xml
    [2014/02/12 22:35:43 | 000,618,823 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
    [2014/02/12 22:35:27 | 000,246,000 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
    [2014/02/12 22:35:27 | 000,246,000 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
    [2014/02/12 22:31:44 | 000,000,286 | ---- | C] () -- C:\Windows\tasks\Driver Booster Update.job
    [2014/02/12 22:31:41 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Driver Booster.lnk
    [2014/01/15 13:55:31 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
    [2013/07/17 15:25:49 | 000,001,872 | ---- | C] () -- C:\Users\WellsJnS\AppData\Local\rx_image.Cache
    [2013/06/09 12:25:28 | 000,000,245 | ---- | C] () -- C:\Windows\Brpfx04a.ini
    [2013/06/09 12:25:28 | 000,000,064 | ---- | C] () -- C:\Windows\brpcfx.ini
    [2013/06/09 12:23:01 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
    [2013/06/09 12:16:13 | 000,000,000 | ---- | C] () -- C:\Windows\BRPARAM.INI
    [2013/05/21 09:37:15 | 000,003,736 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
    [2012/12/30 11:54:31 | 000,000,321 | ---- | C] () -- C:\Windows\SysWow64\cosmo.ini
    [2012/12/30 11:54:15 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\sx83p32.dll
    [2012/12/30 11:52:30 | 000,022,480 | ---- | C] () -- C:\Windows\SysWow64\PFMAPI16.DLL
    [2012/12/30 11:52:30 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\PFMAPI32.DLL
    [2012/11/25 15:27:31 | 000,000,584 | ---- | C] () -- C:\Users\WellsJnS\AppData\Roaming\wklnhst.dat
    [2011/03/11 11:47:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

    ========== ZeroAccess Check ==========

    [2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/09/10 22:12:42 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/09/10 22:12:42 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/12/09 09:34:41 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
    [2012/12/09 09:34:41 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
    [2013/09/19 11:52:20 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\AVG2014
    [2012/07/27 14:56:39 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\Broderbund
    [2013/12/25 11:39:56 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\calibre
    [2013/06/15 22:07:02 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\ControlCenter4
    [2013/12/30 16:03:21 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\GlarySoft
    [2014/02/12 22:31:42 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\IObit
    [2012/07/28 07:58:28 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\Leadertech
    [2014/02/08 13:37:54 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\MP3Rocket
    [2013/07/12 15:09:48 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\Nuance
    [2014/01/08 23:05:17 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\OpenOffice
    [2012/12/11 16:30:48 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\OpenOffice.org
    [2013/09/20 10:43:42 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\Samsung
    [2013/03/18 10:42:57 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\Serif
    [2012/11/25 15:28:22 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\Template
    [2012/11/21 13:04:33 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\TuneUp Software
    [2014/02/13 14:56:04 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\uTorrent

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\U.S. Bank Internet Bankingmom_files:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\T-MST4AUSC:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\Tax 2012:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\Suzannes Movies:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\Sony PMB:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\senior discounts.rtf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\Open Office:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\Nook Color SD android boot:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\no bake pumpkin cookies.rtf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\My Scans:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\My Recipes:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\My Projects:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\My PaperPort Documents:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\montana tires:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\Medical tax deductions.rtf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\Jumbos Martha Bolen.rtf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\hsn.rtf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\HSF_v7.74_Release_Notes.pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\Hisense:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\Hallmark Card Studio 2009.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\hairstyles bob:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\Hair2013.rtf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\hair 2.rtf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\Google Nexus order_files:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\DModem Release Notes.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\DECT1 cordless phone.pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\Corel User Files:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\Calendar.rtf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\Cake.rtf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Desktop\Computer fix files:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Desktop\AdwCleaner[S0].txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Corel:Roxio EMC Stream

    < End of report >
     
  5. zan.w

    zan.w Thread Starter

    Joined:
    Dec 28, 2004
    Messages:
    54
    OTL Extras logfile created on: 2/13/2014 3:33:15 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\WellsJnS\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 61.23% Memory free
    7.50 Gb Paging File | 5.89 Gb Available in Paging File | 78.53% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.48 Gb Total Space | 496.45 Gb Free Space | 85.38% Space Free | Partition Type: NTFS

    Computer Name: SUZANNE-PC | User Name: Wells | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .hlp[@ = hlpfile] -- Reg Error: Value error. File not found
    .html[@ = htmlfile] -- Reg Error: Key error. File not found
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    .js[@ = jsfile] -- Reg Error: Value error. File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- Reg Error: Value error. File not found
    .html [@ = htmlfile] -- Reg Error: Key error. File not found
    .js [@ = jsfile] -- Reg Error: Value error. File not found

    [HKEY_USERS\S-1-5-21-2922394718-1656526869-328638602-1003\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- Reg Error: Value error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- Reg Error: Key error.
    htmlfile [opennew] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
    https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [open] -- Reg Error: Value error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- Reg Error: Key error.
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- Reg Error: Value error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- Reg Error: Key error.
    htmlfile [opennew] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
    https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    jsfile [open] -- Reg Error: Value error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- Reg Error: Key error.
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{04A1D139-36C8-448E-A2AB-721764A7E6EE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{0FA6C06D-C82F-4954-A873-80658677B35C}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{0FFF2040-94C7-4994-878B-539BBC0D7A48}" = lport=139 | protocol=6 | dir=in | app=system |
    "{145A9FCF-9523-42A7-B06E-43882B1A4ABF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{148C1834-D26B-4B61-A2F0-377E661E7829}" = rport=138 | protocol=17 | dir=out | app=system |
    "{18BFD982-2DBE-47C2-854D-7037C1591304}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{1BECEDC5-0519-488E-A269-DF19D9DE3C04}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{46988A24-4D4C-4600-B8F9-9F6527EBCE57}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{47BD72BD-722A-4A20-A45E-C60ACB75DD7C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4E84B2A5-A9CE-476F-B601-14CB4E59E2FD}" = rport=445 | protocol=6 | dir=out | app=system |
    "{588E4F8D-3B69-4FBC-9DDF-74688CCE1316}" = rport=139 | protocol=6 | dir=out | app=system |
    "{59FD570B-D9B1-4DB9-ABFB-CDC9CB248BC3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{5E3FD532-95BF-4AFE-B12D-BB1A77AD9734}" = rport=137 | protocol=17 | dir=out | app=system |
    "{6CD7C69D-5C9C-4D0D-8A27-B9F3B3E361A1}" = lport=138 | protocol=17 | dir=in | app=system |
    "{7AD09618-E8E3-4B4D-8A54-52E6E026A18D}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{86495970-6249-486F-A01F-677A56EE446E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{8A5225D7-3419-49BA-8A3A-DF5CF6192244}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{8D75507A-275D-4B9F-BB88-FEE56D7E3B08}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{927D42DC-FB48-4574-9441-CC23CB1A4102}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{A56CDAE6-FA07-4EB7-9AA4-3BBC9021CD9C}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{A5DC6829-DE3F-474F-8095-BD097878188B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{BD0522FE-2C0B-4CCB-AB48-F8B849B54887}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C3456ED8-8FC1-4997-BF32-9D712E8153FF}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
    "{D0C40B05-95B4-40A5-8C83-3F697CA70D98}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
    "{D2969975-C497-4A18-A678-B15C26C586D1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D467B0FB-FF8E-43F5-AA6C-64200E6E5019}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{D7A87182-6A5B-4189-A791-EEC837B92BAC}" = lport=445 | protocol=6 | dir=in | app=system |
    "{ECDCA1E2-802B-4864-9AC4-927F56729C4F}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{F49B4197-D4A4-4E10-A1EE-172D1CF18D39}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0C021166-8B16-4FDC-A6EC-399F69CF7517}" = protocol=17 | dir=in | app=c:\users\suzanne\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{0E93C523-F12B-4715-A636-1FA9E2F352AB}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{12083F86-5EB0-4C3E-BBDA-A2EC052E5D8A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{144DE116-6994-43F0-98B5-7AD23A8D9F3F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{1EA989B2-1A53-45F3-AB07-7DA5C67A550A}" = protocol=6 | dir=in | app=c:\users\wellsjns\appdata\roaming\utorrent\utorrent.exe |
    "{1F5360A7-3DBF-4396-BB50-70E15E170BC2}" = protocol=1 | dir=out | [email protected],-28544 |
    "{20A8B14B-7FEE-425A-918F-FF9C82372A3F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
    "{21093AEE-AF31-408F-93B7-55CAFA6B1B7F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{2ABE383A-1AB1-4846-A42D-F29E4D354193}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
    "{30C8B581-FD0C-4155-8130-ED00983A90BE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
    "{32153F6D-56C4-45CA-8924-ACFACC7A4531}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe |
    "{351C13E0-6F9B-48D5-9C7E-B83A7DA15BD0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{3A485803-0110-4B57-9E36-C4EB18E1F498}" = protocol=17 | dir=in | app=c:\program files (x86)\mp3 rocket\mp3rocket.exe |
    "{3DECF984-A263-4369-813C-2976A6C3D629}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
    "{3F8A7C28-8FC6-463F-8901-871F97728C34}" = protocol=6 | dir=in | app=c:\users\suzanne\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{420F3ABB-BBE0-402C-A4FF-2F877C9422B6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{46E13B35-B408-480C-93F8-6019E2964FE1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
    "{4737BCE0-9613-46DB-ABE1-5A71C082F0B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{4C5D788F-AC59-4635-A8EB-201561F8A7A6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{560FC960-86F9-4975-A6DC-A785C6FA7156}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe |
    "{5C219F1B-E725-4E9E-AD70-FE66162433AF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{5E6F2DE8-5B54-4D87-AE06-3A5F6A1C72A4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
    "{6003E996-72A5-477F-BE58-E632D6BB7229}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
    "{68D6F329-CBCE-4FAE-BBA4-C426BA2437BD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\{9fef1a18-8f26-4f49-a5a4-956c12210624}\setup\hpznui40.exe |
    "{6B86BA26-E561-4D1C-9AAE-4FB5C6295D0E}" = protocol=6 | dir=out | app=system |
    "{787DF43F-EF14-441B-9E37-B17D9C800629}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
    "{7BAF70B3-6AA4-4243-B2F6-8D236A657A7C}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{7EDA93D8-47C6-41DA-B9E3-AF32E5B9F049}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{7EE54D6F-0F60-4C31-B6A5-5D83F6F4F876}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{82B7292B-8E6C-4841-B89F-0C48DDE382BB}" = protocol=17 | dir=in | app=c:\users\wellsjns\appdata\roaming\utorrent\utorrent.exe |
    "{859A83D6-E5CD-49FE-A6A7-CE4F45CC3DB0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{890377CA-A045-416C-8FC8-C2DF02E3FD07}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
    "{8E04E353-E8B2-41DF-86EE-1354AEF03A8A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
    "{927E98E0-80EC-46E0-8B55-34185B51DB7A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
    "{958CD1CC-D027-4116-87AA-56C6349255A8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
    "{972FA596-735F-43AB-B347-07BAABFC79D0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{A1D6AD9B-332B-4BE6-BCFB-593957ACC809}" = protocol=58 | dir=out | [email protected],-28546 |
    "{A2760FAB-4055-4455-A80F-E5F8821B8F99}" = protocol=17 | dir=in | app=c:\program files\avast software\avast\avastui.exe |
    "{A60A4E9B-ECED-4545-9A53-89D13BF6BD94}" = protocol=58 | dir=in | [email protected],-28545 |
    "{ABADB142-0C18-4311-A69B-1E2E05EBFE47}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe |
    "{AEFB6D1A-CFF3-4167-8F3E-22F6C20A92B7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{B57C2B4E-3ABC-48FA-B54D-9BDFDE3C59DC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{C4569994-6137-41E3-BE81-981E54FA5E49}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{C5D1658F-8E85-4CB6-B08C-C5F411871BBE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{C7251114-BEB9-4F54-8CB5-47E16894A550}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{CB1C6970-6D3C-43D5-BA26-49939E6C2C0E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{D080489F-3934-4C77-BC00-49FC215FE479}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
    "{DE5F65C0-20CF-46BC-817E-BE4B87A3FF52}" = protocol=6 | dir=in | app=c:\program files\avast software\avast\avastui.exe |
    "{DF894D51-1F40-4727-A4A7-CE9C8AF06276}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
    "{E04634B5-0280-465F-9001-EC68FCAAF12F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{E0F749F3-A853-473B-BA95-721778876572}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{E607A990-83C2-4603-8775-EDB6FA79D36C}" = protocol=6 | dir=in | app=c:\program files (x86)\mp3 rocket\mp3rocket.exe |
    "{E6EED0A5-071A-4E69-A023-AFBFC32C867B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
    "{E9CB5E80-25AB-4F97-950C-F70EE76D1D7F}" = protocol=1 | dir=in | [email protected],-28543 |
    "{EF31AE5F-3DE7-425F-B1AF-449058DB44C9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
    "{F145BF66-D685-458A-8E55-B82C6919D1E2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
    "{F5179492-FF98-41DA-8A65-C62665C5D06B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
    "{F6096139-8908-4CA4-8426-2E8848CF6F8B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{F6CB5851-A952-41B0-9E94-F815A26187D7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
    "{FA0311A6-6CCA-481E-85EF-C268B6D8F6F0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
    "{FBB5B44C-1CCB-4415-A494-A95A69FF012B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
    "TCP Query User{27C926B6-24F1-4609-8F04-B08450DE3456}C:\program files (x86)\calibre2\calibre.exe" = protocol=6 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe |
    "TCP Query User{2E5C4605-F96A-4802-ADCC-DC3C07F123D6}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
    "TCP Query User{39810401-EEBD-4FEF-BB2A-F7DFC862B83B}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
    "TCP Query User{53A9236F-6E6A-419F-855B-FF8D1E398BD1}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
    "TCP Query User{630AA330-13A1-450F-A713-C424AF5BFF58}C:\program files (x86)\roxio\label creator 9\rxlabelcreator9.exe" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\label creator 9\rxlabelcreator9.exe |
    "TCP Query User{6A0223DF-F517-4D65-864C-03C8E7BAB3F0}C:\program files (x86)\java\jre1.6.0_01\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.6.0_01\bin\javaw.exe |
    "TCP Query User{823A1106-5395-409A-BF52-B3DFA95D1251}D:\bin\ia\core\mdm_util.exe" = protocol=6 | dir=in | app=d:\bin\ia\core\mdm_util.exe |
    "TCP Query User{CB08EAD9-DBBA-486B-B72C-E1B7067915BD}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
    "TCP Query User{FAB430AF-B360-440C-BEA6-C1D713352135}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "TCP Query User{FFBB3582-9289-45FF-B604-7EA455858A3C}I:\aluratek.exe" = protocol=6 | dir=in | app=i:\aluratek.exe |
    "UDP Query User{2A019E4E-4E53-49B5-9F0C-1128A362176E}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
    "UDP Query User{518E40C0-8967-4908-B73C-1402DB058CCD}I:\aluratek.exe" = protocol=17 | dir=in | app=i:\aluratek.exe |
    "UDP Query User{6A148572-18A4-49FE-BF90-FDBD14D1ACAE}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "UDP Query User{8114EA81-6192-4283-A793-2956A84409CD}C:\program files (x86)\calibre2\calibre.exe" = protocol=17 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe |
    "UDP Query User{97FC10FF-545D-4B66-95D3-C6CBE93B3317}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
    "UDP Query User{98943424-057A-49B1-A4A5-FBB4EB8CDC18}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
    "UDP Query User{A9DF4AE7-10A4-407A-A47F-8A5BFE80DA02}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
    "UDP Query User{B9BE560E-2D73-4FF6-979A-CF821939383B}C:\program files (x86)\roxio\label creator 9\rxlabelcreator9.exe" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\label creator 9\rxlabelcreator9.exe |
    "UDP Query User{D915ED96-4CA8-4549-AC75-3A287509158C}D:\bin\ia\core\mdm_util.exe" = protocol=17 | dir=in | app=d:\bin\ia\core\mdm_util.exe |
    "UDP Query User{E479E57F-B92A-4A25-BDFE-F2735AF8DAA0}C:\program files (x86)\java\jre1.6.0_01\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.6.0_01\bin\javaw.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit
    "{7C4C5901-A58F-4018-A93B-01C93EF8D3F3}" = AVG 2014
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9FEF1A18-8F26-4F49-A5A4-956C12210624}" = HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6
    "{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{AAE78E39-FAAF-4C19-A63E-BDED7428FDE1}" = Roxio Drag-to-Disc
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Microsoft Mouse and Keyboard Center
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F6E2FA73-B2A7-8223-98EC-685E2E8F6CE0}" = ccc-utility64
    "{F95BF201-C9AE-4215-883A-EC12A0D88C58}" = AVG 2014
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "AVG" = AVG 2014
    "CCleaner" = CCleaner
    "CNXT_MODEM_PCI_HSF" = Conexant D850 PCI V.92 Modem
    "Dell Support Center" = Dell Support Center
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Print Projects" = HP Print Projects 1.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "Logitech Unifying" = Logitech Unifying Software 2.10
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
    "sp6" = Logitech SetPoint 6.32

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
    "{0A042C19-1F48-4952-B3B6-828E8028A187}" = B209a-m
    "{0A169B94-4AF2-AD4B-1265-E1074A347418}" = Catalyst Control Center Core Implementation
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0DEDD4FD-2846-40E0-94E9-2CAB56F108DD}" = MMI
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
    "{0F15BB9F-7E5E-A355-FA8E-C2164726E577}" = CCC Help Portuguese
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
    "{23B591D7-1C20-44FB-97C2-6953AE67DE18}" = Mavis Beacon Teaches Typing Deluxe 20
    "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
    "{277832E3-0A34-C91C-D344-2FED4C847397}" = CCC Help German
    "{279355E6-EE94-A7A5-F6B5-2903748443AE}" = Catalyst Control Center Graphics Full New
    "{290AC453-D1F4-F73B-F01C-0018BC10B62B}" = ccc-core-static
    "{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{39A3C9DD-457C-5BF1-4B2D-A76927264B26}" = CCC Help Dutch
    "{3C678CC5-CCA1-4FA3-BFDF-5623AACA28A3}" = Serif AlbumPlus SE PRO
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{41DC9B1E-BB88-43F0-B886-99CF70AE6626}" = Greeting Card Factory Deluxe
    "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}" = OpenOffice 4.0.1
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
    "{55D6B4DA-50E9-47AF-99C1-9A8E3A234763}" = Greeting Card Factory Deluxe 7.0
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{59716973-C123-4B46-B44B-36FCD9CEB8A3}" = Print Artist 22 Platinum
    "{5AC4AE26-732F-40DE-CC6C-A4BFC2142BF8}" = CCC Help English
    "{5D95AD35-368F-47D5-B63A-A082DDF00119}" = Microsoft Digital Image Suite 2006 Editor
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{665B3CA4-DAB1-D27E-6727-0BEF6593E882}" = CCC Help Greek
    "{674AD787-B463-ED3E-CCA8-4F49A9C1785D}" = Catalyst Control Center Localization All
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{683100FE-EDF8-403B-A234-B3EBEAF7BC82}" = Roxio Creator 9.1 XE
    "{691F4068-81BF-49E3-B32E-FE3E16400119}" = Microsoft Digital Image Suite 2006 Library
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
    "{7009600B-85C8-5D83-1101-6446540F1897}" = Catalyst Control Center Graphics Previews Common
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7305AE01-CD11-18B5-DC5F-B1A2960935C3}" = CCC Help Polish
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7D69BF2B-6C60-4D0A-8A6C-BCFD025D5D84}" = calibre
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83BBF5E6-004F-1DBA-EC29-1033B675831B}" = CCC Help Thai
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{8508FB72-89A3-41FD-DE33-9EEBFB298947}" = CCC Help Italian
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
    "{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
    "{97835E04-BA21-6878-768F-1B84EA2ADAC1}" = CCC Help Norwegian
    "{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9D8BAA74-5B7D-11E2-8273-984BE15F174E}" = Evernote v. 4.6.1
    "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
    "{A192CA8A-5259-ECD5-1564-AB715B722432}" = CCC Help Japanese
    "{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}" = Brother MFL-Pro Suite MFC-J435W
    "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
    "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
    "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
    "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
    "{B31327DF-2B59-F072-8B44-79CDE915D75E}" = CCC Help Danish
    "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
    "{B41423C9-C260-F8C8-39DD-541400ECF367}" = CCC Help French
    "{B65759DD-26C6-4EA6-9014-CA798907EBFD}" = PS_AIO_06_B209a-m_SW_Min
    "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
    "{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}" = Hallmark Card Studio 2009 Deluxe
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C6CBE669-DDCA-DB7F-236D-18B20BEFF1B5}" = CCC Help Chinese Traditional
    "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
    "{CA7D81F8-5661-3D97-F6B0-5E0993511A5D}" = CCC Help Finnish
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D069C7EF-001B-5378-9F71-F005DE42E255}" = Catalyst Control Center Graphics Light
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D2A7D7D8-1E27-8464-6666-44B6FB83B3FC}" = CCC Help Czech
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D86DE1ED-9BF1-6101-6D08-2D762B28D8C8}" = CCC Help Korean
    "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{E07B7A31-E160-466D-A003-3BB7B8989D52}" = Full Tilt Poker.Net
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
    "{E1A8F958-D748-63DD-F2D2-82BE71B0F905}" = CCC Help Hungarian
    "{E40A74A2-D821-2442-CCA3-75C54964D525}" = Catalyst Control Center Graphics Full Existing
    "{E43ACD6B-0E7E-4F4C-0BA8-999FCB5FC5B9}" = CCC Help Chinese Standard
    "{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E8972F40-874D-4FA6-A6F4-52A8C99D8DDA}" = Serif PhotoPlus X3
    "{E9684BDD-32A6-550C-6456-0A4209EB4F3A}" = CCC Help Russian
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F05F2DB5-4300-C318-4560-08CD9E35F512}" = CCC Help Spanish
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F1D038D6-6229-AA2E-A8D1-43EED2CBF0BD}" = CCC Help Swedish
    "{F322850C-6CCB-FC54-D36D-0F4E1CC90CBF}" = Skins
    "{F527F14E-B80A-5BE7-DC85-8BF2D172067F}" = CCC Help Turkish
    "{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF4F3E30-6638-6A16-2A68-139F6C613233}" = Catalyst Control Center Graphics Previews Vista
    "{FFB07785-9FC3-334F-A54F-AC8D5B471EAE}" = Catalyst Control Center InstallProxy
    "Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
    "Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8
    "Dell Dock" = Dell Dock
    "Driver Booster_is1" = Driver Booster
    "GadgetPack" = GadgetPack (remove only)
    "Glary Utilities 4" = Glary Utilities PRO 4.4
    "Glary Utilities_is1" = Glary Utilities 2.56.0.1822
    "GoToAssist" = GoToAssist Corporate
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
    "IObit Surfing Protection_is1" = Surfing Protection
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MP3 Rocket" = MP3 Rocket
    "Picasa 3" = Picasa 3
    "PictureItSuite_v11" = Microsoft Digital Image Suite 2006
    "PokerStars" = PokerStars
    "PokerStars.net" = PokerStars.net
    "RSX2Uninst" = Intel RSX 3D
    "Shockwave" = Shockwave
    "SMPlayer" = SMPlayer 0.6.9
    "Video Converter Bundle" = Video Converter Bundle
    "WebPost" = Microsoft Web Publishing Wizard 1.52
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2922394718-1656526869-328638602-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 2/13/2014 12:56:28 PM | Computer Name = Suzanne-PC | Source = .NET Runtime Optimization Service | ID = 1101
    Description =

    Error - 2/13/2014 12:56:33 PM | Computer Name = Suzanne-PC | Source = .NET Runtime Optimization Service | ID = 1101
    Description =

    Error - 2/13/2014 1:02:39 PM | Computer Name = Suzanne-PC | Source = .NET Runtime Optimization Service | ID = 1101
    Description =

    Error - 2/13/2014 1:03:24 PM | Computer Name = Suzanne-PC | Source = .NET Runtime Optimization Service | ID = 1101
    Description =

    Error - 2/13/2014 1:04:25 PM | Computer Name = Suzanne-PC | Source = .NET Runtime Optimization Service | ID = 1101
    Description =

    Error - 2/13/2014 1:04:43 PM | Computer Name = Suzanne-PC | Source = .NET Runtime Optimization Service | ID = 1101
    Description =

    Error - 2/13/2014 1:06:17 PM | Computer Name = Suzanne-PC | Source = .NET Runtime Optimization Service | ID = 1101
    Description =

    Error - 2/13/2014 1:07:48 PM | Computer Name = Suzanne-PC | Source = .NET Runtime Optimization Service | ID = 1101
    Description =

    Error - 2/13/2014 1:08:02 PM | Computer Name = Suzanne-PC | Source = .NET Runtime Optimization Service | ID = 1101
    Description =

    Error - 2/13/2014 1:32:35 PM | Computer Name = Suzanne-PC | Source = SideBySide | ID = 16842816
    Description = Activation context generation failed for "C:\Program Files (x86)\Roxio\VideoUI
    9\tracelog.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Roxio\VideoUI
    9\tracelog.exe.Manifest" on line 10. The attribute uiaccess is not permitted in
    this context on element requestedExecutionLevel.

    Error - 2/13/2014 4:15:14 PM | Computer Name = Suzanne-PC | Source = IMFservice | ID = 0
    Description =

    [ Dell Events ]
    Error - 9/11/2012 4:47:51 PM | Computer Name = Suzanne-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/14/2012 4:57:35 PM | Computer Name = Suzanne-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/14/2012 4:57:36 PM | Computer Name = Suzanne-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/14/2012 6:07:27 PM | Computer Name = Suzanne-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/14/2012 6:07:27 PM | Computer Name = Suzanne-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/14/2012 6:36:28 PM | Computer Name = Suzanne-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/14/2012 6:36:28 PM | Computer Name = Suzanne-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/14/2012 6:59:29 PM | Computer Name = Suzanne-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/14/2012 6:59:29 PM | Computer Name = Suzanne-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/17/2012 7:00:08 PM | Computer Name = Suzanne-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    [ Media Center Events ]
    Error - 5/20/2012 7:48:53 PM | Computer Name = Suzanne-PC | Source = MCUpdate | ID = 0
    Description = 4:48:53 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/20/2012 8:49:09 PM | Computer Name = Suzanne-PC | Source = MCUpdate | ID = 0
    Description = 5:49:09 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/20/2012 9:49:41 PM | Computer Name = Suzanne-PC | Source = MCUpdate | ID = 0
    Description = 6:49:36 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/20/2012 10:49:53 PM | Computer Name = Suzanne-PC | Source = MCUpdate | ID = 0
    Description = 7:49:49 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/21/2012 1:35:18 PM | Computer Name = Suzanne-PC | Source = MCUpdate | ID = 0
    Description = 10:35:18 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/21/2012 4:09:53 PM | Computer Name = Suzanne-PC | Source = MCUpdate | ID = 0
    Description = 1:09:52 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/22/2012 11:43:12 AM | Computer Name = Suzanne-PC | Source = MCUpdate | ID = 0
    Description = 8:43:12 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/22/2012 4:40:11 PM | Computer Name = Suzanne-PC | Source = MCUpdate | ID = 0
    Description = 1:40:06 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/23/2012 12:56:04 PM | Computer Name = Suzanne-PC | Source = MCUpdate | ID = 0
    Description = 9:56:04 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/23/2012 4:37:31 PM | Computer Name = Suzanne-PC | Source = MCUpdate | ID = 0
    Description = 1:37:28 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    [ System Events ]
    Error - 2/13/2014 7:26:52 PM | Computer Name = Suzanne-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    aswFW

    Error - 2/13/2014 7:27:55 PM | Computer Name = Suzanne-PC | Source = PNRPSvc | ID = 102
    Description =

    Error - 2/13/2014 7:27:55 PM | Computer Name = Suzanne-PC | Source = Service Control Manager | ID = 7023
    Description = The Peer Name Resolution Protocol service terminated with the following
    error: %%-2140993535

    Error - 2/13/2014 7:27:55 PM | Computer Name = Suzanne-PC | Source = Service Control Manager | ID = 7001
    Description = The Peer Networking Grouping service depends on the Peer Name Resolution
    Protocol service which failed to start because of the following error: %%-2140993535

    Error - 2/13/2014 7:28:04 PM | Computer Name = Suzanne-PC | Source = PNRPSvc | ID = 102
    Description =

    Error - 2/13/2014 7:28:04 PM | Computer Name = Suzanne-PC | Source = PNRPSvc | ID = 102
    Description =

    Error - 2/13/2014 7:28:04 PM | Computer Name = Suzanne-PC | Source = Service Control Manager | ID = 7023
    Description = The Peer Name Resolution Protocol service terminated with the following
    error: %%-2140993535

    Error - 2/13/2014 7:28:04 PM | Computer Name = Suzanne-PC | Source = Service Control Manager | ID = 7001
    Description = The Peer Networking Grouping service depends on the Peer Name Resolution
    Protocol service which failed to start because of the following error: %%-2140993535

    Error - 2/13/2014 7:28:04 PM | Computer Name = Suzanne-PC | Source = Service Control Manager | ID = 7023
    Description = The Peer Name Resolution Protocol service terminated with the following
    error: %%-2140993535

    Error - 2/13/2014 7:28:04 PM | Computer Name = Suzanne-PC | Source = Service Control Manager | ID = 7001
    Description = The Peer Networking Grouping service depends on the Peer Name Resolution
    Protocol service which failed to start because of the following error: %%-2140993535


    < End of report >
     
  6. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    zan.w,
    While we are cleaning, please don't install, uninstall or scan with anything unless I ask, until we are through.
    Thanks.
    ----------------------------------------------
    Perform a Custom Fix with OTL
    Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
    • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code:
      :Commands
      [CREATERESTOREPOINT]
      
      :OTL
      SRV - [2010/03/08 23:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
      DRV:64bit: - [2012/10/30 15:51:55 | 000,262,656 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
      DRV:64bit: - [2012/10/30 15:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
      DRV:64bit: - [2012/10/30 15:51:53 | 000,132,864 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
      DRV:64bit: - [2012/09/21 01:26:08 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
      DRV:64bit: - [2012/03/22 10:41:12 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
      FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
      [2013/12/02 11:32:34 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\WellsJnS\AppData\Roaming\mozilla\Firefox\Profiles\3ciq9x11.default \extensions\[email protected]
      CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
      CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
      CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\WellsJnS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
      O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
      O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
      O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - File not found
      [2014/02/12 22:32:31 | 000,034,080 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
      [2014/02/12 22:31:47 | 000,121,856 | ---- | C] (IObit) -- C:\Windows\SysNative\IObitSmartDefragExtension.dll
      [2014/02/12 22:31:42 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\IObit
      [2014/02/13 14:56:04 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\uTorrent
      [2013/07/12 15:09:48 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\Nuance
      
      :Files
      C:\Windows\SysNative\drivers\aswNdis2.sys
      C:\Windows\SysNative\drivers\aswKbd.sys
      C:\Windows\SysNative\drivers\aswFW.sys
      C:\Windows\SysNative\drivers\aswNdis.sys
      C:\Program Files (x86)\Nuance
      C:\Program Files (x86)\IObit
      ipconfig /flushdns /c
      
      :Commands
      [emptyjava]
      [emptyflash] 
      [EMPTYTEMP]
      
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, and click to allow the Reboot when it is done.
      When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    • Copy the contents of that file and post it in your next reply.
      That is the FIX log file. It will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
    ----------------------------------------------
    After posting the Resulting log, Please Rescan as follows:
    Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in a separate reply.
    ---------------------------------------------------
    So, In Your Replies, we will be looking for the following :
    The contents of:
    • The FIX log from OTL
    • Fresh version of OTL.txt from the Quick Scan.
    Please feel free to use separate replies.

    askey127
     
  7. zan.w

    zan.w Thread Starter

    Joined:
    Dec 28, 2004
    Messages:
    54
    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== OTL ==========
    Error: No service named PDFProFiltSrvPP was found to stop!
    Service\Driver key PDFProFiltSrvPP not found.
    File C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe not found.
    Error: Unable to stop service aswNdis2!
    Service\Driver key aswNdis2 not found.
    File C:\Windows\SysNative\drivers\aswNdis2.sys not found.
    Error: Unable to stop service aswKbd!
    Service\Driver key aswKbd not found.
    File C:\Windows\SysNative\drivers\aswKbd.sys not found.
    Error: No service named aswFW was found to stop!
    Service\Driver key aswFW not found.
    File C:\Windows\SysNative\drivers\aswFW.sys not found.
    Error: Unable to stop service aswNdis!
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswNdis deleted successfully.
    C:\Windows\SysNative\drivers\aswNdis.sys moved successfully.
    Service PCDSRVC{1E208CE0-FB7451FF-06020101}_0 stopped successfully!
    Service PCDSRVC{1E208CE0-FB7451FF-06020101}_0 deleted successfully!
    c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms moved successfully.
    Prefs.js: ascsurfingprotection%40iobit.com:1.0 removed from extensions.enabledAddons
    Folder C:\Users\WellsJnS\AppData\Roaming\mozilla\Firefox\Profiles\3ciq9x11.default \extensions\[email protected]\ not found.
    C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll moved successfully.
    File C:\Windows\SysWOW64\npDeployJava1.dll not found.
    C:\Users\WellsJnS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\Plugin\Img folder moved successfully.
    C:\Users\WellsJnS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\Plugin folder moved successfully.
    C:\Users\WellsJnS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0 folder moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ deleted successfully.
    C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll moved successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll deleted successfully.
    C:\Windows\SysNative\SmartDefragBootTime.exe moved successfully.
    C:\Windows\SysNative\IObitSmartDefragExtension.dll moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit\Smart Defrag 3 folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit\Smart Defrag 2 folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit\IObit Uninstaller\Log folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit\IObit Uninstaller\B77A0CC7-7129-4313-86FE-B10B53285749 folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit\IObit Malware Fighter folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit\Driver Booster\Logs folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit\Driver Booster folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit\Advanced SystemCare V7\ProgramDeactivator folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit\Advanced SystemCare V7\Log folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit\Advanced SystemCare V7\Internet Booster folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit\Advanced SystemCare V7\Homepage Protection folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit\Advanced SystemCare V7\Boottime folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit\Advanced SystemCare V7\Backup folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit\Advanced SystemCare V7 folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit\Advanced SystemCare V6\Temp folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit\Advanced SystemCare V6\Registrycleaner\backup\Registry folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit\Advanced SystemCare V6\Registrycleaner\backup folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit\Advanced SystemCare V6\Registrycleaner folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit\Advanced SystemCare V6\Log folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit\Advanced SystemCare V6\Internet Booster folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit\Advanced SystemCare V6\Boottime folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit\Advanced SystemCare V6\Backup folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit\Advanced SystemCare V6 folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit\Advanced SystemCare V5\Toolbox folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit\Advanced SystemCare V5\Log folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit\Advanced SystemCare V5\DiskCheck folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit\Advanced SystemCare V5\Disk Cleaner folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit\Advanced SystemCare V5\Boottime folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit\Advanced SystemCare V5\Backup folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\IObit folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\uTorrent\updates folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\uTorrent\share folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\uTorrent\ie folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\uTorrent\apps folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\uTorrent folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\Nuance\PaperPort\12\Temp folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\Nuance\PaperPort\12 folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\Nuance\PaperPort folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\Nuance\OmniPageCSDK16 folder moved successfully.
    C:\Users\WellsJnS\AppData\Roaming\Nuance folder moved successfully.
    ========== FILES ==========
    File\Folder C:\Windows\SysNative\drivers\aswNdis2.sys not found.
    File\Folder C:\Windows\SysNative\drivers\aswKbd.sys not found.
    File\Folder C:\Windows\SysNative\drivers\aswFW.sys not found.
    File\Folder C:\Windows\SysNative\drivers\aswNdis.sys not found.
    C:\Program Files (x86)\Nuance\PaperPort\UserConfig\My Paperport Documents\Web Pages folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\UserConfig\My Paperport Documents\Taxes\2010\Tax Forms folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\UserConfig\My Paperport Documents\Taxes\2010\Receipts folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\UserConfig\My Paperport Documents\Taxes\2010 folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\UserConfig\My Paperport Documents\Taxes\2009\Tax Forms folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\UserConfig\My Paperport Documents\Taxes\2009\Receipts folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\UserConfig\My Paperport Documents\Taxes\2009 folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\UserConfig\My Paperport Documents\Taxes folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\UserConfig\My Paperport Documents\Samples\Photos folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\UserConfig\My Paperport Documents\Samples folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\UserConfig\My Paperport Documents\Receipts folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\UserConfig\My Paperport Documents\Real Estate folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\UserConfig\My Paperport Documents\Presentations folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\UserConfig\My Paperport Documents\Photographs folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\UserConfig\My Paperport Documents\Investments\Stocks folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\UserConfig\My Paperport Documents\Investments\Bonds folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\UserConfig\My Paperport Documents\Investments\401K folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\UserConfig\My Paperport Documents\Investments folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\UserConfig\My Paperport Documents\Faxes folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\UserConfig\My Paperport Documents\Business Cards folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\UserConfig\My Paperport Documents\Bank Statements\Savings folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\UserConfig\My Paperport Documents\Bank Statements\Checking folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\UserConfig\My Paperport Documents\Bank Statements folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\UserConfig\My Paperport Documents\Articles\Vacations\Winter folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\UserConfig\My Paperport Documents\Articles\Vacations\Summer folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\UserConfig\My Paperport Documents\Articles\Vacations folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\UserConfig\My Paperport Documents\Articles\Politics folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\UserConfig\My Paperport Documents\Articles\Computers folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\UserConfig\My Paperport Documents\Articles folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\UserConfig\My Paperport Documents folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\UserConfig folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\ScanData folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\ProgGuides\Images folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\ProgGuides folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\inso folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\Ereg folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\bin\Resource\table folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\bin\Resource\fonts folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\bin\Resource\codemap folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\bin\Resource folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort\bin folder moved successfully.
    C:\Program Files (x86)\Nuance\PaperPort folder moved successfully.
    C:\Program Files (x86)\Nuance folder moved successfully.
    C:\Program Files (x86)\IObit\Surfing Protection\Update folder moved successfully.
    C:\Program Files (x86)\IObit\Surfing Protection\Language folder moved successfully.
    C:\Program Files (x86)\IObit\Surfing Protection\Database folder moved successfully.
    C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\Plugin\Img folder moved successfully.
    C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\Plugin folder moved successfully.
    C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0 folder moved successfully.
    C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\nfengeggddojhakldhlpjdlddgkkjkdd folder moved successfully.
    C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\images folder moved successfully.
    C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\[email protected]\chrome\content folder moved successfully.
    C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\[email protected]\chrome folder moved successfully.
    C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\[email protected] folder moved successfully.
    C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect folder moved successfully.
    C:\Program Files (x86)\IObit\Surfing Protection folder moved successfully.
    C:\Program Files (x86)\IObit\Smart Defrag 3\Temp folder moved successfully.
    C:\Program Files (x86)\IObit\Smart Defrag 3\LatestNews folder moved successfully.
    C:\Program Files (x86)\IObit\Smart Defrag 3 folder moved successfully.
    C:\Program Files (x86)\IObit\Smart Defrag 2\Update folder moved successfully.
    C:\Program Files (x86)\IObit\Smart Defrag 2\LatestNews folder moved successfully.
    C:\Program Files (x86)\IObit\Smart Defrag 2\Freeware folder moved successfully.
    C:\Program Files (x86)\IObit\Smart Defrag 2 folder moved successfully.
    C:\Program Files (x86)\IObit\LiveUpdate\update\Uninstaller folder moved successfully.
    C:\Program Files (x86)\IObit\LiveUpdate\update folder moved successfully.
    C:\Program Files (x86)\IObit\LiveUpdate\Language folder moved successfully.
    C:\Program Files (x86)\IObit\LiveUpdate folder moved successfully.
    C:\Program Files (x86)\IObit\IObit Uninstaller folder moved successfully.
    C:\Program Files (x86)\IObit\IObit Security 360\Update\Language folder moved successfully.
    C:\Program Files (x86)\IObit\IObit Security 360\Update folder moved successfully.
    C:\Program Files (x86)\IObit\IObit Security 360\Quarantine Zone folder moved successfully.
    C:\Program Files (x86)\IObit\IObit Security 360\log\Scan folder moved successfully.
    C:\Program Files (x86)\IObit\IObit Security 360\log folder moved successfully.
    C:\Program Files (x86)\IObit\IObit Security 360\Downloaded folder moved successfully.
    C:\Program Files (x86)\IObit\IObit Security 360 folder moved successfully.
    C:\Program Files (x86)\IObit\IObit Malware Fighter\Update folder moved successfully.
    C:\Program Files (x86)\IObit\IObit Malware Fighter\Quarantine Zone folder moved successfully.
    C:\Program Files (x86)\IObit\IObit Malware Fighter\log\scan folder moved successfully.
    C:\Program Files (x86)\IObit\IObit Malware Fighter\log\realtime folder moved successfully.
    C:\Program Files (x86)\IObit\IObit Malware Fighter\log folder moved successfully.
    C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\update\ADSRemoval\IE\db folder moved successfully.
    C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\update\ADSRemoval\IE folder moved successfully.
    C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\update\ADSRemoval folder moved successfully.
    C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\update folder moved successfully.
    C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\db folder moved successfully.
    C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE folder moved successfully.
    C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\bin folder moved successfully.
    C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected] folder moved successfully.
    C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox folder moved successfully.
    C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval folder moved successfully.
    C:\Program Files (x86)\IObit\IObit Malware Fighter folder moved successfully.
    C:\Program Files (x86)\IObit\Driver Booster\Update\LocalData folder moved successfully.
    C:\Program Files (x86)\IObit\Driver Booster\Update\Database\Update folder moved successfully.
    C:\Program Files (x86)\IObit\Driver Booster\Update\Database folder moved successfully.
    C:\Program Files (x86)\IObit\Driver Booster\Update folder moved successfully.
    C:\Program Files (x86)\IObit\Driver Booster\Skin folder moved successfully.
    C:\Program Files (x86)\IObit\Driver Booster\LocalData folder moved successfully.
    C:\Program Files (x86)\IObit\Driver Booster\LatestNews folder moved successfully.
    C:\Program Files (x86)\IObit\Driver Booster\Language folder moved successfully.
    C:\Program Files (x86)\IObit\Driver Booster\Images folder moved successfully.
    C:\Program Files (x86)\IObit\Driver Booster\DrvInstall folder moved successfully.
    C:\Program Files (x86)\IObit\Driver Booster\DpInst\x86 folder moved successfully.
    C:\Program Files (x86)\IObit\Driver Booster\DpInst\x64 folder moved successfully.
    C:\Program Files (x86)\IObit\Driver Booster\DpInst folder moved successfully.
    C:\Program Files (x86)\IObit\Driver Booster\Download folder moved successfully.
    C:\Program Files (x86)\IObit\Driver Booster\Database\Update folder moved successfully.
    C:\Program Files (x86)\IObit\Driver Booster\Database\Backup folder moved successfully.
    C:\Program Files (x86)\IObit\Driver Booster\Database folder moved successfully.
    C:\Program Files (x86)\IObit\Driver Booster\Backups folder moved successfully.
    C:\Program Files (x86)\IObit\Driver Booster folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 7\Toolbox_Download folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 7\Toolbar folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 7\Temp folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 7\SecurityHole_Backup folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 7\LatestNews folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 7\Database folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 7\BootTimeLog folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCServiceLog folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 7 folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 6\Update\Database folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 6\Update folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 6\Toolbox_Download folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 6\SecurityHole_Backup folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 6\LatestNews folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\images folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 6\BootTimeLog folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCServiceLog folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 6 folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 5\Update folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 5\SecurityHole_Backup folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 5\LatestNews folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 5\BootTimeLog folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 5 folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 4\Update folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 4\LatestNews folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 4\Freeware\FreeSoftwareDownload folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 4\Freeware folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 4\Backup\Registry folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 4\Backup folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 4 folder moved successfully.
    C:\Program Files (x86)\IObit\Advanced SystemCare 3 folder moved successfully.
    C:\Program Files (x86)\IObit folder moved successfully.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\WellsJnS\Downloads\cmd.bat deleted successfully.
    C:\Users\WellsJnS\Downloads\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Guest

    User: Public

    User: WellsJnS
    ->Java cache emptied: 71066 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Guest
    ->Flash cache emptied: 671 bytes

    User: Public

    User: WellsJnS
    ->Flash cache emptied: 905 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 52856 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->FireFox cache emptied: 10606117 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    User: WellsJnS
    ->Temp folder emptied: 163463079 bytes
    ->Temporary Internet Files folder emptied: 26869800 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 95613944 bytes
    ->Google Chrome cache emptied: 24683025 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 102998350 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 119186 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 666 bytes
    RecycleBin emptied: 95705605 bytes

    Total Files Cleaned = 496.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 02142014_095714

    Files\Folders moved on Reboot...
    C:\Windows\temp\JET88AF.tmp moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  8. zan.w

    zan.w Thread Starter

    Joined:
    Dec 28, 2004
    Messages:
    54
    Ran the first part of fix, finished and tried to login to email and have no keyboard input.. Have unplugged and replugged shows it there and will bring up calculator but no other input.. Have restarted computer and tried another keyboard with same results. Have posted results by using history and bringing up page.. I am using laptop for this post.. Shall I go ahead and run second action? Thanks, Suzanne

    Have unplugged and finally showing up in control panel with this message when tried to find problem..Windows cannot start this hardware because its configuration (in the registry) is incomplete or damaged.. Please advise....
     
  9. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    How do you get into Control Panel?
    Can you log in? Does the keyboard quit after login?
    This is either due to a virus/trojan we haven't removed yet, or that IOBit Driver program.
    Are you able to go into System Restore and set the system back a few days ?
    Control Panel > Backup and Restore > Recover system settings or your computer
     
  10. zan.w

    zan.w Thread Starter

    Joined:
    Dec 28, 2004
    Messages:
    54
    Everything worked fine this morning then I did the first scan and on reboot keyboard did not work, the calculator button worked on both keyboards I plugged in, and the mouse has always worked. I will try a system restore again, tried to restore back before this morning the OTL scan and it said could not be restored. I will try a few days before and see what happens. Keyboard has always worked till today. I also connected to different usb ports and all the same shows keyboard in control panel with code 19 registry error...Will let you know what happens with system restore...
     
  11. zan.w

    zan.w Thread Starter

    Joined:
    Dec 28, 2004
    Messages:
    54
    OTL logfile created on: 2/14/2014 12:39:17 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\WellsJnS\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 64.49% Memory free
    7.50 Gb Paging File | 5.70 Gb Available in Paging File | 76.05% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.48 Gb Total Space | 496.60 Gb Free Space | 85.40% Space Free | Partition Type: NTFS

    Computer Name: SUZANNE-PC | User Name: Wells | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/02/13 15:30:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\WellsJnS\Downloads\OTL.exe
    PRC - [2014/01/28 21:21:08 | 006,059,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
    PRC - [2014/01/22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
    PRC - [2014/01/22 12:17:36 | 004,962,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
    PRC - [2013/09/24 01:35:44 | 001,358,944 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
    PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
    PRC - [2013/05/27 16:52:12 | 000,093,472 | ---- | M] (Glarysoft Ltd) -- C:\Program Files (x86)\Glary Utilities\webupdate.exe
    PRC - [2013/05/11 02:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/06/06 14:31:56 | 003,076,096 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
    PRC - [2012/06/05 14:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
    PRC - [2010/11/26 23:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    PRC - [2010/11/26 23:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    PRC - [2010/08/20 12:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    PRC - [2010/07/21 07:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
    PRC - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2009/05/05 15:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    PRC - [2008/08/12 13:15:28 | 000,257,880 | ---- | M] (Creative Home) -- C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2009 Deluxe\Planner\PLNRnote.exe
    PRC - [2007/08/09 12:07:38 | 000,227,824 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    PRC - [2007/08/09 12:07:18 | 000,018,416 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    PRC - [2007/07/27 09:10:00 | 001,133,040 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2010/07/21 07:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
    MOD - [2010/07/21 07:34:20 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
    MOD - [2010/07/21 07:34:00 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
    MOD - [2010/07/21 07:33:58 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
    MOD - [2010/07/21 07:33:52 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
    MOD - [2010/07/21 07:33:50 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
    MOD - [2010/07/21 07:33:46 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
    MOD - [2010/07/21 07:33:22 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
    MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
    MOD - [2007/07/23 15:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files (x86)\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
    MOD - [2007/07/03 17:07:42 | 000,044,016 | ---- | M] () -- C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\apm.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2014/02/12 22:35:43 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2011/09/27 11:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV:64bit: - [2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (getPlusHelper)
    SRV:64bit: - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV - [2014/02/04 17:39:06 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/01/22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2013/12/25 14:22:15 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/09/24 01:35:44 | 001,358,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe -- (avgfws)
    SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
    SRV - [2013/05/11 02:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/06/05 14:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
    SRV - [2010/11/26 23:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
    SRV - [2010/11/20 13:02:51 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
    SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2010/08/20 12:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/04/29 08:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
    SRV - [2006/12/11 22:16:32 | 000,064,248 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
    SRV - [2006/12/11 22:16:28 | 000,301,816 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2014/02/12 22:35:48 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2014/02/12 22:35:47 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2014/02/12 22:35:47 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2013/11/25 21:47:22 | 000,196,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2013/11/25 21:47:20 | 000,243,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2013/11/25 21:47:20 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
    DRV:64bit: - [2013/11/10 21:31:46 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2013/10/31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2013/10/31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
    DRV:64bit: - [2013/10/01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2013/09/26 09:44:54 | 000,057,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
    DRV:64bit: - [2013/09/10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2013/08/01 15:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/10/31 10:03:15 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/10/31 10:03:15 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/09/01 22:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV:64bit: - [2011/09/01 22:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2011/09/01 22:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/03/04 12:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/07/24 20:23:40 | 001,224,704 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 16:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/04 23:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2009/05/20 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/04/29 08:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
    DRV:64bit: - [2009/02/13 11:21:20 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWBS2.sys -- (CAXHWBS2)
    DRV:64bit: - [2009/02/13 11:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
    DRV:64bit: - [2009/02/12 19:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
    DRV:64bit: - [2008/11/11 12:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
    DRV:64bit: - [2008/11/11 12:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64gps.sys -- (UsbGps)
    DRV:64bit: - [2008/11/11 12:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
    DRV:64bit: - [2008/11/11 12:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
    DRV:64bit: - [2008/10/09 10:17:06 | 000,005,120 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
    DRV:64bit: - [2007/07/23 15:05:22 | 000,009,968 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLADResE.SYS -- (DLADResE)
    DRV:64bit: - [2007/07/23 15:05:12 | 000,135,152 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAUDFAE.SYS -- (DLAUDFAE)
    DRV:64bit: - [2007/07/23 15:05:12 | 000,046,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLABMFSE.SYS -- (DLABMFSE)
    DRV:64bit: - [2007/07/23 15:05:10 | 000,144,112 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAUDF_E.SYS -- (DLAUDF_E)
    DRV:64bit: - [2007/07/23 15:05:08 | 000,035,056 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAOPIOE.SYS -- (DLAOPIOE)
    DRV:64bit: - [2007/07/23 15:05:06 | 000,042,352 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLABOIOE.SYS -- (DLABOIOE)
    DRV:64bit: - [2007/07/23 15:05:06 | 000,019,824 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAPoolE.SYS -- (DLAPoolE)
    DRV:64bit: - [2007/07/23 15:05:04 | 000,146,672 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAIFS_E.SYS -- (DLAIFS_E)
    DRV:64bit: - [2007/07/23 14:55:46 | 000,124,112 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DRVECDB.SYS -- (DRVECDB)
    DRV:64bit: - [2007/07/23 14:49:50 | 000,041,072 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\SysNative\drivers\DLARTL_E.SYS -- (DLARTL_E)
    DRV:64bit: - [2007/07/23 14:49:50 | 000,017,776 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DLACDBHE.SYS -- (DLACDBHE)
    DRV:64bit: - [2007/07/23 14:43:46 | 000,063,984 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DRVEDDM.SYS -- (DRVEDDM)
    DRV:64bit: - [2006/11/01 09:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV:64bit: - [2006/06/18 03:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
    DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{126C19CF-365F-435F-B36D-F4C2406B74DA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{ACABD4B7-3FFF-48A4-A271-F9AD3475E831}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://registration.excite.com/excitereg/login.jsp|https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/u/0/?shva%3D1&ss=1&scc=1&authuser=0&ltmpl=default&ltmplcache=2&emr=1#inbox"


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\WellsJnS\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\WellsJnS\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/01 23:30:49 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/07/26 11:26:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WellsJnS\AppData\Roaming\mozilla\Extensions
    [2014/02/13 15:04:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WellsJnS\AppData\Roaming\mozilla\Firefox\Profiles\3ciq9x11.default\extensions
    [2013/12/02 11:32:34 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\WellsJnS\AppData\Roaming\mozilla\Firefox\Profiles\3ciq9x11.default\extensions\[email protected]
    [2012/12/20 10:52:42 | 000,679,123 | ---- | M] () (No name found) -- C:\Users\WellsJnS\AppData\Roaming\mozilla\firefox\profiles\3ciq9x11.default\extensions\[email protected]
    [2014/02/08 13:40:58 | 002,660,299 | ---- | M] () (No name found) -- C:\Users\WellsJnS\AppData\Roaming\mozilla\firefox\profiles\3ciq9x11.default\extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi
    [2013/01/23 12:44:39 | 000,002,763 | ---- | M] () -- C:\Users\WellsJnS\AppData\Roaming\mozilla\firefox\profiles\3ciq9x11.default\searchplugins\web-search.xml
    [2013/11/17 11:20:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/11/17 11:20:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2013/11/17 11:20:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2013/12/25 14:22:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage:
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\WellsJnS\AppData\Local\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\WellsJnS\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\WellsJnS\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: PCShow Player Plugin (Disabled) = C:\Users\WellsJnS\AppData\Local\DIRECTV Player\npPlayerPlugin.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
    CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
    CHR - Extension: Bejeweled = C:\Users\WellsJnS\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
    CHR - Extension: Angry Birds = C:\Users\WellsJnS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
    CHR - Extension: PriceBlink = C:\Users\WellsJnS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh\4.0.2_0\
    CHR - Extension: Brushed = C:\Users\WellsJnS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg\1.0_0\
    CHR - Extension: YouTube = C:\Users\WellsJnS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\WellsJnS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Ads Removal = C:\Users\WellsJnS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\
    CHR - Extension: AVG Secure Search = C:\Users\WellsJnS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.5.0.2_0\
    CHR - Extension: PAC-Match Party = C:\Users\WellsJnS\AppData\Local\Google\Chrome\User Data\Default\Extensions\njhglkgppclbkpakbalpciidkcpkjfhj\1.102_0\
    CHR - Extension: Google Wallet = C:\Users\WellsJnS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
    CHR - Extension: Gmail = C:\Users\WellsJnS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll File not found
    O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
    O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
    O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
    O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
    O4 - Startup: C:\Users\WellsJnS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8:64bit: - Extra context menu item: Add to Evernote 4 - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html ()
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
    O8 - Extra context menu item: Add to Evernote 4 - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html ()
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
    O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
    O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
    O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Reg Error: Key error.)
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Value error.)
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (Reg Error: Key error.)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Reg Error: Key error.)
    O16 - DPF: {DE3135A8-D948-49DC-ABBC-B2EFF418E5FD} http://www.iradiopop.com/IRD/pages/AIRJ01FPlayer.CAB (AIRJ01FPlayer.Player)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00B1BBC4-7E69-4AB6-95D6-1475F348FB9A}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFDD65DC-7EDA-446A-89F4-DE9D357E4B25}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{80635258-27c1-11df-82a9-002564d33dee}\Shell - "" = AutoRun
    O33 - MountPoints2\{80635258-27c1-11df-82a9-002564d33dee}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/02/14 10:00:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
    [2014/02/14 09:52:03 | 000,000,000 | ---D | C] -- C:\_OTL
    [2014/02/13 15:33:35 | 000,000,000 | ---D | C] -- C:\Users\WellsJnS\Desktop\Computer fix files
    [2014/02/13 15:17:03 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/02/13 15:01:54 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
    [2014/02/12 22:36:04 | 000,069,632 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_8.97.100.11.dll
    [2014/02/12 22:35:58 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
    [2014/02/12 22:35:48 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
    [2014/02/12 22:35:26 | 000,000,000 | ---D | C] -- C:\DrvInstall
    [2014/02/12 22:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
    [2014/02/07 08:59:15 | 000,000,000 | ---D | C] -- C:\Users\WellsJnS\AppData\Local\{C9671673-6D19-4B2B-81BA-225B121B883A}
    [2014/02/03 13:23:31 | 000,000,000 | ---D | C] -- C:\Users\WellsJnS\AppData\Local\{671470E6-4F3C-4DF8-98E5-BFFA4B72B5B7}
    [2014/01/21 10:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    [2014/01/16 15:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\GlarySoft
    [2014/01/15 13:55:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
    [2014/01/15 13:55:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities

    ========== Files - Modified Within 30 Days ==========

    [2014/02/14 12:42:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
    [2014/02/14 12:39:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/02/14 12:36:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
    [2014/02/14 12:30:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/02/14 12:24:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2922394718-1656526869-328638602-1001UA.job
    [2014/02/14 12:08:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2922394718-1656526869-328638602-1003UA.job
    [2014/02/14 12:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\PerfectOptimizer_home.job
    [2014/02/14 11:48:03 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/02/14 11:48:03 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/02/14 11:42:01 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 4.job
    [2014/02/14 11:41:11 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/02/14 11:40:55 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
    [2014/02/14 11:40:41 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
    [2014/02/14 11:40:41 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
    [2014/02/14 11:40:41 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\Driver Booster Update.job
    [2014/02/14 11:40:29 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\iMeshNAG.job
    [2014/02/14 11:40:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/02/14 11:40:18 | 3019,202,560 | -HS- | M] () -- C:\hiberfil.sys
    [2014/02/14 10:08:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2922394718-1656526869-328638602-1003Core.job
    [2014/02/13 19:23:00 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\COMODO System Cleaner Update.job
    [2014/02/13 15:24:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2922394718-1656526869-328638602-1001Core.job
    [2014/02/13 11:41:32 | 000,000,000 | -H-- | M] () -- C:\Users\WellsJnS\Documents\Default.rdp
    [2014/02/13 09:59:03 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
    [2014/02/13 09:58:53 | 000,003,736 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
    [2014/02/13 08:48:39 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
    [2014/02/12 22:36:04 | 000,204,952 | ---- | M] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2014/02/12 22:36:04 | 000,204,952 | ---- | M] () -- C:\Windows\SysNative\ativvsvl.dat
    [2014/02/12 22:36:04 | 000,157,144 | ---- | M] () -- C:\Windows\SysWow64\ativvsva.dat
    [2014/02/12 22:36:04 | 000,157,144 | ---- | M] () -- C:\Windows\SysNative\ativvsva.dat
    [2014/02/12 22:36:04 | 000,069,632 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst_8.97.100.11.dll
    [2014/02/12 22:36:03 | 002,852,480 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
    [2014/02/12 22:35:59 | 002,818,784 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
    [2014/02/12 22:35:58 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
    [2014/02/12 22:35:58 | 000,003,917 | ---- | M] () -- C:\Windows\SysWow64\atipblag.dat
    [2014/02/12 22:35:58 | 000,003,917 | ---- | M] () -- C:\Windows\SysNative\atipblag.dat
    [2014/02/12 22:35:52 | 000,038,177 | ---- | M] () -- C:\Windows\atiogl.xml
    [2014/02/12 22:35:48 | 000,021,504 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
    [2014/02/12 22:35:43 | 000,618,823 | ---- | M] () -- C:\Windows\SysNative\atiicdxx.dat
    [2014/02/12 22:35:43 | 000,514,048 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
    [2014/02/12 22:35:43 | 000,238,080 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
    [2014/02/12 22:35:27 | 000,246,000 | ---- | M] () -- C:\Windows\SysWow64\atiapfxx.blb
    [2014/02/12 22:35:27 | 000,246,000 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
    [2014/02/12 22:31:41 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Driver Booster.lnk
    [2014/01/20 11:03:00 | 000,726,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2014/01/15 13:58:49 | 000,001,066 | ---- | M] () -- C:\Users\WellsJnS\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 4.lnk
    [2014/01/15 13:58:49 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\Glary Utilities 4.lnk

    ========== Files Created - No Company Name ==========

    [2014/02/13 11:41:32 | 000,000,000 | -H-- | C] () -- C:\Users\WellsJnS\Documents\Default.rdp
    [2014/02/13 08:48:39 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
    [2014/02/12 22:36:04 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2014/02/12 22:36:04 | 000,204,952 | ---- | C] () -- C:\Windows\SysNative\ativvsvl.dat
    [2014/02/12 22:36:04 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2014/02/12 22:36:04 | 000,157,144 | ---- | C] () -- C:\Windows\SysNative\ativvsva.dat
    [2014/02/12 22:36:03 | 002,852,480 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
    [2014/02/12 22:35:59 | 002,818,784 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
    [2014/02/12 22:35:58 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2014/02/12 22:35:58 | 000,003,917 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
    [2014/02/12 22:35:52 | 000,038,177 | ---- | C] () -- C:\Windows\atiogl.xml
    [2014/02/12 22:35:43 | 000,618,823 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
    [2014/02/12 22:35:27 | 000,246,000 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
    [2014/02/12 22:35:27 | 000,246,000 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
    [2014/02/12 22:31:44 | 000,000,286 | ---- | C] () -- C:\Windows\tasks\Driver Booster Update.job
    [2014/02/12 22:31:41 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Driver Booster.lnk
    [2014/01/15 13:55:31 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
    [2013/07/17 15:25:49 | 000,001,872 | ---- | C] () -- C:\Users\WellsJnS\AppData\Local\rx_image.Cache
    [2013/06/09 12:25:28 | 000,000,245 | ---- | C] () -- C:\Windows\Brpfx04a.ini
    [2013/06/09 12:25:28 | 000,000,064 | ---- | C] () -- C:\Windows\brpcfx.ini
    [2013/06/09 12:23:01 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
    [2013/06/09 12:16:13 | 000,000,000 | ---- | C] () -- C:\Windows\BRPARAM.INI
    [2013/05/21 09:37:15 | 000,003,736 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
    [2012/12/30 11:54:31 | 000,000,321 | ---- | C] () -- C:\Windows\SysWow64\cosmo.ini
    [2012/12/30 11:54:15 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\sx83p32.dll
    [2012/12/30 11:52:30 | 000,022,480 | ---- | C] () -- C:\Windows\SysWow64\PFMAPI16.DLL
    [2012/12/30 11:52:30 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\PFMAPI32.DLL
    [2012/11/25 15:27:31 | 000,000,584 | ---- | C] () -- C:\Users\WellsJnS\AppData\Roaming\wklnhst.dat
    [2011/03/11 11:47:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

    ========== ZeroAccess Check ==========

    [2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/09/10 22:12:42 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/09/10 22:12:42 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/09/19 11:52:20 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\AVG2014
    [2012/07/27 14:56:39 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\Broderbund
    [2013/12/25 11:39:56 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\calibre
    [2013/06/15 22:07:02 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\ControlCenter4
    [2013/12/30 16:03:21 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\GlarySoft
    [2012/07/28 07:58:28 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\Leadertech
    [2014/02/08 13:37:54 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\MP3Rocket
    [2014/01/08 23:05:17 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\OpenOffice
    [2012/12/11 16:30:48 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\OpenOffice.org
    [2013/09/20 10:43:42 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\Samsung
    [2013/03/18 10:42:57 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\Serif
    [2012/11/25 15:28:22 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\Template
    [2012/11/21 13:04:33 | 000,000,000 | ---D | M] -- C:\Users\WellsJnS\AppData\Roaming\TuneUp Software

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\U.S. Bank Internet Bankingmom_files:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\T-MST4AUSC:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\Tax 2012:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\Suzannes Movies:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\Sony PMB:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\senior discounts.rtf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\Open Office:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\Nook Color SD android boot:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\no bake pumpkin cookies.rtf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\My Scans:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\My Recipes:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\My Projects:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\My PaperPort Documents:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\montana tires:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\Medical tax deductions.rtf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\Jumbos Martha Bolen.rtf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\hsn.rtf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\HSF_v7.74_Release_Notes.pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\Hisense:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\Hallmark Card Studio 2009.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\hairstyles bob:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\Hair2013.rtf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\hair 2.rtf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\Google Nexus order_files:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\DModem Release Notes.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\DECT1 cordless phone.pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\Corel User Files:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\Calendar.rtf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Documents\Cake.rtf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\WellsJnS\Desktop\Computer fix files:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Corel:Roxio EMC Stream

    < End of report >
     
  12. zan.w

    zan.w Thread Starter

    Joined:
    Dec 28, 2004
    Messages:
    54
    Did system restore from this morning and it didn't restore anything, so restored from a few days earlier, keyboard working and am back with programs you wanted me to delete. Have deleted utorrent, coupon companion, nuance paper port and advanced system care.. Thanks for all the help. Should I start from the beginning again or wait and see if trojan pops up again?
     
  13. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    zan.w,
    If it's present we can't afford to leave it there.
    Let's go after the trojan early this time.
    -------------------------------------------------
    Run the ESET Online Scanner
    Vista/Windows 7 users: You will need to to right-click on the either the Internet Explorer or FireFox icon in the Start Menu or Quick Launch Bar and select Run as Administrator.
    (You can use either Internet Explorer or Mozilla FireFox for this scan, but Internet Explorer is easier.)
    You will also need to disable your current installed Anti-Virus this way before you begin.
    • Please go HERE to run the scan.
    • Select the option YES, I accept the Terms of Use then click on: [​IMG]
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats IS checked, and the option Scan archives IS checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on: [​IMG]
    • Give permission again if necessary.
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard any more than necessary during the scan, otherwise it may stall.
    • When it completes, give it a few minutes to write the logfile, then click on [​IMG]
    • Use (My) Computer to navigate to C:\Program Files(x86)\ESET\Eset Online Scanner\log.txt.
    • Double click the log.txt file to open it in Notepad.
    • Copy and paste that log as a reply to this topic.

    askey127
     
  14. zan.w

    zan.w Thread Starter

    Joined:
    Dec 28, 2004
    Messages:
    54
    [email protected] as downloader log:
    all ok
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6920
    # api_version=3.0.2
    # EOSSerial=d82192e67f337b47b0cb582313698b63
    # engine=17090
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2014-02-15 09:04:15
    # local_time=2014-02-15 01:04:15 (-0800, Pacific Standard Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=772 16777213 66 82 0 0 0 0
    # compatibility_mode=5893 16776573 100 94 0 144041705 0 0
    # scanned=221475
    # found=30
    # cleaned=28
    # scan_time=5007
    sh=E42C9B513FB2A297C537E225DAF15A24DB6224BA ft=1 fh=28421ae0971c9c15 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\All Users\IObit\ASCDownloader\Smart Defrag.exe"
    sh=1EFF205D7D0D82BAF841A98C176D700114E13FE6 ft=1 fh=b22528247c19a550 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0"
    sh=DC1FE696A24E0072BA7221FCB0DAFEDB9B3560B4 ft=1 fh=5aa7e24d05d642d5 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application (deleted - quarantined)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-2922394718-1656526869-328638602-1001\$RYSDQXZ.exe"
    sh=962D0F4206392565C0C2B2DFC7104F3CDC197641 ft=1 fh=1ff89a1bbbec4bf2 vn="a variant of Win32/HiddenStart.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
    sh=6934335239B34885403720699DA5EE97B4CE8A48 ft=1 fh=1c9eac9f7d08a7aa vn="a variant of Win32/HiddenStart.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"
    sh=116FECDB8347AC7BF41A68E4D4B88B1DCBC057A5 ft=1 fh=5ae66c48013adbc2 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCPatch.exe"
    sh=66AD38356276A82B243291DA69C13821D297E5E0 ft=1 fh=834d59cc4b3df5fa vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\IObit\Advanced SystemCare 7\Toolbar\iobitappsToolbar-stub-1.exe"
    sh=B992ED7A1B4DF30F6AF8A911FBFDE92ED9F77519 ft=1 fh=5dac4dde3cd39976 vn="a variant of MSIL/DomaIQ.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Uninstaller\Uninstall.exe"
    sh=E42C9B513FB2A297C537E225DAF15A24DB6224BA ft=1 fh=28421ae0971c9c15 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\ProgramData\IObit\ASCDownloader\Smart Defrag.exe"
    sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\WellsJnS\AppData\Local\genienext\nengine.dll"
    sh=82DF19EF696A10FA6DE61A3E275FC0BA9D80B649 ft=1 fh=fbfd566b209725d9 vn="Win32/AdWare.SmartApps.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\WellsJnS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LUVJ6M88\Coupon Companion[1].exe"
    sh=95826B332BD1AC0543C2BA4DB637D082A994B1E5 ft=1 fh=f3159d8e366dd55a vn="a variant of Win32/Mobogenie.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\WellsJnS\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe"
    sh=749E0C6D85971204E397EAE65ED10A9A4AEF40AB ft=1 fh=ef830199de104882 vn="a variant of Win32/Mobogenie.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\WellsJnS\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe"
    sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\WellsJnS\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll"
    sh=93AD648467F47DC2708810D169F26F4A814778C5 ft=1 fh=e589ccabe231da4b vn="a variant of Win32/Mobogenie.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\WellsJnS\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe"
    sh=7FBB53106A8B4FAC4A89425366EAFAFEAAA04DA3 ft=1 fh=a5d7b7c2b2389505 vn="a variant of Win32/Amonetize.AC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\WellsJnS\AppData\Local\SwvUpdater\Updater.exe"
    sh=82DF19EF696A10FA6DE61A3E275FC0BA9D80B649 ft=1 fh=fbfd566b209725d9 vn="Win32/AdWare.SmartApps.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\WellsJnS\AppData\Local\Temp\2464.exe"
    sh=FB0A8FFA1385D46B26E6EE524FDE05214E190CFF ft=1 fh=c71c0011e705dcbb vn="probably a variant of Win32/Amonetize.AD potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\WellsJnS\AppData\Local\Temp\89c11e3f-49ad-48f5-a58d-fb47537ac4c3\software\Launcher.exe"
    sh=3CA5F6171AEDB864FDC255CF0ACF2443DC93216B ft=1 fh=6c06304aaf871c5b vn="a variant of Win32/Toolbar.CrossRider.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\WellsJnS\AppData\Local\Updater4493\Updater4493.exe"
    sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A potentially unwanted application (deleted (after the next restart) - quarantined)" ac=C fn="C:\Users\WellsJnS\AppData\Roaming\newnext.me\nengine.dll"
    sh=116FECDB8347AC7BF41A68E4D4B88B1DCBC057A5 ft=1 fh=5ae66c48013adbc2 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\WellsJnS\Downloads\asc-setup (1).exe"
    sh=262B8AF8C7C50505C23990A101C90A7FA26FEB8D ft=1 fh=fb296160bd4be1ff vn="probably a variant of Win32/DomaIQ.AZ potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\WellsJnS\Downloads\avast.exe"
    sh=56D34D6E10AED4BFD656ACA65D82128343C3B2AC ft=1 fh=701899fa9d531057 vn="a variant of Win32/CNETInstaller.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\WellsJnS\Downloads\cbsidlm-cbsi5_2_0_83-Windows_7_Gadgets_Pack-ORG2-75664936.exe"
    sh=5BAFD51453714E4815F80C01DA03F9DEF0CDE8C9 ft=1 fh=5b92e1356f69874e vn="Win32/DownloadAdmin.E potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\WellsJnS\Downloads\cbsidlm-tr1_8-Office_Convert_PowerPoint_to_Pdf_Free-SEO2-10903002.exe"
    sh=932E042070F1567ED5A116E98E3C04D7D07E0681 ft=1 fh=3bf8f6c29b1c29c3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\WellsJnS\Downloads\ccsetup409.exe"
    sh=9FDD153CDF84C469F8015A6114B078767DD1250C ft=1 fh=2852b270997e26d3 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\WellsJnS\Downloads\defragsetup.exe"
    sh=103107AE9B3EEC15E7147D363AAA012F9A7580C3 ft=1 fh=55245880bc2d7bd2 vn="Win32/DownloadAdmin.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\WellsJnS\Downloads\openofficeimpress-setup.exe"
    sh=36B0DD972F60D98E88348702FF04D97EDFE56E15 ft=1 fh=3c395f65e29f3781 vn="Win32/Toolbar.CrossRider.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\WellsJnS\Downloads\setup.exe"
    sh=1EFF205D7D0D82BAF841A98C176D700114E13FE6 ft=1 fh=b22528247c19a550 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0"
    sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/NextLive.A potentially unwanted application (contained infected files)" ac=C fn="${Memory}"
     
  15. zan.w

    zan.w Thread Starter

    Joined:
    Dec 28, 2004
    Messages:
    54
    C:\Users\WellsJnS\Downloads\asc-setup (1).exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
    C:\Users\WellsJnS\Downloads\avast.exe probably a variant of Win32/DomaIQ.AZ potentially unwanted application deleted - quarantined
    C:\Users\WellsJnS\Downloads\cbsidlm-cbsi5_2_0_83-Windows_7_Gadgets_Pack-ORG2-75664936.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
    C:\Users\WellsJnS\Downloads\cbsidlm-tr1_8-Office_Convert_PowerPoint_to_Pdf_Free-SEO2-10903002.exe Win32/DownloadAdmin.E potentially unwanted application deleted - quarantined
    C:\Users\WellsJnS\Downloads\ccsetup409.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
    C:\Users\WellsJnS\Downloads\defragsetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
    C:\Users\WellsJnS\Downloads\openofficeimpress-setup.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
    C:\Users\WellsJnS\Downloads\setup.exe Win32/Toolbar.CrossRider.C potentially unwanted application deleted - quarantined
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
    Operating memory Win32/NextLive.A potentially unwanted application contained infected files
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1119851

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice