1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Yontoo.pagerage and a trojan- long time user back

Discussion in 'Virus & Other Malware Removal' started by ToyFoxPatch, Jan 1, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. ToyFoxPatch

    ToyFoxPatch Thread Starter

    Joined:
    Jul 7, 2003
    Messages:
    37
    Hello,
    It has been a long while since I have need to post...years frankly. However, one of my adult children was visiting and saw the opportunity to get on my machine....well enough said. I have a trojan horse of some kind and yontoo.pagerage. I must have a clean running machine as I teach online and also attend post doctoral studies online. I noticed that my facebook page had been hacked with dates and comments to my family that I had not written as well as newsfeed ads. I have changed my passwords and reported this and am underway to changeover every password I have.

    OS sys Win pro 7
    MS off pro
    have IE but don't use it- use Firefox
    have avast paid internet security that did not pick these up...Spybot did but can't fix it neither could Megabytes Malware
    with my internet school stuff they suggested the use of Mozilla over IE and I update Java all the time. I have auto antivirus running daily and update my MS system daily

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:26:26 PM, on 1/1/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Users\Kimberly Elser APNS\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Kimberly Elser APNS\Desktop\HijackThis.exe
    C:\Windows\SysWOW64\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe

    \Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:

    \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin

    \ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast

    \aswWebRepIE.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet

    Explorer\skypeieplugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:

    \PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin

    \jp2ssv.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast

    \aswWebRepIE.dll
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [APDF Printer Moniter X64] "C:\Program Files (x86)\Flip Printer\PrintMonitor.exe" -autorun
    O4 - HKCU\..\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -

    deviceID "CN2A6B2H3W05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
    O4 - Startup: Dropbox.lnk = Kimberly Elser APNS\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:

    \PROGRA~2\SPYBOT~1\SDHelper.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet

    Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared

    \OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common

    Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support

    \AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance

    Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file

    missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA

    Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file

    missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file

    missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search &

    Destroy\SDWinSec.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file

    missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file

    missing)
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA

    Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file

    missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file

    missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat

    \WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file

    missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem

    \WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program

    Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

    --
    End of file - 10063 bytes

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2
    Run by Kimberly Elser APNS at 12:07:48 on 2013-01-01
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.1973 [GMT -5:00]
    .
    AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\AVAST Software\Avast\afwServ.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\DRIVERS\xaudio64.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\Logitech\SetPointP\LBTWiz.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
    C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\splwow64.exe
    C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Users\Kimberly Elser APNS\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    mWinlogon: Userinit = userinit.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
    EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
    uRun: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [APDF Printer Moniter X64] "C:\Program Files (x86)\Flip Printer\PrintMonitor.exe" -autorun
    uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN2A6B2H3W05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\Users\KIMBER~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kimberly Elser APNS\AppData\Roaming\Dropbox\bin\Dropbox.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: NameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{007E93D2-8036-42C9-9AFC-E585B6930D57} : DHCPNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{7DD24FFA-01DC-4835-8619-9B871859E0A5} : DHCPNameServer = 75.75.75.75 75.75.76.76
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    x64-Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
    x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
    x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Kimberly Elser APNS\AppData\Roaming\Mozilla\Firefox\Profiles\kik13h99.default-1342717782139\
    FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/?shva=1#inbox|https://www.facebook.com/|https://cms.blazernet.uab.edu/cgi-bin/bb9login
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\System32\drivers\aswNdis.sys [2011-10-8 12368]
    R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\System32\drivers\aswNdis2.sys [2011-10-8 262656]
    R1 aswFW;avast! TDI Firewall driver;C:\Windows\System32\drivers\aswFW.sys [2011-10-8 132864]
    R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-2-26 21136]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-10-8 984144]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-10-8 370288]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-10-8 25232]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-10-8 71600]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-12 44808]
    R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-11-12 133912]
    R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-1-31 375728]
    R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-4-15 72216]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-20 398184]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-20 682344]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-15 1153368]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
    R3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2007-6-20 409600]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-4-30 76056]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-4-30 15128]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-4-15 24176]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8187B.sys [2010-3-31 450048]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
    S3 SrvHsfPCI;SrvHsfPCI;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-10-8 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-8 1255736]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2013-01-01 15:50:03 710504 ----a-w- C:\Windows\isRS-000.tmp
    2013-01-01 15:49:41 -------- d-----w- C:\Users\Kimberly Elser APNS\AppData\Local\Programs
    2013-01-01 07:13:52 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AC45A46F-995C-42A1-91AB-FA2EF79E241D}\offreg.dll
    2012-12-31 21:22:30 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AC45A46F-995C-42A1-91AB-FA2EF79E241D}\mpengine.dll
    2012-12-24 18:54:48 741480 ------w- C:\Windows\System32\HPDiscoPM5912.dll
    2012-12-22 14:46:25 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-22 14:46:25 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-22 14:46:19 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-22 14:46:16 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-12 16:55:52 424960 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-12-12 16:54:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-12-12 16:54:51 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-12-12 16:54:39 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-12-12 16:54:33 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-12-12 16:54:33 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    .
    ==================== Find3M ====================
    .
    2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-04 14:47:52 88008 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
    2012-11-04 14:47:51 83880 ----a-w- C:\Windows\System32\LMIinit.dll
    2012-11-04 14:47:51 35240 ----a-w- C:\Windows\System32\LMIport.dll
    2012-10-30 23:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-10-30 23:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-10-30 23:51:55 262656 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
    2012-10-30 23:51:55 21136 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
    2012-10-30 23:51:53 132864 ----a-w- C:\Windows\System32\drivers\aswFW.sys
    2012-10-30 23:51:07 41224 ----a-w- C:\Windows\avastSS.scr
    2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
    2012-10-15 16:59:28 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2012-10-11 02:22:54 2428776 ----a-w- C:\Windows\SysWow64\nvapi.dll
    2012-10-11 02:22:52 26331496 ----a-w- C:\Windows\System32\nvoglv64.dll
    2012-10-11 02:22:52 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll
    2012-10-11 02:22:32 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
    2012-10-11 02:22:26 2747240 ----a-w- C:\Windows\System32\nvcuvid.dll
    2012-10-11 02:22:24 19906920 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
    2012-10-11 02:22:18 13443944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
    2012-10-11 02:22:14 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
    2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
    2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
    2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
    2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
    2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
    2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
    2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
    2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
    .
    ============= FINISH: 12:08:34.15 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/8/2011 5:22:01 PM
    System Uptime: 1/1/2013 11:06:24 AM (1 hours ago)
    .
    Motherboard: Gateway | | RS780
    Processor: AMD Phenom(tm) 9100e Quad-Core Processor | AM2 | 1800/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 581 GiB total, 454.361 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 7.928 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is FIXED (NTFS) - 596 GiB total, 175.188 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP193: 12/26/2012 9:54:51 PM - Windows Update
    RP194: 12/30/2012 1:00:22 AM - Windows Backup
    RP195: 12/31/2012 4:21:20 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    64 Bit HP CIO Components Installer
    Adobe AIR
    Adobe Flash Player 11 ActiveX 64-bit
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    avast! Internet Security
    Bonjour
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dropbox
    Easy Picture2Icon 3.0
    EndNote X5
    eReg
    Flip Image
    Flip PDF
    Flip PowerPoint
    Flip Printer
    Flip Word
    Flip Writer
    Gadwin PrintScreen
    GoToMeeting 5.1.0.880
    GPL Ghostscript 8.71
    HP FWUpdateEDO2
    HP Officejet Pro 8600 Basic Device Software
    HP Officejet Pro 8600 Help
    HP Update
    I.R.I.S. OCR
    IBM SPSS Statistics 20
    iTunes
    Java 7 Update 7
    Java Auto Updater
    Java(TM) 6 Update 26
    JavaFX 2.1.0
    Logitech SetPoint 6.30
    LogMeIn
    Magical Jelly Bean KeyFinder
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft SharedView
    Microsoft Silverlight
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 17.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NinjaTrader 7
    NVIDIA 3D Vision Driver 306.97
    NVIDIA Control Panel 306.97
    NVIDIA Graphics Driver 306.97
    NVIDIA Install Application
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.10.8
    NVIDIA Update Components
    QuickTime
    ResearchSoft Direct Export Helper
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    Skype Click to Call
    Skype™ 6.0
    Soft Data Fax Modem with SmartCP
    Spybot - Search & Destroy
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/1/2013 11:09:10 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    1/1/2013 11:09:10 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
    .
    ==== End Of File ===========================

    Thank you for the look and I appreciate your expertise.
    Kim Elser
    newly updated all my info email for this forum
     
  2. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Hi ToyFoxPatch,
    I am giving you quite a bit to do here. Just take one step at a time.
    -----------------------------------------------------------
    Since it is a System protective program, TeaTimer interferes with the orderly removal of certain system infections.
    Temporarily Disable Spybot's TeaTimer Protection
    Start Spybot Search & Destroy
    In the top menu, click Mode
    Check Advanced Mode if it is not already checked. OK the selection if necessary.
    In the bottom of the left pane, click on Tools
    From the new left pane list, click on Resident
    Uncheck the box in the middle labeled "Resident "TeaTimer"(Protection of overall system settings) active.
    From the top menu, click on File, Exit.
    ------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Programs and Features
    Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

    Java(TM) 6 Update 26
    Java 7 Update 7

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    ---------------------------------------------
    Download the OTL Scanner
    Please download OTL.exe by OldTimer and save it to your desktop.
    ---------------------------------------------
    Run a Scan with OTL
    • Right click the OTL icon and choose "Run as administrator" to run it.
    • Check the box at the top, labeled Include 64 bit scans
    • Check the boxes labeled :
      • Scan All Users
      • LOP check
      • Purity check
      • Extra Registry > Use SafeList
    • Make sure all other windows are closed to let it run uninterrupted.
    • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
    OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
    The Extras.txt file will only appear the very first time you run OTL.
    Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.
    ---------------------------------------------
    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1 (64-bit)
    Download Mirror #2 (64-bit)

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :Filefind
      "tarma*
      *yontoo*
      
      :Folderfind
      *tarma*
      *yontoo*
      
      :Regfind
      10DE7085-6A1E-4D41-A7BF-9AF93E351401
      1AD27395-1659-4DFF-A319-2CFA243861A5
      CFDAFE39-20CE-451D-BD45-A37452F39CF0
      D372567D-67C1-4B29-B3F0-159B52B3E967
      FD72061E-9FDE-484D-A58A-0BAB4151CAD8
      niapdbllcanepiiimjjndipklodoedlc
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The results log can also be found on your Desktop, entitled SystemLook.txt

    So we are looking for the two logs from OTL, and the Log from SystemLook.
    Feel free to post each as a separate reply if more convenient.

    askey127
     
  3. ToyFoxPatch

    ToyFoxPatch Thread Starter

    Joined:
    Jul 7, 2003
    Messages:
    37
    Hey thanks for the reply and helping me with this issue.
    Here is the OTL.Txt

    OTL logfile created on: 1/7/2013 6:41:23 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kimberly Elser APNS\Downloads
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 54.07% Memory free
    8.00 Gb Paging File | 6.08 Gb Available in Paging File | 76.05% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 580.72 Gb Total Space | 452.63 Gb Free Space | 77.94% Space Free | Partition Type: NTFS
    Drive D: | 15.45 Gb Total Space | 7.93 Gb Free Space | 51.31% Space Free | Partition Type: NTFS

    Computer Name: KIMS-PC | User Name: Kimberly Elser APNS | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/07 18:38:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kimberly Elser APNS\Downloads\OTL(2).exe
    PRC - [2012/08/21 04:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/08/21 04:12:23 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
    PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/05/21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2011/05/03 04:18:01 | 000,487,424 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
    PRC - [2010/10/21 15:53:54 | 001,211,216 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\sp6\LU\LogitechUpdate.exe
    PRC - [2010/10/21 15:53:46 | 000,341,328 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\sp6\LU\LULnchr.exe
    PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2012/08/21 04:12:23 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
    SRV:64bit: - [2011/06/17 02:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2007/06/29 08:11:36 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.exe -- (XAudioService)
    SRV - [2013/01/02 18:06:39 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/01/02 14:10:01 | 000,147,888 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
    SRV - [2013/01/02 14:09:26 | 000,375,728 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2012/11/09 12:21:16 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/09/16 13:10:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
    SRV - [2011/05/21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/01/02 14:09:28 | 000,088,008 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV:64bit: - [2012/11/28 05:48:36 | 000,010,112 | ---- | M] (support.com, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssmirrdr.sys -- (ssmirrdr)
    DRV:64bit: - [2012/08/21 04:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/08/21 04:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/08/21 04:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/08/21 04:13:12 | 000,266,776 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
    DRV:64bit: - [2012/08/21 04:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/08/21 04:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012/08/21 04:13:11 | 000,142,128 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
    DRV:64bit: - [2012/08/21 04:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/08/21 04:13:11 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/09/16 13:10:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV:64bit: - [2011/09/16 13:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
    DRV:64bit: - [2011/09/06 15:10:01 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
    DRV:64bit: - [2011/04/30 06:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2011/04/30 06:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2011/04/30 06:59:10 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
    DRV:64bit: - [2011/04/30 06:59:10 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/03/31 02:10:18 | 000,450,048 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)
    DRV:64bit: - [2009/09/28 08:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (SrvHsfPCI)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2007/06/29 08:11:24 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
    DRV:64bit: - [2007/06/20 03:32:58 | 001,478,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
    DRV:64bit: - [2007/06/20 03:30:22 | 000,409,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWBS2.sys -- (CAXHWBS2)
    DRV:64bit: - [2007/06/20 03:29:14 | 000,740,352 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
    DRV:64bit: - [2006/06/19 05:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
    DRV - [2011/09/16 13:10:50 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-47288798-129912651-3328559107-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-47288798-129912651-3328559107-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-47288798-129912651-3328559107-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-47288798-129912651-3328559107-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 91 65 71 46 01 86 CC 01 [binary data]
    IE - HKU\S-1-5-21-47288798-129912651-3328559107-1001\..\SearchScopes,DefaultScope = {C50F1A76-3E1E-46FA-8189-D7305945F818}
    IE - HKU\S-1-5-21-47288798-129912651-3328559107-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-47288798-129912651-3328559107-1001\..\SearchScopes\{C50F1A76-3E1E-46FA-8189-D7305945F818}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=E78996DB-87C9-4999-9CFA-4F2FCFCE70E0&apn_sauid=AA4B3288-F19D-4CF8-8D04-9E10AC9F36B6
    IE - HKU\S-1-5-21-47288798-129912651-3328559107-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-47288798-129912651-3328559107-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Bing"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/?shva=1#inbox"
    FF - prefs.js..extensions.enabledAddons: [email protected]:7.0.1456
    FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.type: 0


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/01/02 14:08:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/02 18:06:42 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/03/11 14:16:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimberly Elser APNS\AppData\Roaming\Mozilla\Extensions
    [2012/07/18 21:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimberly Elser APNS\AppData\Roaming\Mozilla\Firefox\Profiles\i4aeh3bh.default\extensions
    [2012/10/25 08:52:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimberly Elser APNS\AppData\Roaming\Mozilla\Firefox\Profiles\kik13h99.default-1342717782139\extensions
    [2012/07/18 20:39:45 | 000,002,568 | ---- | M] () -- C:\Users\Kimberly Elser APNS\AppData\Roaming\Mozilla\Firefox\Profiles\i4aeh3bh.default\searchplugins\askcom.xml
    [2012/04/06 11:03:50 | 000,001,235 | ---- | M] () -- C:\Users\Kimberly Elser APNS\AppData\Roaming\Mozilla\Firefox\Profiles\i4aeh3bh.default\searchplugins\search-the-web.xml
    [2012/10/26 19:11:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/10/26 19:11:46 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/01/02 14:08:24 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2013/01/02 18:06:41 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2013/01/02 18:06:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2013/01/02 18:06:32 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
    O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-47288798-129912651-3328559107-1001..\Run: [APDF Printer Moniter X64] C:\Program Files (x86)\Flip Printer\PrintMonitor.exe ()
    O4 - HKU\S-1-5-21-47288798-129912651-3328559107-1001..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
    O4 - HKU\S-1-5-21-47288798-129912651-3328559107-1001..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
    O4 - HKU\S-1-5-21-47288798-129912651-3328559107-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-21-47288798-129912651-3328559107-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Kimberly Elser APNS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2013/01/02 16:33:54 | 000,000,000 | -H-D | M]
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-47288798-129912651-3328559107-1001\..Trusted Domains: csod.com ([washpost] https in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 10.10.2)
    O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{007E93D2-8036-42C9-9AFC-E585B6930D57}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DD24FFA-01DC-4835-8619-9B871859E0A5}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/03/16 09:49:12 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/07 18:27:11 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2013/01/05 10:54:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2013/01/05 10:54:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2013/01/05 10:18:39 | 000,000,000 | ---D | C] -- C:\Users\Kimberly Elser APNS\AppData\Roaming\SPSSInc
    [2013/01/02 17:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2013/01/02 17:15:20 | 000,741,480 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM5912.dll
    [2013/01/02 16:47:18 | 000,000,000 | ---D | C] -- C:\Users\Kimberly Elser APNS\Documents\STK
    [2013/01/02 16:34:15 | 000,000,000 | ---D | C] -- C:\Users\Kimberly Elser APNS\AppData\Roaming\OpswatLogs
    [2013/01/02 16:33:54 | 000,000,000 | -H-D | C] -- C:\Users\Kimberly Elser APNS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
    [2013/01/02 16:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\support.com
    [2013/01/02 16:10:22 | 000,000,000 | ---D | C] -- C:\Users\Kimberly Elser APNS\AppData\Roaming\supportdotcom
    [2013/01/02 16:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\supportdotcom
    [2013/01/02 14:21:14 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013/01/02 14:21:14 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013/01/02 14:21:14 | 000,095,184 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013/01/01 10:49:41 | 000,000,000 | ---D | C] -- C:\Users\Kimberly Elser APNS\AppData\Local\Programs

    ========== Files - Modified Within 30 Days ==========

    [2013/01/07 18:46:18 | 000,740,322 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/01/07 18:46:18 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/01/07 18:46:18 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/01/07 18:39:24 | 000,018,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/07 18:39:24 | 000,018,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/07 18:32:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/07 18:32:21 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/06 21:20:27 | 000,024,836 | ---- | M] () -- C:\Users\Kimberly Elser APNS\Documents\Kim Scholarly Project.sav
    [2013/01/06 20:39:21 | 000,024,836 | ---- | M] () -- C:\Users\Kimberly Elser APNS\Documents\Kim Scholarly Project Input.sav
    [2013/01/05 10:54:56 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2013/01/02 17:19:39 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013/01/02 17:15:18 | 000,002,211 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
    [2013/01/02 14:09:28 | 000,088,008 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
    [2013/01/02 14:09:27 | 000,083,880 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
    [2013/01/02 14:09:27 | 000,035,240 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
    [2013/01/02 14:08:36 | 000,001,969 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
    [2013/01/02 14:08:29 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2013/01/02 12:39:20 | 000,178,334 | ---- | M] () -- C:\Users\Kimberly Elser APNS\Documents\My EndNote Library.enl
    [2012/12/13 18:28:32 | 000,001,046 | ---- | M] () -- C:\Users\Kimberly Elser APNS\Documents\Output1.spv
    [2012/12/13 10:13:53 | 000,468,042 | ---- | M] () -- C:\Users\Kimberly Elser APNS\Documents\Scan0005.pdf

    ========== Files Created - No Company Name ==========

    [2013/01/04 19:01:42 | 000,024,836 | ---- | C] () -- C:\Users\Kimberly Elser APNS\Documents\Kim Scholarly Project Input.sav
    [2013/01/02 17:19:39 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013/01/02 17:15:18 | 000,002,211 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
    [2012/12/13 10:13:52 | 000,468,042 | ---- | C] () -- C:\Users\Kimberly Elser APNS\Documents\Scan0005.pdf
    [2012/06/06 08:10:07 | 000,087,040 | ---- | C] () -- C:\Windows\SysWow64\pdfcmnnt.dll
    [2012/06/06 08:09:25 | 000,087,040 | ---- | C] () -- C:\Windows\pdfcmnnt.dll
    [2012/06/03 15:30:02 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2012/05/18 11:52:39 | 000,221,553 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
    [2012/05/18 11:52:39 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
    [2012/04/06 10:43:15 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
    [2012/04/06 10:43:15 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
    [2011/12/18 10:57:16 | 000,060,304 | ---- | C] () -- C:\Users\Kimberly Elser APNS\g2mdlhlpx.exe
    [2011/10/09 19:29:38 | 000,006,539 | ---- | C] () -- C:\ProgramData\Characteristic_Type.ndx
    [2011/10/09 19:29:38 | 000,002,324 | ---- | C] () -- C:\ProgramData\Characteristic_Type.FIC
    [2011/10/09 17:40:27 | 000,012,809 | ---- | C] () -- C:\ProgramData\TradeSet_Type.ndx
    [2011/10/09 17:40:27 | 000,011,813 | ---- | C] () -- C:\ProgramData\Virtual_Sets.FIC
    [2011/10/09 17:40:27 | 000,009,699 | ---- | C] () -- C:\ProgramData\Virtual_Sets.ndx
    [2011/10/09 17:40:27 | 000,006,999 | ---- | C] () -- C:\ProgramData\Standard_Comments.ndx
    [2011/10/09 17:40:27 | 000,001,719 | ---- | C] () -- C:\ProgramData\TradeSet_Type.FIC
    [2011/10/09 17:40:27 | 000,001,622 | ---- | C] () -- C:\ProgramData\Standard_Comments.FIC
    [2011/10/09 17:40:20 | 000,010,127 | ---- | C] () -- C:\ProgramData\Anomaly_Settings.ndx
    [2011/10/09 17:40:20 | 000,001,646 | ---- | C] () -- C:\ProgramData\Anomaly_Settings.FIC
    [2011/10/09 11:24:00 | 000,000,113 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2011/09/06 22:37:06 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\NtDirect.dll

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/01/02 15:26:44 | 000,000,000 | ---D | M] -- C:\Users\Kimberly Elser APNS\AppData\Roaming\Dropbox
    [2012/09/06 12:40:31 | 000,000,000 | ---D | M] -- C:\Users\Kimberly Elser APNS\AppData\Roaming\EndNote
    [2012/06/19 21:36:04 | 000,000,000 | ---D | M] -- C:\Users\Kimberly Elser APNS\AppData\Roaming\EurekaLog
    [2011/10/08 18:10:18 | 000,000,000 | ---D | M] -- C:\Users\Kimberly Elser APNS\AppData\Roaming\Leadertech
    [2013/01/02 16:34:32 | 000,000,000 | ---D | M] -- C:\Users\Kimberly Elser APNS\AppData\Roaming\OpswatLogs
    [2013/01/05 10:18:39 | 000,000,000 | ---D | M] -- C:\Users\Kimberly Elser APNS\AppData\Roaming\SPSSInc
    [2013/01/02 16:10:22 | 000,000,000 | ---D | M] -- C:\Users\Kimberly Elser APNS\AppData\Roaming\supportdotcom
    [2011/12/16 09:18:15 | 000,000,000 | ---D | M] -- C:\Users\Kimberly Elser APNS\AppData\Roaming\TeamViewer

    ========== Purity Check ==========



    < End of report >

    Here is the Extras.Txt

    OTL Extras logfile created on: 1/7/2013 6:41:23 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kimberly Elser APNS\Downloads
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 54.07% Memory free
    8.00 Gb Paging File | 6.08 Gb Available in Paging File | 76.05% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 580.72 Gb Total Space | 452.63 Gb Free Space | 77.94% Space Free | Partition Type: NTFS
    Drive D: | 15.45 Gb Total Space | 7.93 Gb Free Space | 51.31% Space Free | Partition Type: NTFS

    Computer Name: KIMS-PC | User Name: Kimberly Elser APNS | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-47288798-129912651-3328559107-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03F20E18-BB77-4216-992A-FB21D6FB595F}" = rport=138 | protocol=17 | dir=out | app=system |
    "{06C07A21-7B3D-4639-BBBF-BF70800027A7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{1C3C002D-F605-4037-908B-C3685FB5E80F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{1F6FEAC9-087B-43ED-BFFC-813AC018DB23}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{25D4986A-A966-4C5B-B8C3-F7BA71785A0B}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{2863BCDE-8B26-4FE5-8B4F-E59DB49ACED0}" = rport=137 | protocol=17 | dir=out | app=system |
    "{2B33600F-393E-42B3-87F5-0072CEDC451B}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{39F53DA2-1FFA-476E-9A45-CA83DDE55FC7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3CF92A34-9ACE-496B-8B7E-0B7740E0B1D3}" = rport=445 | protocol=6 | dir=out | app=system |
    "{3E4F538E-7409-491E-A088-F60AB974A75A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{597C830F-8586-4454-988B-5337A4FB89D9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5FCFD55F-37E0-4F35-B201-E865AE3E76CC}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
    "{64E9B092-94EF-4495-9D7A-B822EDAEBFF6}" = lport=138 | protocol=17 | dir=in | app=system |
    "{6C22C4B9-203F-4D4C-B4A4-85BA98491BB3}" = lport=445 | protocol=6 | dir=in | app=system |
    "{98510292-DA88-4AF3-915D-A1DC3AB4B6B8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A6372AD4-7BB9-4702-93B1-2EA58E10DF4D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A81500D3-A2DF-4B2D-A957-B4C81C25419E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C55566C7-10D3-4377-A60A-353195A7EF80}" = rport=139 | protocol=6 | dir=out | app=system |
    "{CA9272B6-C031-4738-9DAF-5CD8A22C9814}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{D0C5A346-26FC-4CA9-93E6-35258A912040}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{D117C9AB-688F-4C64-B8DD-A08AEA53FCEF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{D294F195-83F6-4A25-A9B4-5B6CB7567C53}" = lport=139 | protocol=6 | dir=in | app=system |
    "{D6977C23-1308-4D24-AE8F-D52F50B745EC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E2FC0A29-C9E6-476A-9139-591ECC6CD2BA}" = lport=137 | protocol=17 | dir=in | app=system |
    "{F23E326A-63E2-42A3-A0C4-8615FC73097C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0AD061BA-AC5D-420D-B38A-CCB31BD3ECB7}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
    "{154ADA04-9986-46C3-A705-F8AB43182201}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\digitalwizards.exe |
    "{22DF0361-21AC-4F58-A48B-5245C74DC675}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{24758B76-3DD8-4588-871F-E66D3FBF317D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{2869B76C-F613-4AB9-9603-230C114C6512}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\faxapplications.exe |
    "{2EFE7FDC-0E71-4881-86A1-23C0B039378F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{38FD8A4C-FCB6-41F2-BD78-DF10A53846B9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{3BF43A8E-27C4-4650-A01E-EEFCCA202677}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{3F6E8F25-089D-41C5-8048-4DB5A97B604B}" = protocol=6 | dir=out | app=system |
    "{4A304A87-D77A-4FF5-866B-260E884BDF1F}" = protocol=6 | dir=in | app=c:\users\kimberly elser apns\appdata\roaming\dropbox\bin\dropbox.exe |
    "{4AD5D612-5B45-47C2-A8CC-C618E3B83AE3}" = protocol=1 | dir=in | [email protected],-28543 |
    "{4CDA6BA7-EBAB-4C55-BA02-77AB0D25708F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{5284D4DB-8343-47FE-865A-55AB68CAA94A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{56672392-2E8C-4F3D-B133-864B34D6D137}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{56ABC4D7-236D-4EA2-8158-9CCA6EDC085D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{60B1D579-B6A5-4F18-A73F-0EC009C44288}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe |
    "{682E033C-0FFC-4A1F-AB21-B575AAF103D6}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\sendafax.exe |
    "{6A932BB7-289F-463F-B7D8-EEFC60A302A8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{7320F90B-6A92-4DB9-8D6B-A036E06D8CD0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7BADD5B0-04B4-47D3-B9EE-00D5ACEF1ACA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{7E7F97B3-9AA1-471F-91EC-DCB4D9F3DDAB}" = protocol=58 | dir=out | [email protected],-28546 |
    "{831FCBEA-6085-4FFB-B237-4699F2B3A0F3}" = protocol=17 | dir=in | app=c:\users\kimberly elser apns\appdata\roaming\dropbox\bin\dropbox.exe |
    "{837E49BE-156B-48B3-BFAE-8454070972BF}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe |
    "{A106627A-6CF0-4B77-B17B-75C68919FF02}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{A24D572D-1B7A-4A09-8546-53810D3CDC2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{B228B3A0-A3BF-4AFF-BD1C-8A7718C97004}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{BFA0FEE6-7814-44C4-97B8-A345549A79F7}" = protocol=58 | dir=in | [email protected],-28545 |
    "{C89A58FC-BD44-4D11-85EA-57015F41CFFD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{CF5B0644-5D73-42A1-8B50-7593FDB44072}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{D28F88F6-B5E5-44FA-A0B5-B83A3E940C67}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{DBF4CEB9-A5A1-4E67-BF63-A0B57E91FFFF}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe |
    "{DCD3DBCC-D576-4F26-AADC-9D3E3EC44841}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{DDD252E2-B987-41FA-BE3E-F20A21F8B3F3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{E23189BD-A391-48A0-8E84-9B09B415B004}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E9BFD900-D525-48D7-82EB-98F4A1ED4FA3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{F3078868-C991-438D-954F-44A08E26B18D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F5BCFDF6-A5A7-49D2-A8BA-458238172560}" = protocol=1 | dir=out | [email protected],-28544 |
    "{F5BD7290-80A4-4D55-BD1C-83B207AB0BCD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{FCFCF220-ADCC-40C6-BE20-FBDA31D17880}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "TCP Query User{0B54267D-B873-47B4-8175-EB2894941A74}C:\program files (x86)\ninjatrader 7\bin\ninjatrader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ninjatrader 7\bin\ninjatrader.exe |
    "TCP Query User{4FA112E0-977D-4D1C-96DA-44AF3B3935DD}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe |
    "TCP Query User{7C60EB41-1165-4933-83DB-200E03C23240}C:\program files (x86)\ninjatrader 7\bin\ninjatrader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ninjatrader 7\bin\ninjatrader.exe |
    "UDP Query User{1699544F-9489-4209-8D54-5066844AF490}C:\program files (x86)\ninjatrader 7\bin\ninjatrader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ninjatrader 7\bin\ninjatrader.exe |
    "UDP Query User{A38D010A-696D-4B07-A613-9EC2FD1DFA9E}C:\program files (x86)\ninjatrader 7\bin\ninjatrader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ninjatrader 7\bin\ninjatrader.exe |
    "UDP Query User{B941CFCF-745C-4BF1-AE00-0FAE2B807D75}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{2AF8017B-E503-408F-AACE-8A335452CAD2}" = IBM SPSS Statistics 20
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{791A06E2-340F-43B0-8FAB-62D151339362}" = HP Officejet Pro 8600 Basic Device Software
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F792E5B0-11C4-4C68-8A63-FB5F52749180}" = HP Officejet Pro 8600 Product Improvement Study
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "CCleaner" = CCleaner
    "CNXT_MODEM_PCI_HSF" = Soft Data Fax Modem with SmartCP
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "sp6" = Logitech SetPoint 6.30

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
    "{190297F8-14EC-4ECA-BFAC-72843DBFB382}" = Microsoft SharedView
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 10
    "{2BFDA78F-39F7-4537-9995-71424CFA88BB}" = LogMeIn
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{86B3F2D6-AC2B-0015-8AE1-F2F77F781B0C}" = EndNote X5
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}" = HP Officejet Pro 8600 Help
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
    "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{F32F7FC8-02AD-4E72-BD40-2B045CA191FE}" = NinjaTrader 7
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "avast" = avast! Internet Security
    "Flip Image_is1" = Flip Image
    "Flip PDF_is1" = Flip PDF
    "Flip PowerPoint_is1" = Flip PowerPoint
    "Flip Printer for Windows 64-bit_is1" = Flip Printer
    "Flip Word for Windows 64-bit_is1" = Flip Word
    "Flip Writer_is1" = Flip Writer
    "Gadwin PrintScreen" = Gadwin PrintScreen
    "GPL Ghostscript 8.71" = GPL Ghostscript 8.71
    "KeyFinder_is1" = Magical Jelly Bean KeyFinder
    "Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-47288798-129912651-3328559107-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 1/7/2013 7:33:49 PM | Computer Name = Kims-PC | Source = ESENT | ID = 455
    Description = Windows (3860) Windows: Error -1811 occurred while opening logfile
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS003E9.log.

    Error - 1/7/2013 7:33:50 PM | Computer Name = Kims-PC | Source = Windows Search Service | ID = 9000
    Description =

    Error - 1/7/2013 7:33:50 PM | Computer Name = Kims-PC | Source = Windows Search Service | ID = 7040
    Description =

    Error - 1/7/2013 7:33:50 PM | Computer Name = Kims-PC | Source = Windows Search Service | ID = 7042
    Description =

    Error - 1/7/2013 7:33:50 PM | Computer Name = Kims-PC | Source = Windows Search Service | ID = 9002
    Description =

    Error - 1/7/2013 7:33:50 PM | Computer Name = Kims-PC | Source = Windows Search Service | ID = 3029
    Description =

    Error - 1/7/2013 7:33:54 PM | Computer Name = Kims-PC | Source = Windows Search Service | ID = 3029
    Description =

    Error - 1/7/2013 7:33:54 PM | Computer Name = Kims-PC | Source = Windows Search Service | ID = 3028
    Description =

    Error - 1/7/2013 7:33:54 PM | Computer Name = Kims-PC | Source = Windows Search Service | ID = 3058
    Description =

    Error - 1/7/2013 7:33:54 PM | Computer Name = Kims-PC | Source = Windows Search Service | ID = 7010
    Description =

    [ System Events ]
    Error - 10/3/2012 2:50:04 PM | Computer Name = Kims-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 2:47:07 PM on ?10/?3/?2012 was unexpected.

    Error - 10/17/2012 9:42:48 AM | Computer Name = Kims-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 4:00:09 AM on ?10/?17/?2012 was unexpected.

    Error - 10/26/2012 6:29:36 PM | Computer Name = Kims-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 1:40:06 PM on ?10/?26/?2012 was unexpected.

    Error - 10/27/2012 10:47:37 AM | Computer Name = Kims-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 8:16:38 PM on ?10/?26/?2012 was unexpected.

    Error - 11/5/2012 8:45:39 AM | Computer Name = Kims-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk6\DR6.

    Error - 11/5/2012 8:45:39 AM | Computer Name = Kims-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk6\DR6.

    Error - 11/5/2012 8:45:40 AM | Computer Name = Kims-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk6\DR6.

    Error - 11/5/2012 8:45:40 AM | Computer Name = Kims-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk6\DR6.

    Error - 11/19/2012 9:12:18 PM | Computer Name = Kims-PC | Source = Service Control Manager | ID = 7023
    Description = The Windows Time service terminated with the following error: %%1115

    Error - 11/22/2012 4:25:31 PM | Computer Name = Kims-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 3:23:44 PM on ?11/?22/?2012 was unexpected.


    < End of report >


    Let me do the next steps and send another reply

    Kim:cool:
     
  4. ToyFoxPatch

    ToyFoxPatch Thread Starter

    Joined:
    Jul 7, 2003
    Messages:
    37
    Here is the SystemLook.txt log

    SystemLook 30.07.11 by jpshortstuff
    Log created at 19:17 on 07/01/2013 by Kimberly Elser APNS
    Administrator - Elevation successful

    ========== Filefind ==========

    Searching for ""tarma*"
    No files found.

    Searching for "*yontoo*"
    C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage.zip --a---- 584 bytes [16:02 01/01/2013] [16:02 01/01/2013] A833E9674ECB3C2DC51DD2003C680781
    C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage1.zip --a---- 585 bytes [16:02 01/01/2013] [16:02 01/01/2013] 2AD51348C5088F452105299B02F20258
    C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage2.zip --a---- 584 bytes [16:05 01/01/2013] [16:05 01/01/2013] 73AA68D1AAB5DBF211E355C734D61DFB
    C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage3.zip --a---- 585 bytes [16:57 01/01/2013] [16:57 01/01/2013] CDD5CB8D87E7BF32F0958F2CF3CA5FA4
    C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage4.zip --a---- 585 bytes [19:40 02/01/2013] [19:40 02/01/2013] 224E15A9B2D09B928216014AE0BABF1C
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage.zip --a---- 584 bytes [16:02 01/01/2013] [16:02 01/01/2013] A833E9674ECB3C2DC51DD2003C680781
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage1.zip --a---- 585 bytes [16:02 01/01/2013] [16:02 01/01/2013] 2AD51348C5088F452105299B02F20258
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage2.zip --a---- 584 bytes [16:05 01/01/2013] [16:05 01/01/2013] 73AA68D1AAB5DBF211E355C734D61DFB
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage3.zip --a---- 585 bytes [16:57 01/01/2013] [16:57 01/01/2013] CDD5CB8D87E7BF32F0958F2CF3CA5FA4
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage4.zip --a---- 585 bytes [19:40 02/01/2013] [19:40 02/01/2013] 224E15A9B2D09B928216014AE0BABF1C
    C:\Windows.old\Program Files (x86)\Corel\Corel Paint Shop Pro Photo XI\Presets\Preset_CrayonTool_ Normal.PspScript --a---- 962 bytes [15:00 04/08/2006] [15:00 04/08/2006] 36B916F691CB1C4740EEA97672DC91DE
    C:\Windows.old\Program Files (x86)\Corel\Corel Paint Shop Pro Photo XI\Presets\Preset_CrayonTool_Chisel tip fine.PspScript --a---- 957 bytes [15:00 04/08/2006] [15:00 04/08/2006] 8A88404102953646D865ABD0F92AD02F
    C:\Windows.old\Program Files (x86)\Corel\Corel Paint Shop Pro Photo XI\Presets\Preset_CrayonTool_Chisel tip large.PspScript --a---- 959 bytes [15:00 04/08/2006] [15:00 04/08/2006] FD9A86CCE40BE5E934EF592D9214C5D3
    C:\Windows.old\Program Files (x86)\Corel\Corel Paint Shop Pro Photo XI\Presets\Preset_CrayonTool_Chisel tip medium.PspScript --a---- 958 bytes [15:00 04/08/2006] [15:00 04/08/2006] 958D564CF803A32CD4E18AB4FB1C1A16
    C:\Windows.old\Program Files (x86)\Corel\Corel Paint Shop Pro Photo XI\Presets\Preset_CrayonTool_Round tip fine.PspScript --a---- 961 bytes [15:00 04/08/2006] [15:00 04/08/2006] E23C47D8954FA44319F17A5D2CE67FF7
    C:\Windows.old\Program Files (x86)\Corel\Corel Paint Shop Pro Photo XI\Presets\Preset_CrayonTool_Round tip large.PspScript --a---- 963 bytes [15:00 04/08/2006] [15:00 04/08/2006] 7326E91B70B65C91DE6ACF741D5C7BDE
    C:\Windows.old\Program Files (x86)\Corel\Corel Paint Shop Pro Photo XI\Presets\Preset_CrayonTool_Round tip medium.PspScript --a---- 962 bytes [15:00 04/08/2006] [15:00 04/08/2006] 36B916F691CB1C4740EEA97672DC91DE
    C:\Windows.old\Program Files (x86)\Corel\Corel Paint Shop Pro Photo XI\Presets\Preset_CrayonTool_Square tip fine.PspScript --a---- 960 bytes [15:00 04/08/2006] [15:00 04/08/2006] F9D7DFE9ECBF1CC9240DDAB0EF3015B9
    C:\Windows.old\Program Files (x86)\Corel\Corel Paint Shop Pro Photo XI\Presets\Preset_CrayonTool_Square tip large.PspScript --a---- 963 bytes [15:00 04/08/2006] [15:00 04/08/2006] 0E6DEBF631486FC065065F96CEB02DD8
    C:\Windows.old\Program Files (x86)\Corel\Corel Paint Shop Pro Photo XI\Presets\Preset_CrayonTool_Square tip medium.PspScript --a---- 961 bytes [15:00 04/08/2006] [15:00 04/08/2006] 3DA93D89A737C4A05C0F3E270B643B03

    ========== Folderfind ==========

    Searching for "*tarma*"
    C:\ProgramData\Tarma Installer d------ [15:50 06/04/2012]
    C:\Users\All Users\Tarma Installer d------ [15:50 06/04/2012]

    Searching for "*yontoo*"
    No folders found.

    ========== Regfind ==========

    Searching for "10DE7085-6A1E-4D41-A7BF-9AF93E351401"
    No data found.

    Searching for "1AD27395-1659-4DFF-A319-2CFA243861A5"
    No data found.

    Searching for "CFDAFE39-20CE-451D-BD45-A37452F39CF0"
    No data found.

    Searching for "D372567D-67C1-4B29-B3F0-159B52B3E967"
    No data found.

    Searching for "FD72061E-9FDE-484D-A58A-0BAB4151CAD8"
    No data found.

    Searching for "niapdbllcanepiiimjjndipklodoedlc"
    No data found.

    -= EOF =-


    Again I appreciate your assistance in this matter.
    As a sidebar, I need to be able to access online virtual classrooms to teach my courses. Therefore I need Java. I did uninstall the one that you said with the "26" associated with it, but there was not a 7 Java 7. I have a Java update 10....Should I uninstall that, and if I do will I still be able to utilize my virtual classrooms?


    Kim
     
  5. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    ToyFoxPatch,
    The Java 7 Update 10 program is just fine.
    When you posted originally, the log showed Java 7 Update 7, and I wanted to install what you have now.

    ----------------------------------------------
    Perform a Custom Fix with OTL
    Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
    • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code:
      :Commands
      [CREATERESTOREPOINT]
      
      :OTL
      FF - prefs.js..browser.search.defaultengine: "Ask.com"
      FF - prefs.js..browser.search.defaultenginename: "Ask.com"
      FF - prefs.js..browser.search.order.1: "Ask.com"
      [2012/07/18 20:39:45 | 000,002,568 | ---- | M] () -- C:\Users\Kimberly Elser APNS\AppData\Roaming\Mozilla\Firefox\Profiles\i4aeh3bh.default\searchplugin s\askcom.xml
      [2012/04/06 11:03:50 | 000,001,235 | ---- | M] () -- C:\Users\Kimberly Elser APNS\AppData\Roaming\Mozilla\Firefox\Profiles\i4aeh3bh.default\searchplugin s\search-the-web.xml
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      
      :Files
      C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage.zip
      C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage1.zip
      C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage2.zip
      C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage3.zip
      C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage4.zip
      C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage.zip
      C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage1.zip
      C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage2.zip
      C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage3.zip
      C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage4.zip
      ipconfig /flushdns /c
      
      :Commands
      [emptyjava]
      [emptyflash] 
      [EMPTYTEMP]
      
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, and click to allow the Reboot when it is done.
      When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    • Copy the contents of that "Fix log" file and post it in your next reply.
      The file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
    ----------------------------------------------
    After posting the Resulting log, Please Rescan as follows:
    Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in your next reply.

    So we are looking for the contents of the FIX log, and the contents of OTL.txt from a fresh Quick Scan.

    askey127
     
  6. ToyFoxPatch

    ToyFoxPatch Thread Starter

    Joined:
    Jul 7, 2003
    Messages:
    37
    OLT fix log:


    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== OTL ==========
    Prefs.js: "Ask.com" removed from browser.search.defaultengine
    Prefs.js: "Ask.com" removed from browser.search.defaultenginename
    Prefs.js: "Ask.com" removed from browser.search.order.1
    File C:\Users\Kimberly Elser APNS\AppData\Roaming\Mozilla\Firefox\Profiles\i4aeh3bh.default\searchplugin s\askcom.xml not found.
    File C:\Users\Kimberly Elser APNS\AppData\Roaming\Mozilla\Firefox\Profiles\i4aeh3bh.default\searchplugin s\search-the-web.xml not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    ========== FILES ==========
    C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage.zip moved successfully.
    C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage1.zip moved successfully.
    C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage2.zip moved successfully.
    C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage3.zip moved successfully.
    C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage4.zip moved successfully.
    File\Folder C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage.zip not found.
    File\Folder C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage1.zip not found.
    File\Folder C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage2.zip not found.
    File\Folder C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage3.zip not found.
    File\Folder C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage4.zip not found.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Kimberly Elser APNS\Downloads\cmd.bat deleted successfully.
    C:\Users\Kimberly Elser APNS\Downloads\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Kimberly Elser APNS
    ->Java cache emptied: 29682706 bytes

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 28.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 56475 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Kimberly Elser APNS
    ->Flash cache emptied: 57206 bytes

    User: Public

    User: UpdatusUser
    ->Flash cache emptied: 56475 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Kimberly Elser APNS
    ->Temp folder emptied: 634162 bytes
    ->Temporary Internet Files folder emptied: 49554 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 153494468 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 55852445 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84726 bytes
    RecycleBin emptied: 282 bytes

    Total Files Cleaned = 200.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 01082013_192028

    Files\Folders moved on Reboot...
    C:\Users\Kimberly Elser APNS\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

    Let me do the next step and post that log for you...
    Kim
     
  7. ToyFoxPatch

    ToyFoxPatch Thread Starter

    Joined:
    Jul 7, 2003
    Messages:
    37
    OTL logfile created on: 1/8/2013 7:29:04 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kimberly Elser APNS\Downloads
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 53.84% Memory free
    8.00 Gb Paging File | 6.02 Gb Available in Paging File | 75.26% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 580.72 Gb Total Space | 453.12 Gb Free Space | 78.03% Space Free | Partition Type: NTFS
    Drive D: | 15.45 Gb Total Space | 7.93 Gb Free Space | 51.31% Space Free | Partition Type: NTFS

    Computer Name: KIMS-PC | User Name: Kimberly Elser APNS | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/08 19:17:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kimberly Elser APNS\Downloads\OTL(3).exe
    PRC - [2013/01/02 18:06:41 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012/10/10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/08/21 04:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/08/21 04:12:23 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
    PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/07/19 12:24:57 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
    PRC - [2011/05/03 04:18:01 | 000,487,424 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
    PRC - [2010/10/21 15:53:54 | 001,211,216 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\sp6\LU\LogitechUpdate.exe
    PRC - [2010/10/21 15:53:46 | 000,341,328 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\sp6\LU\LULnchr.exe
    PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/01/02 18:06:39 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2012/07/19 12:24:56 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
    MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2012/08/21 04:12:23 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
    SRV:64bit: - [2011/06/17 02:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2007/06/29 08:11:36 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.exe -- (XAudioService)
    SRV - [2013/01/02 18:06:39 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/01/02 14:10:01 | 000,147,888 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
    SRV - [2013/01/02 14:09:26 | 000,375,728 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2012/11/09 12:21:16 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/10/10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/09/16 13:10:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/01/02 14:09:28 | 000,088,008 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV:64bit: - [2012/11/28 05:48:36 | 000,010,112 | ---- | M] (support.com, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssmirrdr.sys -- (ssmirrdr)
    DRV:64bit: - [2012/08/21 04:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/08/21 04:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/08/21 04:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/08/21 04:13:12 | 000,266,776 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
    DRV:64bit: - [2012/08/21 04:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/08/21 04:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012/08/21 04:13:11 | 000,142,128 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
    DRV:64bit: - [2012/08/21 04:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/08/21 04:13:11 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/09/16 13:10:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV:64bit: - [2011/09/16 13:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
    DRV:64bit: - [2011/09/06 15:10:01 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
    DRV:64bit: - [2011/04/30 06:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2011/04/30 06:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2011/04/30 06:59:10 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
    DRV:64bit: - [2011/04/30 06:59:10 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/03/31 02:10:18 | 000,450,048 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)
    DRV:64bit: - [2009/09/28 08:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (SrvHsfPCI)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2007/06/29 08:11:24 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
    DRV:64bit: - [2007/06/20 03:32:58 | 001,478,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
    DRV:64bit: - [2007/06/20 03:30:22 | 000,409,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWBS2.sys -- (CAXHWBS2)
    DRV:64bit: - [2007/06/20 03:29:14 | 000,740,352 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
    DRV:64bit: - [2006/06/19 05:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
    DRV - [2011/09/16 13:10:50 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 91 65 71 46 01 86 CC 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {C50F1A76-3E1E-46FA-8189-D7305945F818}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{C50F1A76-3E1E-46FA-8189-D7305945F818}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=E78996DB-87C9-4999-9CFA-4F2FCFCE70E0&apn_sauid=AA4B3288-F19D-4CF8-8D04-9E10AC9F36B6
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Bing"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/?shva=1#inbox"
    FF - prefs.js..extensions.enabledAddons: [email protected]:7.0.1456
    FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.type: 0


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/01/02 14:08:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/02 18:06:42 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/03/11 14:16:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimberly Elser APNS\AppData\Roaming\Mozilla\Extensions
    [2012/07/18 21:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimberly Elser APNS\AppData\Roaming\Mozilla\Firefox\Profiles\i4aeh3bh.default\extensions
    [2012/10/25 08:52:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimberly Elser APNS\AppData\Roaming\Mozilla\Firefox\Profiles\kik13h99.default-1342717782139\extensions
    [2012/07/18 20:39:45 | 000,002,568 | ---- | M] () -- C:\Users\Kimberly Elser APNS\AppData\Roaming\Mozilla\Firefox\Profiles\i4aeh3bh.default\searchplugins\askcom.xml
    [2012/04/06 11:03:50 | 000,001,235 | ---- | M] () -- C:\Users\Kimberly Elser APNS\AppData\Roaming\Mozilla\Firefox\Profiles\i4aeh3bh.default\searchplugins\search-the-web.xml
    [2012/10/26 19:11:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/10/26 19:11:46 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/01/02 14:08:24 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2013/01/02 18:06:41 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2013/01/02 18:06:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2013/01/02 18:06:32 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
    O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKCU..\Run: [APDF Printer Moniter X64] C:\Program Files (x86)\Flip Printer\PrintMonitor.exe ()
    O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
    O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
    O4 - Startup: C:\Users\Kimberly Elser APNS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2013/01/02 16:33:54 | 000,000,000 | -H-D | M]
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: csod.com ([washpost] https in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 10.10.2)
    O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{007E93D2-8036-42C9-9AFC-E585B6930D57}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DD24FFA-01DC-4835-8619-9B871859E0A5}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/03/16 09:49:12 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/08 19:20:28 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/01/07 19:14:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    [2013/01/05 10:54:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2013/01/05 10:54:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2013/01/05 10:18:39 | 000,000,000 | ---D | C] -- C:\Users\Kimberly Elser APNS\AppData\Roaming\SPSSInc
    [2013/01/02 17:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2013/01/02 16:47:18 | 000,000,000 | ---D | C] -- C:\Users\Kimberly Elser APNS\Documents\STK
    [2013/01/02 16:34:15 | 000,000,000 | ---D | C] -- C:\Users\Kimberly Elser APNS\AppData\Roaming\OpswatLogs
    [2013/01/02 16:33:54 | 000,000,000 | -H-D | C] -- C:\Users\Kimberly Elser APNS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
    [2013/01/02 16:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\support.com
    [2013/01/02 16:10:22 | 000,000,000 | ---D | C] -- C:\Users\Kimberly Elser APNS\AppData\Roaming\supportdotcom
    [2013/01/02 16:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\supportdotcom
    [2013/01/01 10:49:41 | 000,000,000 | ---D | C] -- C:\Users\Kimberly Elser APNS\AppData\Local\Programs

    ========== Files - Modified Within 30 Days ==========

    [2013/01/08 19:30:52 | 000,018,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/08 19:30:52 | 000,018,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/08 19:22:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/08 19:22:45 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/07 19:12:16 | 000,416,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/01/07 18:59:36 | 000,740,322 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/01/07 18:59:36 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/01/07 18:59:36 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/01/06 21:20:27 | 000,024,836 | ---- | M] () -- C:\Users\Kimberly Elser APNS\Documents\Kim Scholarly Project.sav
    [2013/01/06 20:39:21 | 000,024,836 | ---- | M] () -- C:\Users\Kimberly Elser APNS\Documents\Kim Scholarly Project Input.sav
    [2013/01/05 10:54:56 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2013/01/02 17:19:39 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013/01/02 17:15:18 | 000,002,211 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
    [2013/01/02 14:09:28 | 000,088,008 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
    [2013/01/02 14:09:27 | 000,083,880 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
    [2013/01/02 14:09:27 | 000,035,240 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
    [2013/01/02 14:08:36 | 000,001,969 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
    [2013/01/02 14:08:29 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2013/01/02 12:39:20 | 000,178,334 | ---- | M] () -- C:\Users\Kimberly Elser APNS\Documents\My EndNote Library.enl
    [2012/12/13 18:28:32 | 000,001,046 | ---- | M] () -- C:\Users\Kimberly Elser APNS\Documents\Output1.spv
    [2012/12/13 10:13:53 | 000,468,042 | ---- | M] () -- C:\Users\Kimberly Elser APNS\Documents\Scan0005.pdf

    ========== Files Created - No Company Name ==========

    [2013/01/07 18:56:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2013/01/07 18:39:10 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2013/01/04 19:01:42 | 000,024,836 | ---- | C] () -- C:\Users\Kimberly Elser APNS\Documents\Kim Scholarly Project Input.sav
    [2013/01/02 17:19:39 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013/01/02 17:15:18 | 000,002,211 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
    [2012/12/13 10:13:52 | 000,468,042 | ---- | C] () -- C:\Users\Kimberly Elser APNS\Documents\Scan0005.pdf
    [2012/06/06 08:10:07 | 000,087,040 | ---- | C] () -- C:\Windows\SysWow64\pdfcmnnt.dll
    [2012/06/06 08:09:25 | 000,087,040 | ---- | C] () -- C:\Windows\pdfcmnnt.dll
    [2012/06/03 15:30:02 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2012/05/18 11:52:39 | 000,221,553 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
    [2012/05/18 11:52:39 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
    [2012/04/06 10:43:15 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
    [2012/04/06 10:43:15 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
    [2011/12/18 10:57:16 | 000,060,304 | ---- | C] () -- C:\Users\Kimberly Elser APNS\g2mdlhlpx.exe
    [2011/10/09 19:29:38 | 000,006,539 | ---- | C] () -- C:\ProgramData\Characteristic_Type.ndx
    [2011/10/09 19:29:38 | 000,002,324 | ---- | C] () -- C:\ProgramData\Characteristic_Type.FIC
    [2011/10/09 17:40:27 | 000,012,809 | ---- | C] () -- C:\ProgramData\TradeSet_Type.ndx
    [2011/10/09 17:40:27 | 000,011,813 | ---- | C] () -- C:\ProgramData\Virtual_Sets.FIC
    [2011/10/09 17:40:27 | 000,009,699 | ---- | C] () -- C:\ProgramData\Virtual_Sets.ndx
    [2011/10/09 17:40:27 | 000,006,999 | ---- | C] () -- C:\ProgramData\Standard_Comments.ndx
    [2011/10/09 17:40:27 | 000,001,719 | ---- | C] () -- C:\ProgramData\TradeSet_Type.FIC
    [2011/10/09 17:40:27 | 000,001,622 | ---- | C] () -- C:\ProgramData\Standard_Comments.FIC
    [2011/10/09 17:40:20 | 000,010,127 | ---- | C] () -- C:\ProgramData\Anomaly_Settings.ndx
    [2011/10/09 17:40:20 | 000,001,646 | ---- | C] () -- C:\ProgramData\Anomaly_Settings.FIC
    [2011/10/09 11:24:00 | 000,000,113 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2011/09/06 22:37:06 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\NtDirect.dll

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/01/02 15:26:44 | 000,000,000 | ---D | M] -- C:\Users\Kimberly Elser APNS\AppData\Roaming\Dropbox
    [2012/09/06 12:40:31 | 000,000,000 | ---D | M] -- C:\Users\Kimberly Elser APNS\AppData\Roaming\EndNote
    [2012/06/19 21:36:04 | 000,000,000 | ---D | M] -- C:\Users\Kimberly Elser APNS\AppData\Roaming\EurekaLog
    [2011/10/08 18:10:18 | 000,000,000 | ---D | M] -- C:\Users\Kimberly Elser APNS\AppData\Roaming\Leadertech
    [2013/01/02 16:34:32 | 000,000,000 | ---D | M] -- C:\Users\Kimberly Elser APNS\AppData\Roaming\OpswatLogs
    [2013/01/05 10:18:39 | 000,000,000 | ---D | M] -- C:\Users\Kimberly Elser APNS\AppData\Roaming\SPSSInc
    [2013/01/02 16:10:22 | 000,000,000 | ---D | M] -- C:\Users\Kimberly Elser APNS\AppData\Roaming\supportdotcom
    [2011/12/16 09:18:15 | 000,000,000 | ---D | M] -- C:\Users\Kimberly Elser APNS\AppData\Roaming\TeamViewer

    ========== Purity Check ==========



    < End of report >


    Thank you. I shall await your response.
    Would like to know how to keep this type of creeper from invading me again...if possible
    Kim
     
  8. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    ToyFoxPatch,
    We are almost rid of the undesirable search settings.
    --------------------------------------------------------------
    About Toolbars
    Most toolbars are for the benefit of the purveyor, not you.
    Taking up space in your browser, and pushing their own pay-per-click services is a way for companies to make money.
    The Purveyors also get paid when you install them.
    They alter your Searches to their preferred sites.
    The features might be tempting, but there are so many bad toolbars that you're better off with NONE.
    You can Uninstall many from Control Panel > (Add/Remove) Programs.
    Unfortunately, some of the Bad ones don't Uninstall Properly.

    Some of the Self-serving toolbars are even installed as part of Antivirus programs (Avira, AVG, Norton).
    You can switch Antivirus programs.
    Free programs often include them to get some money.
    Some Toolbars you don't need : Yahoo, Google, AOL, MSN
    Some Toolbars you REALLY don't need: Ask, Conduit, MyWebSearch

    See here for hints: https://www.pcworld.com/article/261861/how_to_keep_unwanted_toolbars_out_of_your_browser.html

    ---------------------------------------------------------------------
    Manage Search Providers in Firefox
    Open Firefox.
    In the upper right in your Search box, there is a little down arrow next to the search provider icon.
    Click it and choose Manage Search Engines.
    Highlight Ask.com (or any item with Ask in it) and choose Remove. Then click OK.
    ---------------------------------------------------------------------
    Also, See here to Manage Search Providers in Internet Explorer
    http://windows.microsoft.com/en-US/internet-explorer/products/ie-9/tips/search-providers

    ----------------------------------------------
    Perform a Custom Fix with OTL
    Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
    • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code:
      :Commands
      [CREATERESTOREPOINT]
      
      :OTL
      IE - HKCU\..\SearchScopes,DefaultScope = {C50F1A76-3E1E-46FA-8189-D7305945F818}
      IE - HKCU\..\SearchScopes\{C50F1A76-3E1E-46FA-8189-D7305945F818}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_ dtid=OSJ000&apn_uid=E78996DB-87C9-4999-9CFA-4F2FCFCE70E0&apn_sauid=AA4B3288-F19D-4CF8-8D04-9E10AC9F36B6
      
      :Files
      C:\Users\Kimberly Elser APNS\AppData\Roaming\Mozilla\Firefox\Profiles\i4aeh3bh.default\searchplugin s\askcom.xml
      C:\Users\Kimberly Elser APNS\AppData\Roaming\Mozilla\Firefox\Profiles\i4aeh3bh.default\searchplugin s\search-the-web.xml
      ipconfig /flushdns /c
      
      :Commands
      [EMPTYTEMP]
      
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, and click to allow the Reboot when it is done.
      When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    • Copy the contents of that file and post it in your next reply.
      The file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log

    How is it running?
    askey127
     
  9. ToyFoxPatch

    ToyFoxPatch Thread Starter

    Joined:
    Jul 7, 2003
    Messages:
    37
    Interestingly I did not have the Ask.com in my Firefox toolbars to remove. I did open IE to check there just for laughs, cuz I don't use that but not there either.
    I am not the kind to just download a lot of things from the net. Occasionally if I purchase a program or per se when I install drivers I read the acceptance and decline any additional crap and am sure to uncheck things but perhaps I missed sometime. Do any of these things come in when the auto updates for Microsoft, adobe and Java happen...or Firefox?

    Machine seems to be running good. Can't seem to print but I will need to re-install those drivers for some reason.


    Here is the latest OTL scan

    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== OTL ==========
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C50F1A76-3E1E-46FA-8189-D7305945F818}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C50F1A76-3E1E-46FA-8189-D7305945F818}\ not found.
    ========== FILES ==========
    File\Folder C:\Users\Kimberly Elser APNS\AppData\Roaming\Mozilla\Firefox\Profiles\i4aeh3bh.default\searchplugin s\askcom.xml not found.
    File\Folder C:\Users\Kimberly Elser APNS\AppData\Roaming\Mozilla\Firefox\Profiles\i4aeh3bh.default\searchplugin s\search-the-web.xml not found.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Kimberly Elser APNS\Desktop\cmd.bat deleted successfully.
    C:\Users\Kimberly Elser APNS\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Kimberly Elser APNS
    ->Temp folder emptied: 171738 bytes
    ->Temporary Internet Files folder emptied: 994568 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 32100730 bytes
    ->Flash cache emptied: 506 bytes

    User: Public

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 14783 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 32.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 01092013_090650

    Files\Folders moved on Reboot...
    C:\Users\Kimberly Elser APNS\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  10. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    ToyFox Patch,
    I think we are about complete here.

    You might want to try using WinPatrol. It gives you good control over Browser helpers, startup programs and other items.
    It allows you to disable or enable many add-ons.
    It's free and safe.
    Download and Install the Free WinPatrol, and view Instructions here: http://www.winpatrol.com
    - WinPatrol is an active program that drops a "Scotty Dog" icon into the system tray (right click to check/change status), allows you to monitor/edit startups, services, Browser helpers, and prompts for permission if any program tries to change your system. You might be startled the first time it barks :D

    If you wish, you can close this post as resolved any time.
    Otherwise, If you have any further questions, let me know..
    Good Luck,

    askey127
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1083266

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice