TechSpot

Updateflashplayer.exe virus? I have the Same thing 2 post because of long log files

By matrix25
Feb 21, 2014
  1. I'm posting from another computer, but laptop was infected by the same attachment in an email. Before I found your forum I ran MSE, Malwarebytes Anti-rootkit beta and TDSSKiller but something keeps reinfecting system. dllhost.exe used to run many version of itself and use up cpu and memory until the system would BSOD. But I think MSE catches dllhost.exe and closes it. Anyway here are the log files.

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.02.21.12

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16518
    Brenda Williams :: BRENDAWILLIAMS [administrator]

    2/21/2014 6:12:02 PM
    mbam-log-2014-02-21 (18-12-02).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 234062
    Time elapsed: 27 minute(s), 58 second(s)

    Memory Processes Detected: 3
    C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lbrmon.exe (PUP.Optional.MindSpark) -> 3348 -> Delete on reboot.
    C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe (PUP.Optional.MindSpark) -> 3456 -> Delete on reboot.
    C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14brmon.exe (PUP.Optional.MindSpark) -> 3672 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 24
    HKLM\SYSTEM\CurrentControlSet\Services\BibleTriviaTime_4lService (PUP.Optional.AudioToAudioToolBar.A) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\TelevisionFanaticService (PUP.Optional.AudioToAudioToolBar.A) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\TotalRecipeSearch_14Service (PUP.Optional.AudioToAudioToolBar.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{33119133-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{13119113-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
    HKCR\TotalRecipeSearch_14.SkinLauncher.1 (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
    HKCR\TotalRecipeSearch_14.SkinLauncher (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{03119103-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
    HKCR\Interface\{23119123-0854-469D-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
    HKCR\TotalRecipeSearch_14.SkinLauncherSettings.1 (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
    HKCR\TotalRecipeSearch_14.SkinLauncherSettings (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{ab56dfde-0c14-45b3-9df6-7b0eba617870} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
    HKCR\CLSID\{a0154e07-2b48-475c-a82a-80efd84ea33e} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A0154E07-2B48-475C-A82A-80EFD84EA33E} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A0154E07-2B48-475C-A82A-80EFD84EA33E} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
    HKCR\CLSID\{df22384f-cf68-4d19-969f-10423715528b} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
    HKCR\CLSID\{8a7d2060-824d-4b17-b00a-759b1b5f30d9} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF22384F-CF68-4D19-969F-10423715528B} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF22384F-CF68-4D19-969F-10423715528B} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF22384F-CF68-4D19-969F-10423715528B} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
    HKLM\Software\InstallIQ (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.

    Registry Values Detected: 9
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{A0154E07-2B48-475C-A82A-80EFD84EA33E} (PUP.Optional.MindSpark) -> Data: N H+\G¨*€ïØN£> -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A0154E07-2B48-475C-A82A-80EFD84EA33E} (PUP.Optional.MindSpark) -> Data: -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{8A7D2060-824D-4B17-B00A-759B1B5F30D9} (PUP.Optional.MindSpark) -> Data: -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Know the Bible? Search Scope Monitor (PUP.Optional.MindSpark) -> Data: "C:\PROGRA~2\BIBLET~2\bar\1.bin\4lsrchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BibleTriviaTime_4l Browser Plugin Loader (PUP.Optional.MindSpark) -> Data: C:\PROGRA~2\BIBLET~2\bar\1.bin\4lbrmon.exe -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TelevisionFanatic Search Scope Monitor (PUP.Optional.MindSpark) -> Data: "C:\PROGRA~2\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TelevisionFanatic Browser Plugin Loader (PUP.Optional.MindSpark) -> Data: C:\PROGRA~2\TELEVI~2\bar\1.bin\64brmon.exe -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TotalRecipeSearch Search Scope Monitor (PUP.Optional.MindSpark) -> Data: "C:\PROGRA~2\TOTALR~2\bar\1.bin\14srchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TotalRecipeSearch_14 Browser Plugin Loader (PUP.Optional.MindSpark) -> Data: C:\PROGRA~2\TOTALR~2\bar\1.bin\14brmon.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 2
    C:\Program Files\PC Optimizer Pro (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files\PC Optimizer Pro\Languages (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.

    Files Detected: 28
    C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lbarsvc.exe (PUP.Optional.AudioToAudioToolBar.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe (PUP.Optional.AudioToAudioToolBar.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14barsvc.exe (PUP.Optional.AudioToAudioToolBar.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14sknlcr.dll (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
    C:\Users\Brenda Williams\Downloads\DTLite4461-0327.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
    C:\Users\Brenda Williams\Local Settings\sfplagwv.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
    C:\Users\Brenda Williams\AppData\Local\sfplagwv.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
    C:\Program Files\PC Optimizer Pro\PCOptProTrays.exe (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files\PC Optimizer Pro\data.xml (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files\PC Optimizer Pro\PCOptimizerPro.exe (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files\PC Optimizer Pro\PCOptimizerPro.exe.manifest (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files\PC Optimizer Pro\PCOptProCtxMenu.dll (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files\PC Optimizer Pro\StartApps.exe (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files\PC Optimizer Pro\uninst.exe (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files\PC Optimizer Pro\UpdatesDll_s.dll (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files\PC Optimizer Pro\Languages\DE.xml (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files\PC Optimizer Pro\Languages\EN.xml (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files\PC Optimizer Pro\Languages\ES.xml (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files\PC Optimizer Pro\Languages\FR.xml (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files\PC Optimizer Pro\Languages\IT.xml (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lSrchMn.exe (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lbrmon.exe (PUP.Optional.MindSpark) -> Delete on reboot.
    C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrchMn.exe (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe (PUP.Optional.MindSpark) -> Delete on reboot.
    C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14SrchMn.exe (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14brmon.exe (PUP.Optional.MindSpark) -> Delete on reboot.

    (end)


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16518
    Run by Brenda Williams at 19:08:21 on 2014-02-21
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3819.1963 [GMT -6:00]
    .
    AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\AppIntegrator64.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
    svchost.exe
    C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
    C:\Program Files (x86)\AVG\AVG2014\avgui.exe
    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
    C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe
    C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    svchost.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\System32\WUDFHost.exe
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Program Files\EgisTec IPS\PMMUpdate.exe
    C:\Program Files\EgisTec IPS\EgisUpdate.exe
    C:\Users\Brenda Williams\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.com/
    uDefault_Page_URL = hxxp://acer.msn.com
    uURLSearchHooks: <No Name>: {3f2ae504-aa17-4805-90e8-56e48f98731c} - C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lSrcAs.dll
    uURLSearchHooks: <No Name>: {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Search Assistant BHO: {09df68da-2acf-4828-9320-6d999a0834a3} - C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lSrcAs.dll
    BHO: &Inbox.com Toolbar Helper: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files (x86)\Inbox\ctbr.dll
    BHO: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    BHO: Toolbar BHO: {4f426332-14d3-4383-abd6-ab0af916a73c} - C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lbar.dll
    BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
    BHO: Search Assistant BHO: {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll
    BHO: Toolbar BHO: {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: Know the Bible?: {7ABEAB51-07BE-42C5-89B4-C7F1A3A31816} - C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lbar.dll
    TB: TelevisionFanatic: {C98D5B61-B0EA-4D48-9839-1079D352D880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
    TB: &Inbox.com Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Inbox\ctbr.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll
    TB: Know the Bible?: {7abeab51-07be-42c5-89b4-c7f1a3a31816} - C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lbar.dll
    TB: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
    TB: TelevisionFanatic: {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB: &Inbox.com Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Inbox\ctbr.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Google Update] "C:\Users\Brenda Williams\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Orb] "C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe" /background
    uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN238BS0Z305KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
    uRun: [dhopexwo] "C:\Users\Brenda Williams\AppData\Local\ogtjvcnc.exe"
    uRun: [ohtudlpl] "C:\Users\Brenda Williams\AppData\Local\qmssihoq.exe"
    uRun: [Cobian Backup 11] "C:\Program Files (x86)\Cobian Backup 11\Cobian.exe"
    uRun: [oeqpdeor] "C:\Users\Brenda Williams\AppData\Local\rsfhgkcr.exe"
    mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
    mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
    mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
    mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
    mRun: [PPort14reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\14\Config\Ereg\Ereg.ini"
    mRun: [PDFProHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe
    mRun: [SpeetItUpFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"
    dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Inbox Search - tbr:iemenu
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{5AE2F5D2-5E07-4EAE-B5A4-E9A83D25C33B} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{84670C98-929C-4756-9249-6B826807D230} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{84670C98-929C-4756-9249-6B826807D230}\C474D205736393021323 : DHCPNameServer = 192.168.43.1
    TCP: Interfaces\{84670C98-929C-4756-9249-6B826807D230}\E4544574541425 : DHCPNameServer = 192.168.0.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files (x86)\Inbox\ctbr.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    x64-Run: [TotalRecipeSearch Home Page Guard 64 bit] "C:\PROGRA~2\TOTALR~2\bar\1.bin\AppIntegrator64.exe"
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-11-25 196376]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
    R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-25 150808]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 243480]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-4 46368]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-11-24 283200]
    R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-8-16 22648]
    R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-8-16 20520]
    R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-8-16 62776]
    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
    R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2014-2-20 67584]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-8-16 114704]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-8-16 76912]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-10-10 47232]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-12 111616]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-8-16 246376]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-12 1255736]
    S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-8-16 204288]
    S4 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-1-22 3788816]
    S4 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
    S4 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2011-10-10 198784]
    S4 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-8-16 353360]
    S4 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-21 173424]
    S4 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-10-10 872552]
    S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S4 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456]
    S4 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-8-16 255376]
    S4 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    S4 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-23 256832]
    S4 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2011-9-20 138600]
    S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S4 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [2014-1-9 1771544]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2014-02-22 00:59:16 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EFFE047B-5832-4C8C-884D-5494B194CF26}\mpengine.dll
    2014-02-22 00:17:01 141312 ----a-w- C:\Users\Brenda Williams\AppData\Local\rsfhgkcr.exe
    2014-02-22 00:14:58 68945 ----a-w- C:\Users\Brenda Williams\AppData\Local\lujghcqc.exe
    2014-02-22 00:13:57 68945 ----a-w- C:\Users\Brenda Williams\AppData\Local\essgelvr.exe
    2014-02-22 00:11:43 68945 ----a-w- C:\Users\Brenda Williams\AppData\Local\koffxdtk.exe
    2014-02-22 00:10:14 -------- d-----w- C:\Users\Brenda Williams\AppData\Roaming\Malwarebytes
    2014-02-22 00:09:45 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-02-22 00:09:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-02-22 00:09:12 -------- d-----w- C:\Users\Brenda Williams\AppData\Local\Programs
    2014-02-20 23:27:07 -------- d-----w- C:\Windows 7 Backup
    2014-02-20 23:26:41 -------- d-----w- C:\Users\Brenda Williams\New folder
    2014-02-20 23:11:35 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
    2014-02-17 15:46:22 208216 ----a-w- C:\Windows\System32\drivers\21884856.sys
    2014-02-17 05:41:39 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-02-16 22:04:07 155648 ------w- C:\Users\Brenda Williams\AppData\Local\qmssihoq.exe
    2014-02-16 18:40:45 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-02-16 18:39:18 155648 ------w- C:\Users\Brenda Williams\AppData\Local\ogtjvcnc.exe
    2014-02-16 18:35:36 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-02-12 22:12:09 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{587D0609-1A80-4C53-8DA7-3D900118454E}\gapaengine.dll
    2014-02-12 22:11:59 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-02-12 21:46:13 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2014-02-12 21:46:06 -------- d-----w- C:\Program Files\Microsoft Security Client
    2014-02-12 21:23:41 -------- d-----w- C:\Users\Brenda Williams\AppData\Roaming\Deaceg
    2014-02-12 19:41:40 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-02-12 19:41:39 548864 ----a-w- C:\Windows\System32\vbscript.dll
    2014-02-12 19:38:01 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-02-12 19:38:00 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-02-12 18:58:41 -------- d-----w- C:\ProgramData\HitmanPro
    2014-01-24 01:17:34 -------- d-----w- C:\Users\Brenda Williams\.freescreensharing
    2014-01-24 01:17:25 -------- d-----w- C:\Users\Brenda Williams\AppData\Local\FreeScreenSharing
    .
    ==================== Find3M ====================
    .
    2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
    2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
    2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-02-05 05:52:29 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-02-05 05:52:29 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
    2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
    2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll
    2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
    2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
    2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
    2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
    2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
    2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
    2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
    2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
    2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
    2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
    2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
    2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
    2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
    2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
    2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
    2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
    2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
    2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
    2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
    2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
    2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
    2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2013-11-26 03:47:22 196376 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
    2013-11-26 03:47:20 243480 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
    2013-11-26 03:47:20 150808 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
    .
    ============= FINISH: 19:09:09.92 ===============
     
  2. matrix25

    matrix25 TS Rookie Topic Starter

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/8/2011 12:58:39 PM
    System Uptime: 2/21/2014 6:51:55 PM (1 hours ago)
    .
    Motherboard: Acer | | JE50-BZ
    Processor: AMD E-350 Processor | Socket FT1 | 1600/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 451 GiB total, 318.132 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is CDROM ()
    G: is CDROM ()
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Officejet 7300 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Officejet 7300 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID:
    Description: Officejet Pro 8600
    Device ID: ROOT\MULTIFUNCTION\0001
    Manufacturer:
    Name: Officejet Pro 8600
    PNP Device ID: ROOT\MULTIFUNCTION\0001
    Service:
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Officejet Pro 8600
    Device ID: ROOT\MULTIFUNCTION\0002
    Manufacturer: HP
    Name: Officejet Pro 8600
    PNP Device ID: ROOT\MULTIFUNCTION\0002
    Service:
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Officejet 7300 series
    Device ID: ROOT\IMAGE\0000
    Manufacturer: HP
    Name: Officejet 7300 series
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam
    .
    ==== System Restore Points ===================
    .
    RP157: 2/12/2014 1:35:28 PM - Windows Update
    RP158: 2/12/2014 2:29:00 PM - Installed AVG 2014
    RP159: 2/13/2014 3:30:11 AM - Windows Update
    RP160: 2/16/2014 2:13:29 PM - Malwarebytes Anti-Rootkit Restore Point
    RP161: 2/16/2014 4:04:00 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    64 Bit HP CIO Components Installer
    7300
    7300_Help
    7300Trb
    Acer Backup Manager
    Acer Crystal Eye Webcam
    Acer ePower Management
    Acer eRecovery Management
    Acer Games
    Acer Registration
    Acer ScreenSaver
    Acer Updater
    Adobe AIR
    Adobe Flash Player 12 ActiveX
    Adobe Reader X (10.1.9) MUI
    Agatha Christie - Death on the Nile
    AIO_CDB_ProductContext
    AIO_CDB_Software
    AIO_Scan
    AMD APP SDK Runtime
    AMD VISION Engine Control Center
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    ATI Catalyst Install Manager
    AVG 2014
    AVG Security Toolbar
    Backup Manager V3
    Bejeweled 2 Deluxe
    Bing Bar
    BufferChm
    Build-a-lot 4 - Power Source
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Chronicles of Albian
    Chuzzle Deluxe
    clear.fi
    clear.fi Client
    Cobian Backup 11 Gravity
    Conexant HD Audio
    Copy
    Coupon Printer for Windows
    Cradle of Rome 2
    D3DX10
    DAEMON Tools Lite
    Destinations
    DeviceDiscovery
    DocProc
    Dora's World Adventure
    Download Updater (AOL LLC)
    DVDFab 7.0.4.0 (15/04/2010)
    DVDFab 8.2.1.2 (21/09/2012) Qt
    eBay Worldwide
    EGW Comprehensive Research Edition
    FATE: The Cursed King
    Fax
    Final Drive: Nitro
    Free Video Player version 1.0.2
    FreeScreenSharing
    Galerie de photos Windows Live
    Globalinx GSP-10
    Google Talk Plugin
    Google Update Helper
    GoToMeeting 5.4.0.1082
    Governor of Poker 2 Premium Edition
    GPBaseService2
    Hewlett-Packard ACLM.NET v1.1.0.0
    HP Customer Participation Program 13.0
    HP FWUpdateEDO2
    HP Imaging Device Functions 13.0
    HP Officejet Pro 8500 A910 Basic Device Software
    HP Officejet Pro 8500 A910 Help
    HP Officejet Pro 8600 Basic Device Software
    HP Officejet Pro 8600 Help
    HP Officejet Pro 8600 Product Improvement Study
    HP Photosmart Essential 3.5
    HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
    HP Product Detection
    HP Smart Web Printing 4.51
    HP Solution Center 13.0
    HP Update
    HPDiagnosticAlert
    HPPhotoGadget
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    I.R.I.S. OCR
    Identity Card
    Inbox.com Toolbar
    Jewel Match 3
    Junk Mail filter update
    Know the Bible? Toolbar
    Launch Manager
    Malwarebytes Anti-Malware version 1.75.0.1300
    MarketResearch
    Marketsplash Shortcuts
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft PowerPoint Viewer
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery of Mortlake Mansion
    MyWinLocker
    MyWinLocker 4
    MyWinLocker Suite
    Network64
    newsXpresso
    NOOK for PC
    Norton Online Backup
    NTI Media Maker 9
    Nuance PaperPort 14
    Nuance PDF Viewer Plus
    OCR Software by I.R.I.S. 13.0
    PaperPort Anywhere 1.1.4269.39023 powered by OfficeDrop
    PaperPort Image Printer 64-bit
    PC Optimizer Pro
    Penguins!
    Plants vs. Zombies - Game of the Year
    Polar Bowler
    Polar Golfer
    RabbitTV
    Realtek USB 2.0 Card Reader
    Scan
    Scansoft PDF Professional
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
    Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
    Shop for HP Supplies
    Shredder
    Skype™ 5.10
    SmartWebPrinting
    SolutionCenter
    Stamps.com
    Status
    Synaptics Pointing Device Driver
    TelevisionFanatic Toolbar
    Times Reader
    Toolbox
    Torchlight
    TotalRecipeSearch Toolbar
    TrayApp
    UnloadSupport
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2836939)
    Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
    Update Installer for WildTangent Games App
    Virtual Villagers 5 - New Believers
    Visual Studio 2008 x64 Redistributables
    Visual Studio 2010 x64 Redistributables
    Visual Studio 2012 x64 Redistributables
    Visual Studio 2012 x86 Redistributables
    VLC media player 2.0.4
    WebM Media Foundation Components
    WebReg
    Welcome Center
    WildTangent Games App (Acer Games)
    Winamp
    Winamp Remote
    Winamp Toolbar
    Windows Live
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WMV9/VC-1 Video Playback
    Yahoo! Software Update
    Yahoo! Toolbar
    Zuma's Revenge
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/21/2014 8:26:29 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4196.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    2/21/2014 8:16:17 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4196.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    2/21/2014 7:04:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4196.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    2/21/2014 7:04:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4196.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    2/21/2014 6:58:05 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    2/21/2014 6:55:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    2/21/2014 6:52:32 PM, Error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the file specified.
    2/20/2014 3:30:37 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4196.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    2/17/2014 10:25:22 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    2/17/2014 10:25:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    2/17/2014 10:25:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    2/17/2014 10:25:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    2/17/2014 10:25:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    2/17/2014 10:25:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/17/2014 10:25:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    2/17/2014 10:25:13 AM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
    2/17/2014 10:25:03 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgdiska AVGIDSDriver Avgldx64 Avgtdia DfsC discache MpFilter mwlPSDFilter mwlPSDNServ mwlPSDVDisk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
    2/17/2014 10:24:59 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/17/2014 10:24:59 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    2/17/2014 10:24:59 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    2/17/2014 10:24:59 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    2/17/2014 10:24:59 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    2/17/2014 10:24:59 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    2/17/2014 10:24:59 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/17/2014 10:24:59 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/17/2014 10:24:59 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/17/2014 10:24:59 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    2/17/2014 10:24:59 AM, Error: Service Control Manager [7001] - The Conexant Audio Message Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
    2/17/2014 10:24:59 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
    2/17/2014 10:24:59 AM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/17/2014 10:10:30 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    2/16/2014 4:02:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.3935.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    2/16/2014 2:27:46 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.3935.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    2/16/2014 12:45:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.3935.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    2/16/2014 12:38:04 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.29. The computer with the IP address 192.168.0.19 did not allow the name to be claimed by this computer.
    2/16/2014 11:41:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    2/16/2014 11:41:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    2/16/2014 11:40:34 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    .
    ==== End Of File ===========================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================

    [​IMG] You're running two AV programs, AVG and MSE.
    You must uninstall one of them.
    If AVG use AVG Remover: http://www.avg.com/us-en/utilities

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  4. matrix25

    matrix25 TS Rookie Topic Starter

    In the process of moving the txt files to the other computer one of the files was deleted (RKreport[0]_D_02222014_204248.
    I still have the computer offline but seems to be running better. dllhost.exe is not showing up in task manager anymore.
    Here are the other reports

    RogueKiller V8.8.8 [Feb 19 2014] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Brenda Williams [Admin rights]
    Mode : Scan -- Date : 02/22/2014 20:42:13
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 2 ¤¤¤
    [SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe [7] -> KILLED [TermProc]
    [SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe [7] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 8 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : dhopexwo ("C:\Users\Brenda Williams\AppData\Local\ogtjvcnc.exe" [-]) -> FOUND
    [RUN][SUSP PATH] HKCU\[...]\Run : ohtudlpl ("C:\Users\Brenda Williams\AppData\Local\qmssihoq.exe" [-]) -> FOUND
    [RUN][SUSP PATH] HKCU\[...]\Run : oeqpdeor ("C:\Users\Brenda Williams\AppData\Local\rsfhgkcr.exe" [-]) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-1321444690-2986647034-1287303203-1000\[...]\Run : dhopexwo ("C:\Users\Brenda Williams\AppData\Local\ogtjvcnc.exe" [-]) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-1321444690-2986647034-1287303203-1000\[...]\Run : ohtudlpl ("C:\Users\Brenda Williams\AppData\Local\qmssihoq.exe" [-]) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-1321444690-2986647034-1287303203-1000\[...]\Run : oeqpdeor ("C:\Users\Brenda Williams\AppData\Local\rsfhgkcr.exe" [-]) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Scheduled tasks : 3 ¤¤¤
    [V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\Windows\TEMP\{B8F41C6A-F7A5-463A-8CCA-247F30560B71}.exe - --uninstall=1 [x] -> FOUND
    [V2][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\Windows\TEMP\{B8F41C6A-F7A5-463A-8CCA-247F30560B71}.exe - --uninstall=1 [x] -> FOUND
    [V2][SUSP PATH] Security Center Update - 39417995 : C:\Users\Brenda Williams\AppData\Roaming\Afbyney\doocr.exe [x] -> FOUND

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts




    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000BPVT-22HXZT3 ATA Device +++++
    --- User ---
    [MBR] 7cb5554662254b5d113c29615eb2a9ad
    [BSP] b7bb108e56dc07d3a765e2074cf05bda : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 461478 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) SanDisk Cruzer USB Device +++++
    --- User ---
    [MBR] 33a0f33fb7e7f518f64aedcb9dad35b0
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 7633 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR! ([0x32] The request is not supported. )

    Finished : << RKreport[0]_S_02222014_204213.txt >>



    Malwarebytes Anti-Rootkit BETA 1.07.0.1009
    www.malwarebytes.org

    Database version: v2014.02.23.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16518
    Brenda Williams :: BRENDAWILLIAMS [administrator]

    2/22/2014 9:13:28 PM
    mbar-log-2014-02-22 (21-13-28).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 250625
    Time elapsed: 27 minute(s), 13 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
     
  5. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  6. matrix25

    matrix25 TS Rookie Topic Starter

    In looking at the log I saw that windows defender was on the system. Didn't realize it was there and that it was part of the OS? Should I turn off it's realtime protection and run combofix again? Also Windows 7 cursor keeps doing the thinking blue circle for like 5 seconds on and off at intervals. Here is the Combofix log.


    ComboFix 14-02-24.01 - Brenda Williams 02/24/2014 2:29.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3819.2356 [GMT -6:00]
    Running from: c:\users\Brenda Williams\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\TelevisionFanatic
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\64auxstb.dll
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\64brstub.dll
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\64datact.dll
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\64dlghk.dll
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\64dyn.dll
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\64feedmg.dll
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\64highin.exe
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\64hkstub.dll
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\64htmlmu.dll
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\64httpct.dll
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\64idle.dll
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\64ieovr.dll
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\64impipe.exe
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\64medint.exe
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\64mlbtn.dll
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\64msg.dll
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\64Plugin.dll
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\64radio.dll
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\64regfft.dll
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\64reghk.dll
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\64regiet.dll
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\64script.dll
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\64skin.dll
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\64sknlcr.dll
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\64skplay.exe
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\64tpinst.dll
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\64uabtn.dll
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\BOOTSTRAP.JS
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\CHROME.MANIFEST
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\chrome\64ffxtbr.jar
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\CREXT.DLL
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\CrExtP64.exe
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\INSTALL.RDF
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\installKeys.js
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\LOGO.BMP
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\T8EXTEX.DLL
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\T8EXTPEX.DLL
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\T8HTML.DLL
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\T8RES.DLL
    c:\program files (x86)\TelevisionFanatic\bar\1.bin\T8TICKER.DLL
    c:\program files (x86)\TelevisionFanatic\bar\gen1\COMMON.T8S
    c:\program files (x86)\TelevisionFanatic\bar\IE9Mesg\COMMON.T8S
    c:\program files (x86)\TelevisionFanatic\bar\Message\COMMON.T8S
    c:\program files (x86)\TelevisionFanatic\bar\Settings\s_pid.dat
    c:\program files (x86)\TotalRecipeSearch_14
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14auxstb.dll
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14bprtct.dll
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14brstub.dll
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14datact.dll
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14dlghk.dll
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14dyn.dll
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14feedmg.dll
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14highin.exe
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14hkstub.dll
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14htmlmu.dll
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14httpct.dll
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14idle.dll
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14ieovr.dll
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14impipe.exe
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14medint.exe
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14mlbtn.dll
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14msg.dll
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14radio.dll
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14reghk.dll
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14regiet.dll
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14script.dll
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14skin.dll
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14skplay.exe
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14tpinst.dll
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14uabtn.dll
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\AppIntegrator64.exe
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\AppIntegratorStub64.dll
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\BOOTSTRAP.JS
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\CREXT.DLL
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\CrExtP14.exe
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\DPNMNGR.DLL
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\EXEMANAGER.DLL
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\Hpg64.dll
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\LOGO.BMP
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\T8EXTEX.DLL
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\T8EXTPEX.DLL
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\T8HTML.DLL
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\T8RES.DLL
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\T8TICKER.DLL
    c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\VERIFY.DLL
    c:\program files (x86)\TotalRecipeSearch_14\bar\gen1\COMMON.T8S
    c:\program files (x86)\TotalRecipeSearch_14\bar\IE9Mesg\COMMON.T8S
    c:\program files (x86)\TotalRecipeSearch_14\bar\Message\COMMON.T8S
    c:\program files (x86)\TotalRecipeSearch_14\bar\Settings\s_pid.dat
    c:\users\Brenda Williams\AppData\Local\essgelvr.exe
    c:\users\Brenda Williams\AppData\Local\koffxdtk.exe
    c:\users\Brenda Williams\AppData\Local\lujghcqc.exe
    c:\users\Brenda Williams\AppData\Local\ogtjvcnc.exe
    c:\users\Brenda Williams\AppData\Local\qmssihoq.exe
    c:\users\Brenda Williams\AppData\Local\rsfhgkcr.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-01-24 to 2014-02-24 )))))))))))))))))))))))))))))))
    .
    .
    2014-02-24 09:51 . 2014-02-24 09:51 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-02-22 20:05 . 2014-02-23 03:13 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-02-22 00:10 . 2014-02-22 00:10 -------- d-----w- c:\users\Brenda Williams\AppData\Roaming\Malwarebytes
    2014-02-22 00:09 . 2014-02-22 00:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2014-02-22 00:09 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-02-22 00:09 . 2014-02-22 00:09 -------- d-----w- c:\users\Brenda Williams\AppData\Local\Programs
    2014-02-20 23:27 . 2014-02-21 00:32 -------- d-----w- C:\Windows 7 Backup
    2014-02-20 23:26 . 2014-02-20 23:26 -------- d-----w- c:\users\Brenda Williams\New folder
    2014-02-20 23:11 . 2014-02-20 23:11 -------- d-----w- c:\program files (x86)\Cobian Backup 11
    2014-02-17 15:46 . 2014-02-17 15:46 208216 ----a-w- c:\windows\system32\drivers\21884856.sys
    2014-02-17 05:41 . 2014-02-23 06:04 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-02-16 18:40 . 2014-02-16 18:40 -------- d-----w- c:\programdata\Malwarebytes
    2014-02-16 18:35 . 2014-02-23 03:11 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-02-12 21:23 . 2014-02-16 20:16 -------- d-----w- c:\users\Brenda Williams\AppData\Roaming\Deaceg
    2014-02-12 19:41 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
    2014-02-12 19:41 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
    2014-02-12 19:38 . 2014-02-06 11:30 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2014-02-12 19:38 . 2014-02-06 10:20 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2014-02-12 19:38 . 2014-02-06 10:17 195584 ----a-w- c:\windows\system32\msrating.dll
    2014-02-12 18:58 . 2014-02-12 19:58 -------- d-----w- c:\programdata\HitmanPro
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-02-22 09:00 . 2012-01-07 05:36 88567024 ----a-w- c:\windows\system32\MRT.exe
    2014-02-05 05:52 . 2012-03-30 19:31 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-02-05 05:52 . 2011-08-16 15:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-01-19 07:33 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
    2013-11-27 01:41 . 2014-01-15 14:25 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2013-11-27 01:41 . 2014-01-15 14:25 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2013-11-27 01:41 . 2014-01-15 14:25 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2013-11-27 01:41 . 2014-01-15 14:25 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
    2013-11-27 01:41 . 2014-01-15 14:25 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2013-11-27 01:41 . 2014-01-15 14:25 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2013-11-27 01:41 . 2014-01-15 14:25 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
    2013-11-26 11:40 . 2014-01-15 14:24 376768 ----a-w- c:\windows\system32\drivers\netio.sys
    2013-11-26 10:32 . 2014-01-15 14:24 3156480 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{09df68da-2acf-4828-9320-6d999a0834a3}]
    2012-03-20 04:47 62864 ----a-w- c:\program files (x86)\BibleTriviaTime_4l\bar\1.bin\4lSrcAs.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4f426332-14d3-4383-abd6-ab0af916a73c}]
    2012-03-20 04:47 693648 ----a-w- c:\progra~2\BIBLET~2\bar\1.bin\4lbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{7abeab51-07be-42c5-89b4-c7f1a3a31816}"= "c:\program files (x86)\BibleTriviaTime_4l\bar\1.bin\4lbar.dll" [2012-03-20 693648]
    .
    [HKEY_CLASSES_ROOT\clsid\{7abeab51-07be-42c5-89b4-c7f1a3a31816}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
    "Orb"="c:\program files (x86)\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
    "HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584]
    "Cobian Backup 11"="c:\program files (x86)\Cobian Backup 11\Cobian.exe" [2012-12-06 720896]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-06-21 341360]
    "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
    "BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
    "ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-05-10 177448]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2008-01-15 37376]
    "ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2010-05-21 324976]
    "PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2011-09-21 30568]
    "IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2011-09-21 46952]
    "PPort14reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2011-05-16 333088]
    "PDFProHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe" [2011-07-01 607592]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    R4 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
    R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
    R4 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
    R4 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
    R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
    R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
    R4 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
    R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
    R4 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
    R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
    S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
    S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
    S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
    S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
    S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-02-24 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 05:52]
    .
    2014-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-01 06:35]
    .
    2014-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-01 06:35]
    .
    2014-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1321444690-2986647034-1287303203-1000Core.job
    - c:\users\Brenda Williams\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-21 06:42]
    .
    2014-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1321444690-2986647034-1287303203-1000UA.job
    - c:\users\Brenda Williams\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-21 06:42]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www.google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Inbox Search - tbr:iemenu
    Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Inbox\ctbr.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{5d79f641-c168-40df-a32f-bacea7509e75} - c:\program files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll
    BHO-{cb41fc95-f1b3-4797-8bb6-1012ff62abba} - c:\progra~2\TELEVI~2\bar\1.bin\64bar.dll
    Toolbar-Locked - (no file)
    Toolbar-{c98d5b61-b0ea-4d48-9839-1079d352d880} - c:\program files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    Wow6432Node-HKLM-Run-SpeetItUpFree - c:\program files (x86)\SpeedItup Free\speeditupfree.exe
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-TotalRecipeSearch Home Page Guard 64 bit - c:\progra~2\TOTALR~2\bar\1.bin\AppIntegrator64.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-02-24 03:55:34
    ComboFix-quarantined-files.txt 2014-02-24 09:55
    .
    Pre-Run: 342,438,371,328 bytes free
    Post-Run: 348,128,694,272 bytes free
    .
    - - End Of File - - 1BB16E1DC337DFDEE8FABC112860D5CA
    A36C5E4F47E84449FF07ED3517B43A31
     
  7. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    You did fine.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  8. matrix25

    matrix25 TS Rookie Topic Starter

    AdwCleaner created 2 logfiles that were in C:\Adwcleaner folder.
    Here are the requested logfiles.

    # AdwCleaner v3.019 - Report created 24/02/2014 at 12:49:24
    # Updated 17/02/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Brenda Williams - BRENDAWILLIAMS
    # Running from : C:\Users\Brenda Williams\Desktop\adwcleaner.exe
    # Option : Scan
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****
    File Found : C:\Users\Public\Desktop\eBay.lnk
    File Found : C:\Users\Public\Desktop\PC Optimizer Pro.lnk
    Folder Found C:\Program Files (x86)\Common Files\Software Update Utility
    Folder Found C:\Program Files (x86)\Inbox
    Folder Found C:\Program Files (x86)\MyPC Backup
    Folder Found C:\Program Files (x86)\Winamp Toolbar
    Folder Found C:\ProgramData\apn
    Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Optimizer Pro
    Folder Found C:\ProgramData\Tarma Installer
    Folder Found C:\ProgramData\Winamp Toolbar
    Folder Found C:\Users\Brenda Williams\AppData\Local\iac
    Folder Found C:\Users\Brenda Williams\AppData\Local\TelevisionFanatic
    Folder Found C:\Users\Brenda Williams\AppData\LocalLow\iac
    Folder Found C:\Users\Brenda Williams\AppData\LocalLow\TelevisionFanatic
    ***** [ Shortcuts ] *****
    Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox.com Toolbar\More Inbox.com Products.lnk ( /showurl hxxp://www.inbox.com/products/ )
    Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox.com Toolbar\Toolbar Help.lnk ( /showurl hxxp://www.inbox.com/help/default.aspx?src=TbMenu )
    ***** [ Registry ] *****
    Key Found : HKCU\Software\AppDataLow\Software\TelevisionFanatic
    Key Found : HKCU\Software\CToolbar
    Key Found : HKCU\Software\FLEXnet
    Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Inbox Search
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
    Key Found : HKCU\Software\pc optimizer pro
    Key Found : HKCU\Software\Winamp Toolbar
    Key Found : [x64] HKCU\Software\CToolbar
    Key Found : [x64] HKCU\Software\FLEXnet
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
    Key Found : [x64] HKCU\Software\pc optimizer pro
    Key Found : [x64] HKCU\Software\Winamp Toolbar
    Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{04D2B915-19FF-41E9-994D-95DC898BEA43}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{183643C8-EE67-4574-9A38-927852E34163}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1DDA201E-5B42-4352-933E-21A92B297E3B}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{4D25FB7A-8902-4291-960E-9ADA051CFBBF}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{5D79F641-C168-40DF-A32F-BACEA7509E75}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{786C6F15-0D85-46FB-9A31-0AA0E93C88FF}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{C98D5B61-B0EA-4D48-9839-1079D352D880}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
    Key Found : HKLM\SOFTWARE\Classes\CMail.CMailClass
    Key Found : HKLM\SOFTWARE\Classes\ctbcommon.Buttons
    Key Found : HKLM\SOFTWARE\Classes\ctbr.R404Pro
    Key Found : HKLM\SOFTWARE\Classes\CToolbar.TB4Client
    Key Found : HKLM\SOFTWARE\Classes\CToolbar.TB4Script
    Key Found : HKLM\SOFTWARE\Classes\CToolbar.TB4Server
    Key Found : HKLM\SOFTWARE\Classes\dnUpdate
    Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
    Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
    Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
    Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
    Key Found : HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
    Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\tbr
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0085379D-A745-47E0-8642-82A922D9F12D}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E79BB61D-7F1A-41DF-8AD0-402795E3B566}
    Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
    Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
    Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
    Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
    Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader
    Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
    Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
    Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
    Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
    Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
    Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
    Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
    Key Found : HKLM\Software\CToolbar
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7459F1D0-9FB6-4D71-AA7B-9DECB34EB704}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8C2644D-BF72-4A89-A88C-D85F565F2F46}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBF1B8D2-9A06-4174-A8B5-E38606DDB92B}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D79F641-C168-40DF-A32F-BACEA7509E75}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04D2B915-19FF-41E9-994D-95DC898BEA43}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\Crawler
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CToolbar_UNINSTALL
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TelevisionFanaticbar Uninstall
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
    Key Found : HKLM\Software\TelevisionFanatic
    Key Found : HKLM\Software\Winamp Toolbar
    Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc optimizer pro
    Key Found : [x64] HKLM\SOFTWARE\pc optimizer pro
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C98D5B61-B0EA-4D48-9839-1079D352D880}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [64ffxtbr@TelevisionFanatic.com]
    ***** [ Browsers ] *****
    -\\ Internet Explorer v11.0.9600.16518

    *************************
    AdwCleaner[R0].txt - [17720 octets] - [24/02/2014 12:49:24]
    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [17781 octets] ##########


    # AdwCleaner v3.019 - Report created 24/02/2014 at 12:51:39
    # Updated 17/02/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Brenda Williams - BRENDAWILLIAMS
    # Running from : C:\Users\Brenda Williams\Desktop\adwcleaner.exe
    # Option : Clean
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****
    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\ProgramData\Winamp Toolbar
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Optimizer Pro
    Folder Deleted : C:\Program Files (x86)\Inbox
    Folder Deleted : C:\Program Files (x86)\MyPC Backup
    Folder Deleted : C:\Program Files (x86)\Winamp Toolbar
    Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
    Folder Deleted : C:\Users\Brenda Williams\AppData\Local\iac
    Folder Deleted : C:\Users\Brenda Williams\AppData\Local\TelevisionFanatic
    Folder Deleted : C:\Users\Brenda Williams\AppData\LocalLow\iac
    Folder Deleted : C:\Users\Brenda Williams\AppData\LocalLow\TelevisionFanatic
    File Deleted : C:\Users\Public\Desktop\eBay.lnk
    File Deleted : C:\Users\Public\Desktop\PC Optimizer Pro.lnk
    ***** [ Shortcuts ] *****
    Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox.com Toolbar\More Inbox.com Products.lnk
    Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox.com Toolbar\Toolbar Help.lnk
    ***** [ Registry ] *****
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [64ffxtbr@TelevisionFanatic.com]
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Inbox Search
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
    Key Deleted : HKLM\SOFTWARE\Classes\CMail.CMailClass
    Key Deleted : HKLM\SOFTWARE\Classes\ctbcommon.Buttons
    Key Deleted : HKLM\SOFTWARE\Classes\ctbr.R404Pro
    Key Deleted : HKLM\SOFTWARE\Classes\CToolbar.TB4Client
    Key Deleted : HKLM\SOFTWARE\Classes\CToolbar.TB4Script
    Key Deleted : HKLM\SOFTWARE\Classes\CToolbar.TB4Server
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\tbr
    Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
    Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
    Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
    Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
    Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader
    Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
    Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
    Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
    Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
    Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
    Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
    Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\Crawler
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{04D2B915-19FF-41E9-994D-95DC898BEA43}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{183643C8-EE67-4574-9A38-927852E34163}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1DDA201E-5B42-4352-933E-21A92B297E3B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4D25FB7A-8902-4291-960E-9ADA051CFBBF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D79F641-C168-40DF-A32F-BACEA7509E75}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{786C6F15-0D85-46FB-9A31-0AA0E93C88FF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C98D5B61-B0EA-4D48-9839-1079D352D880}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0085379D-A745-47E0-8642-82A922D9F12D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E79BB61D-7F1A-41DF-8AD0-402795E3B566}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D79F641-C168-40DF-A32F-BACEA7509E75}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04D2B915-19FF-41E9-994D-95DC898BEA43}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7459F1D0-9FB6-4D71-AA7B-9DECB34EB704}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8C2644D-BF72-4A89-A88C-D85F565F2F46}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBF1B8D2-9A06-4174-A8B5-E38606DDB92B}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C98D5B61-B0EA-4D48-9839-1079D352D880}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\CToolbar
    Key Deleted : HKCU\Software\FLEXnet
    Key Deleted : HKCU\Software\pc optimizer pro
    Key Deleted : HKCU\Software\Winamp Toolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\TelevisionFanatic
    Key Deleted : HKLM\Software\CToolbar
    Key Deleted : HKLM\Software\TelevisionFanatic
    Key Deleted : HKLM\Software\Winamp Toolbar
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CToolbar_UNINSTALL
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TelevisionFanaticbar Uninstall
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
    Key Deleted : [x64] HKLM\SOFTWARE\pc optimizer pro
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc optimizer pro
    ***** [ Browsers ] *****
    -\\ Internet Explorer v11.0.9600.16518

    *************************
    AdwCleaner[R0].txt - [17982 octets] - [24/02/2014 12:49:24]
    AdwCleaner[S0].txt - [17833 octets] - [24/02/2014 12:51:39]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17894 octets] ##########
     
  9. matrix25

    matrix25 TS Rookie Topic Starter

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.2 (02.20.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Brenda Williams on Mon 02/24/2014 at 12:58:04.59
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~ Services
    ~~~ Registry Values
    ~~~ Registry Keys
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{03F3147C-CEA6-4AAE-B0AE-8D8ABE7A8080}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2502086B-5A46-4D05-8D5B-A1E77AB8BB32}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{396A4E14-83E7-4941-B0D9-B598E1B97197}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{76F3207C-3A0A-461B-B958-5653C5718243}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{895F3DBD-2484-4A14-A0EA-C3252EBB0FF7}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{8C4B563E-52A1-4A10-B700-F8BF1CD7B726}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{96B8A0EF-0D9D-4A92-B548-376DB4BBB58B}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9E5C950C-93F2-46B4-A47E-8450FFF4D841}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A4503EC3-1111-4B62-8F46-0D88508F8A7B}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A9C524BF-4044-402A-AA00-8C3B3DA86125}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B38FBAED-DED1-4BA6-BA2E-F2515FD49442}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B5EDE79D-B004-47DD-93F9-152B0D145914}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D0690E53-168C-4632-99B2-5700228F760F}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\totalrecipesearch_14
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5aabc9ff-5729-4b10-8ce9-e6bcc6a701b6}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{5aabc9ff-5729-4b10-8ce9-e6bcc6a701b6}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}
    ~~~ Files
    ~~~ Folders
    Successfully deleted: [Folder] "C:\Users\Brenda Williams\appdata\local\totalrecipesearch_14"
    Successfully deleted: [Folder] "C:\Users\Brenda Williams\appdata\locallow\totalrecipesearch_14"
    Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
    Successfully deleted: [Empty Folder] C:\Users\Brenda Williams\appdata\local\{32F1B7F8-D1FA-4290-B86A-635A68C15864}
    Successfully deleted: [Empty Folder] C:\Users\Brenda Williams\appdata\local\{8CCA0FD6-CF34-4E1C-B44F-5E8772552BEF}
    Successfully deleted: [Empty Folder] C:\Users\Brenda Williams\appdata\local\{E5D4697D-8F9F-4DB8-BD1B-C36EF6089D60}
    ~~~ Event Viewer Logs were cleared
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 02/24/2014 at 13:11:41.67
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    OTL logfile created on: 2/24/2014 1:24:43 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brenda Williams\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16518)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.73 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 68.59% Memory free
    7.46 Gb Paging File | 6.10 Gb Available in Paging File | 81.76% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 450.66 Gb Total Space | 323.75 Gb Free Space | 71.84% Space Free | Partition Type: NTFS

    Computer Name: BRENDAWILLIAMS | User Name: Brenda Williams | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/02/24 12:46:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brenda Williams\Desktop\OTL.exe
    PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2012/12/05 23:08:54 | 004,407,808 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
    PRC - [2012/12/05 23:08:44 | 000,720,896 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
    PRC - [2011/09/20 23:57:24 | 000,030,568 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
    PRC - [2011/07/01 00:07:24 | 000,607,592 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe
    PRC - [2011/06/30 20:51:12 | 001,103,440 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
    PRC - [2011/05/20 12:13:06 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
    PRC - [2011/05/20 12:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
    PRC - [2011/05/12 17:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/05/09 19:41:56 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
    PRC - [2011/04/23 19:28:38 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
    PRC - [2008/07/22 18:33:28 | 000,544,768 | ---- | M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files (x86)\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe
    PRC - [2008/01/15 16:54:54 | 000,037,376 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/05/20 12:13:04 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
    MOD - [2011/05/20 12:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
    MOD - [2011/04/23 19:29:56 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
    MOD - [2008/01/15 16:54:54 | 000,037,376 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe


    ========== Services (SafeList) ==========

    SRV:64bit: - [2014/02/06 04:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2012/04/05 14:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
    SRV:64bit: - [2011/08/02 12:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
    SRV:64bit: - [2011/05/24 09:03:40 | 000,204,288 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010/12/16 17:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
    SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV - [2014/02/04 23:52:30 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/12/18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2012/12/05 22:11:40 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe -- (cbVSCService11)
    SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2011/10/10 02:36:15 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/09/20 23:56:12 | 000,138,600 | ---- | M] (Nuance Communications, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
    SRV - [2011/06/30 20:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
    SRV - [2011/06/21 13:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
    SRV - [2011/06/07 13:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/05/29 20:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
    SRV - [2011/05/12 17:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
    SRV - [2011/04/23 19:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
    SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/06/01 16:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2012/11/24 15:20:02 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/11/08 18:52:01 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
    DRV:64bit: - [2011/08/16 09:17:04 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
    DRV:64bit: - [2011/08/16 09:17:04 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
    DRV:64bit: - [2011/08/16 09:17:04 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
    DRV:64bit: - [2011/07/13 23:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/07/13 23:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/06/08 10:36:14 | 004,729,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2011/05/24 10:26:58 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/05/24 08:25:44 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/03/30 00:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2011/03/09 22:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV:64bit: - [2011/03/09 22:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
    DRV:64bit: - [2011/01/11 01:01:32 | 001,495,680 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2010/12/15 09:06:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/10/08 04:32:28 | 001,395,248 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/09/27 01:24:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2010/06/17 03:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-1321444690-2986647034-1287303203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    IE - HKU\S-1-5-21-1321444690-2986647034-1287303203-1000\..\URLSearchHook: {3f2ae504-aa17-4805-90e8-56e48f98731c} - No CLSID value found
    IE - HKU\S-1-5-21-1321444690-2986647034-1287303203-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-1321444690-2986647034-1287303203-1000\..\SearchScopes\{BB40E4D3-6F37-4462-A99B-199CF617C723}: "URL" = http://search.yahoo.com/search?p={s...e=W3i_DS,136,0_0,Search,20130624,19890,0,25,0
    IE - HKU\S-1-5-21-1321444690-2986647034-1287303203-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@BibleTriviaTime_4l.com/Plugin: C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\NP4lStub.dll (MindSpark)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
    FF - HKLM\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin: C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\nppdf.dll (Zeon Corporation)
    FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Brenda Williams\AppData\Local\Citrix\Plugins\97\npappdetector.dll (Citrix Online)
    FF - HKCU\Software\MozillaPlugins\@freescreensharing/detector: C:\Users\Brenda Williams\AppData\Local\FreeScreenSharing\npfreesee.dll (Free Screen Sharing)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Brenda Williams\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Brenda Williams\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Brenda Williams\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Brenda Williams\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Brenda Williams\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/11 22:49:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4lffxtbr@BibleTriviaTime_4l.com: C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin [2014/02/21 18:52:11 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/11 22:49:48 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2014/02/24 03:51:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Search Assistant BHO) - {09df68da-2acf-4828-9320-6d999a0834a3} - C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lSrcAs.dll (MindSpark)
    O2 - BHO: (Toolbar BHO) - {4f426332-14d3-4383-abd6-ab0af916a73c} - C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lbar.dll (MindSpark)
    O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Know the Bible?) - {7abeab51-07be-42c5-89b4-c7f1a3a31816} - C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lbar.dll (MindSpark)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [TotalRecipeSearch Home Page Guard 64 bit] "C:\PROGRA~2\TOTALR~2\bar\1.bin\AppIntegrator64.exe" File not found
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
    O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
    O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [PDFProHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [PPort14reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
    O4 - HKU\S-1-5-21-1321444690-2986647034-1287303203-1000..\Run: [Cobian Backup 11] C:\Program Files (x86)\Cobian Backup 11\Cobian.exe (Luis Cobian, CobianSoft)
    O4 - HKU\S-1-5-21-1321444690-2986647034-1287303203-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-1321444690-2986647034-1287303203-1000..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
    O4 - HKU\S-1-5-21-1321444690-2986647034-1287303203-1000..\Run: [Orb] C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe (Orb Networks)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1321444690-2986647034-1287303203-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1321444690-2986647034-1287303203-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AE2F5D2-5E07-4EAE-B5A4-E9A83D25C33B}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84670C98-929C-4756-9249-6B826807D230}: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/02/24 12:58:01 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/02/24 12:49:16 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/02/24 12:46:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Brenda Williams\Desktop\OTL.exe
    [2014/02/24 12:45:10 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\Brenda Williams\Desktop\JRT.exe
    [2014/02/24 03:55:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2014/02/24 02:27:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2014/02/24 02:27:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2014/02/24 02:27:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2014/02/24 02:27:23 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014/02/24 02:27:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2014/02/24 02:14:14 | 005,184,582 | R--- | C] (Swearware) -- C:\Users\Brenda Williams\Desktop\ComboFix.exe
    [2014/02/22 20:37:27 | 000,000,000 | ---D | C] -- C:\Users\Brenda Williams\Desktop\RK_Quarantine
    [2014/02/22 14:05:02 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/02/21 19:03:37 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Brenda Williams\Desktop\dds.com
    [2014/02/21 18:10:14 | 000,000,000 | ---D | C] -- C:\Users\Brenda Williams\AppData\Roaming\Malwarebytes
    [2014/02/21 18:09:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2014/02/21 18:09:45 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2014/02/21 18:09:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2014/02/21 18:09:12 | 000,000,000 | ---D | C] -- C:\Users\Brenda Williams\AppData\Local\Programs
    [2014/02/20 17:27:07 | 000,000,000 | ---D | C] -- C:\Windows 7 Backup
    [2014/02/20 17:26:41 | 000,000,000 | ---D | C] -- C:\Users\Brenda Williams\New folder
    [2014/02/20 17:11:39 | 000,000,000 | ---D | C] -- C:\Users\Brenda Williams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
    [2014/02/20 17:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cobian Backup 11
    [2014/02/17 09:46:22 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\21884856.sys
    [2014/02/16 23:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2014/02/16 12:40:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2014/02/16 12:35:36 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/02/16 12:35:24 | 000,000,000 | ---D | C] -- C:\Users\Brenda Williams\Desktop\mbar
    [2014/02/12 15:23:41 | 000,000,000 | ---D | C] -- C:\Users\Brenda Williams\AppData\Roaming\Deaceg
    [2014/02/12 12:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
    [2014/02/12 00:14:31 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2014/02/11 02:11:34 | 000,000,000 | ---D | C] -- C:\Users\Brenda Williams\Desktop\vegan recipies
    [2014/02/09 00:56:21 | 000,000,000 | ---D | C] -- C:\Users\Brenda Williams\AppData\Roaming\Mozilla
    [2011/11/08 18:52:01 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Brenda Williams\AppData\Roaming\pcouffin.sys
    [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/02/24 13:05:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1321444690-2986647034-1287303203-1000UA.job
    [2014/02/24 13:03:44 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/02/24 13:03:44 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/02/24 12:53:51 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/02/24 12:53:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/02/24 12:53:22 | 3003,305,984 | -HS- | M] () -- C:\hiberfil.sys
    [2014/02/24 12:52:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/02/24 12:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/02/24 12:46:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brenda Williams\Desktop\OTL.exe
    [2014/02/24 12:45:11 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\Brenda Williams\Desktop\JRT.exe
    [2014/02/24 12:43:45 | 001,241,834 | ---- | M] () -- C:\Users\Brenda Williams\Desktop\adwcleaner.exe
    [2014/02/24 03:51:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2014/02/24 02:18:09 | 000,780,196 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014/02/24 02:18:09 | 000,660,998 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014/02/24 02:18:09 | 000,121,636 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2014/02/24 02:09:30 | 005,184,582 | R--- | M] (Swearware) -- C:\Users\Brenda Williams\Desktop\ComboFix.exe
    [2014/02/24 01:56:19 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1321444690-2986647034-1287303203-1000Core.job
    [2014/02/22 21:13:16 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/02/22 21:11:10 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/02/22 13:56:54 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2014/02/21 18:16:00 | 000,068,161 | ---- | M] () -- C:\Users\Brenda Williams\AppData\Local\ucxaghdo
    [2014/02/21 18:09:47 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/02/21 17:44:48 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Brenda Williams\Desktop\dds.com
    [2014/02/17 09:46:23 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\21884856.sys
    [2014/02/13 03:43:03 | 000,774,412 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2014/02/13 03:24:10 | 000,000,662 | ---- | M] () -- C:\Windows\SysNative\.crusader
    [2014/02/12 15:28:55 | 475,055,312 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2014/02/11 22:55:58 | 000,012,326 | ---- | M] () -- C:\Users\Brenda Williams\AppData\Local\qwalsbao
    [2014/02/11 22:54:55 | 000,068,260 | ---- | M] () -- C:\Users\Brenda Williams\AppData\Local\apukpdxj
    [2014/02/11 22:53:51 | 000,000,000 | ---- | M] () -- C:\Users\Brenda Williams\AppData\Roaming\SharedSettings.ccs
    [2014/02/04 09:26:42 | 000,023,197 | ---- | M] () -- C:\Users\Brenda Williams\Desktop\Soc Security BenefitVerificationLetter.do.pdf
    [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/02/24 12:43:45 | 001,241,834 | ---- | C] () -- C:\Users\Brenda Williams\Desktop\adwcleaner.exe
    [2014/02/24 02:27:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2014/02/24 02:27:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2014/02/24 02:27:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2014/02/24 02:27:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2014/02/24 02:27:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2014/02/21 18:16:00 | 000,068,161 | ---- | C] () -- C:\Users\Brenda Williams\AppData\Local\ucxaghdo
    [2014/02/21 18:09:47 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/02/12 15:46:37 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2014/02/12 13:59:18 | 000,000,662 | ---- | C] () -- C:\Windows\SysNative\.crusader
    [2014/02/12 00:14:18 | 475,055,312 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2014/02/11 22:55:58 | 000,012,326 | ---- | C] () -- C:\Users\Brenda Williams\AppData\Local\qwalsbao
    [2014/02/11 22:54:55 | 000,068,260 | ---- | C] () -- C:\Users\Brenda Williams\AppData\Local\apukpdxj
    [2014/02/11 22:53:51 | 000,000,000 | ---- | C] () -- C:\Users\Brenda Williams\AppData\Roaming\SharedSettings.ccs
    [2014/02/04 09:26:41 | 000,023,197 | ---- | C] () -- C:\Users\Brenda Williams\Desktop\Soc Security BenefitVerificationLetter.do.pdf
    [2013/08/21 06:58:10 | 000,000,036 | -H-- | C] () -- C:\Windows\SysWow64\f9t.dat
    [2012/12/18 12:58:52 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2012/05/22 21:44:24 | 000,774,412 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/04/01 17:09:19 | 000,221,647 | ---- | C] () -- C:\Windows\hpoins19.dat
    [2012/04/01 17:09:19 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
    [2011/11/08 18:52:01 | 000,099,384 | ---- | C] () -- C:\Users\Brenda Williams\AppData\Roaming\inst.exe
    [2011/11/08 18:52:01 | 000,007,859 | ---- | C] () -- C:\Users\Brenda Williams\AppData\Roaming\pcouffin.cat
    [2011/11/08 18:52:01 | 000,001,167 | ---- | C] () -- C:\Users\Brenda Williams\AppData\Roaming\pcouffin.inf

    ========== ZeroAccess Check ==========

    [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/03/26 01:13:08 | 000,000,000 | ---D | M] -- C:\Users\Brenda Williams\AppData\Roaming\.oit
    [2013/09/22 08:10:14 | 000,000,000 | ---D | M] -- C:\Users\Brenda Williams\AppData\Roaming\AVG2014
    [2011/12/22 00:30:24 | 000,000,000 | ---D | M] -- C:\Users\Brenda Williams\AppData\Roaming\Barnes & Noble
    [2012/11/24 15:22:20 | 000,000,000 | ---D | M] -- C:\Users\Brenda Williams\AppData\Roaming\DAEMON Tools Lite
    [2014/02/16 14:16:06 | 000,000,000 | ---D | M] -- C:\Users\Brenda Williams\AppData\Roaming\Deaceg
    [2013/07/20 23:04:28 | 000,000,000 | ---D | M] -- C:\Users\Brenda Williams\AppData\Roaming\FreeVideoPlayer
    [2013/03/25 23:58:19 | 000,000,000 | ---D | M] -- C:\Users\Brenda Williams\AppData\Roaming\Nuance
    [2012/07/03 14:17:05 | 000,000,000 | ---D | M] -- C:\Users\Brenda Williams\AppData\Roaming\PowerCinema
    [2014/01/31 02:12:22 | 000,000,000 | ---D | M] -- C:\Users\Brenda Williams\AppData\Roaming\SoftGrid Client
    [2013/08/22 16:33:27 | 000,000,000 | ---D | M] -- C:\Users\Brenda Williams\AppData\Roaming\Stamps.com Internet Postage
    [2013/06/03 14:04:57 | 000,000,000 | ---D | M] -- C:\Users\Brenda Williams\AppData\Roaming\TeamViewer
    [2012/05/22 21:45:38 | 000,000,000 | ---D | M] -- C:\Users\Brenda Williams\AppData\Roaming\TP
    [2012/09/27 22:26:55 | 000,000,000 | ---D | M] -- C:\Users\Brenda Williams\AppData\Roaming\TuneUp Software
    [2011/11/08 18:53:01 | 000,000,000 | ---D | M] -- C:\Users\Brenda Williams\AppData\Roaming\Vso
    [2013/03/25 23:58:29 | 000,000,000 | ---D | M] -- C:\Users\Brenda Williams\AppData\Roaming\Zeon
    [2012/10/14 08:15:13 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
    [2012/10/14 08:15:13 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2013/07/21 00:14:06 | 000,000,000 | ---D | M](C:\Users\Brenda Williams\AppData\Local\_?_) -- C:\Users\Brenda Williams\AppData\Local\_ž_
    [2013/07/21 00:14:06 | 000,000,000 | ---D | M](C:\Users\Brenda Williams\AppData\Local\_?_) -- C:\Users\Brenda Williams\AppData\Local\_ž_
    (C:\Users\Brenda Williams\AppData\Local\_?_) -- C:\Users\Brenda Williams\AppData\Local\_ž_

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 246 bytes -> C:\ProgramData\Temp:FD9CE1F3
    < End of report >
     
  10. matrix25

    matrix25 TS Rookie Topic Starter

    OTL Extras logfile created on: 2/24/2014 1:24:43 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brenda Williams\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16518)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.73 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 68.59% Memory free
    7.46 Gb Paging File | 6.10 Gb Available in Paging File | 81.76% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 450.66 Gb Total Space | 323.75 Gb Free Space | 71.84% Space Free | Partition Type: NTFS

    Computer Name: BRENDAWILLIAMS | User Name: Brenda Williams | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00F04682-1266-4732-88E0-5C9265AFBDE3}" = lport=445 | protocol=6 | dir=in | app=system |
    "{0542883B-2EF3-4B12-9693-81E4B0B357C7}" = rport=445 | protocol=6 | dir=out | app=system |
    "{06D91FA2-A6A4-4DAC-8C8B-D23E3BEE04C1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{1021B45D-0C65-47AC-99A0-76232B26A9B3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{1D994D40-838F-4FC6-8C26-DBC7FDAB7F3E}" = lport=138 | protocol=17 | dir=in | app=system |
    "{248FCBA4-61EA-42B5-BEE3-6D96178B8393}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{294E6E5A-0585-4747-89AB-5FD1500556C1}" = rport=138 | protocol=17 | dir=out | app=system |
    "{34B88E3C-2143-41A9-8823-D70EFD9738EF}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
    "{3D9B0CD0-0EB2-4567-8DEE-ED4A39AB0327}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4BE7C7A0-B3CA-43C3-905A-82590C6A4DB2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{570E18A1-3D13-4C28-A773-05317E49118C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{65D9C2E0-F40B-4F73-824A-FBD6670C6873}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{739C54E3-2006-444F-974B-C87B701EC64F}" = rport=137 | protocol=17 | dir=out | app=system |
    "{7469C3A5-01CC-4138-B9B5-A08277805248}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{805D64DD-B565-41AD-9E13-4FCCEE8EF5EF}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{8BA4DC76-9B18-4917-B554-72562CE3D12B}" = rport=139 | protocol=6 | dir=out | app=system |
    "{9981D5BD-EEA3-4527-B941-CB57B74FC019}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A9E93F53-FBBE-4A62-AE6E-D5FA0A5C7DDA}" = lport=139 | protocol=6 | dir=in | app=system |
    "{B096679C-F3D8-4BC8-9512-3DFB3933AB44}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{B938E23A-EB94-4A27-A14F-3373BC4E2BB8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C29B4DE0-CF2C-4909-AE53-31C748363996}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C50773AC-A4D0-4745-95A0-F4A812CC904E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{D3ACCE91-5B32-4D05-A65B-7EC644F1FCD6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{D64A8FDA-EB62-4DE5-9454-A946866B42AA}" = lport=137 | protocol=17 | dir=in | app=system |
    "{DA5A4C3F-AE48-48A9-8532-E0DB643D4CDE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{E4B0CA94-C5B0-4235-A7B5-CEBEB3AE4519}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{016CD2CF-309C-4788-8456-DCDAF09715E9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{01C8C398-6AF7-4B14-9237-9E22BD2678E2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
    "{03A58849-80BC-4A20-85A9-55FAA77D218F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{15B40A4E-B64D-4A91-B2FA-3A8F8F641DF7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
    "{17D9C430-1CA4-4215-9E87-110106D4DA04}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{1CED22F6-6BFA-4F51-A409-E210DC9BA81D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{1EED03B8-2BA2-43F8-98D3-9736DDB3FB58}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
    "{1F030635-F214-4D37-9F42-530C44E69D9E}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
    "{27F70419-4EA9-4E34-815C-50F195BD417F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
    "{2CAFB164-770A-4128-AAA9-59FA3B443C7B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{2E98B503-9449-49BB-AF4D-730737B23F19}" = protocol=6 | dir=out | app=system |
    "{347C46F4-2EF9-486F-AC09-7754992A8E0A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{3A571368-A488-4013-9340-1B0B8D4D8CF6}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe |
    "{3FE6C2E4-165F-4A8D-9303-A94A8BFD4C76}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
    "{40D70D34-14D7-41B2-A25B-DAF7903064EF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{41099496-005C-40A1-889C-62CA1B440746}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
    "{44EBD4C8-1B4C-47E0-A5D2-3CCC4E2AF5CF}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbtray.exe |
    "{466EB94B-6B75-4C70-BE26-BFFA09BB6E4B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{46B5C369-A964-4B52-B89E-0CFE91F83DBD}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbir.exe |
    "{49CA08F3-5D66-4D2A-AC97-ECC997AE8BB8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{49DEC0F6-4CFF-40EF-AD50-19E86B6EBD4A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
    "{4C276382-013E-4968-AD81-626799472972}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
    "{52BDAF4B-B3BB-4C60-8E36-496435EB932B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
    "{53AC9A02-5EE2-4EDA-83C0-6E6688740270}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{5506136E-0070-4032-BE20-B3A7137B2D88}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbstreamerclient.exe |
    "{57999394-04E6-47F5-956B-6B1C528346C8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{59754C28-962B-4466-995E-6F98B9008095}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
    "{5ACD6E8F-46AC-4337-9C0E-428EF36DA3F0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
    "{5BD7D78D-F089-4AEF-A709-F6E533A8CA8A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{5D0EAAB9-C486-4B21-BAAA-04D2E2984C60}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovieservice.exe |
    "{5D3030A7-678C-4318-82F7-90D43E0B4D8C}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
    "{5E942B51-7D9E-471A-8B13-00CD97D03A54}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
    "{64DE74AB-540E-4E8A-88A8-1FAC90388173}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
    "{669B6624-ACDB-4D14-8E03-9A15EFB7EA51}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovie.exe |
    "{69464F21-0444-4364-8013-1F467134C960}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{694C989B-58C2-40AB-9FA1-0DB04F78FA41}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{6DBAF499-6BE0-4E95-AF55-8A934EAE4B34}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7460DCD9-4466-485E-9AC6-F15A4432CFE3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{7D6AC408-9177-4B5C-B052-BD54EBCFE4AB}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{7F0E5DB9-DB34-4864-8BAB-71E463055765}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
    "{7FC36CA6-273B-4BA0-A7F8-51F0B2928EA3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{81936180-D8DE-493B-BC42-5F7DF6AE66EA}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{81CD03EB-1351-4559-87A7-2F62F1059301}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
    "{86F4ABD3-7D01-4DAC-A9BE-7E960829487F}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
    "{87082AF1-65AA-433B-955F-9899B7558938}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
    "{887ED4E1-FE17-48A7-A273-29D30FB82525}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
    "{8AB4C231-A665-4B10-A39A-CA102E259097}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
    "{8B198959-1277-4DF2-A97C-A4A5231BB716}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
    "{8B798CFD-BEE9-49CC-87C7-9E45EB5F1850}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{8BF59547-CECA-4F4A-8AF4-A904243AD591}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
    "{8D7002FC-FE88-4AF7-82B3-763509FA9B89}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
    "{90CBE3E7-2BCD-4EFF-9C3C-8DFDC55B802F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
    "{932EF418-28F2-4A04-8C62-A84E0F15B4DC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{9681CA59-4C9D-4EBF-89FA-A27A47B04853}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{98C5FC7D-9F70-403D-B580-252C2C02D58C}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orb.exe |
    "{A091F7B4-4F3C-4E69-8723-3D72D3E618AC}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe |
    "{A22F641C-B86E-4C41-9BCA-20BD0CDC2C72}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{A390031B-74A2-422D-9E2F-B6BB086AB046}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
    "{A4FFEF99-31BA-4C15-8617-C5135EB2F28C}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbstreamerclient.exe |
    "{A76BA3AB-2C5F-46F5-A334-8D7299D69390}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbtray.exe |
    "{A7700050-7A92-4479-8C0E-DDB11022F50F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{ABEDE82F-4C9C-46B1-8B5F-A76D4AB9B30B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{B1C2B27B-F596-4681-B614-2612A9A3C607}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{B3D48160-DF79-4F30-A94F-945A5E2573D4}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe |
    "{B5EA02C4-79AD-4E36-94FF-69F1609981EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{B75222CB-8F11-49CF-BF62-F081F06ACD87}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{BAAF2AE1-50B7-4C75-A64C-F42BE8DDC735}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
    "{BBAE98AB-63E0-4483-B89F-15F4996072DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{BD97274D-BDB8-4DFD-8A4C-7D6A98B8F989}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{BEF19905-E145-4283-A9FB-77989BC76CB1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{C2D03299-5462-44D7-B980-C180C3D13EB1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
    "{C5A0AD9C-C477-4091-A062-A9322B3A9EDF}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{C7E92E5D-92D4-4BC4-A49A-3F02E570E9B7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{C8583F09-DC98-4F8D-A5AD-9A0AC84FFD90}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{CBEF1C4B-FE40-4A8A-804E-0E17B26632F5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
    "{CD04C789-9A83-4168-8BF4-704F31438BC5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
    "{D09BD1ED-D93F-43FF-8E22-610CBF3CDF51}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbir.exe |
    "{D2746472-ED79-40A1-A1A2-2D6A62DF0713}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{DA327F39-C08A-4C95-B89C-D3462806D068}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{DDA1EA32-ADDC-4D7F-8761-820D5961DC02}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{E058C096-DE89-4D7E-B330-569207A81B18}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{E0734EF6-2379-4DB6-A92F-DE1DB2908B8A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
    "{E15B1022-69F7-4E09-A990-D25D3C014BD4}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orb.exe |
    "{E2710A12-65E7-4715-9467-99F6BFB3296C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
    "{E3CCFC77-3861-4435-9B9A-C1EA8B32903B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
    "{E41BEF37-18F7-4D30-9CD0-550245B2E757}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
    "{E6D56F5B-7F6A-44FA-93A4-AAF1ABE5D147}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{E87CD45C-66BC-413C-9650-70BC1008B4B5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
    "{EB052A70-1692-450E-BA18-08E610EFBE84}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
    "{ED1BE61D-AC73-4BC9-ADD2-960538D358DE}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe |
    "{EFC26880-6EFF-4977-8BB5-E1221D2B7350}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{F599A6CF-B232-4BEC-B72E-831CFB65A8F9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{F67181C6-3D8C-4F7E-91EC-9B374D5675FF}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
    "{F74D8C96-0EC2-4841-9552-F3975C6A385E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
    "{F7BA214A-EF9F-44F7-B1FC-5A0D7103126A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{FE17BC1D-C31F-4871-926B-89D070681744}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{FF0996FD-311C-4802-A2D2-7FBD81520185}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe |
    "TCP Query User{221D1D74-9BE7-42C4-BCAE-1F50E18B7E03}C:\users\brenda williams\appdata\local\freescreensharing\freescreensharing.exe" = protocol=6 | dir=in | app=c:\users\brenda williams\appdata\local\freescreensharing\freescreensharing.exe |
    "TCP Query User{4A252E8A-A973-4639-8456-1D072713AED5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "TCP Query User{4D0B67F3-50D8-4F80-BCC9-3C7518D00A39}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
    "TCP Query User{A4BAD0B6-99EB-4EDC-A70E-228A0B0E466F}C:\program files (x86)\globalinx\globalinx gsp-10\globalinx-gsp-10.exe" = protocol=6 | dir=in | app=c:\program files (x86)\globalinx\globalinx gsp-10\globalinx-gsp-10.exe |
    "UDP Query User{237C09AF-12A3-4466-BB7C-912318520010}C:\users\brenda williams\appdata\local\freescreensharing\freescreensharing.exe" = protocol=17 | dir=in | app=c:\users\brenda williams\appdata\local\freescreensharing\freescreensharing.exe |
    "UDP Query User{5964E1B7-B492-4DF9-A2A2-4D9555AD6961}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
    "UDP Query User{81C7B429-5938-42B0-B50E-E8C1622E43E5}C:\program files (x86)\globalinx\globalinx gsp-10\globalinx-gsp-10.exe" = protocol=17 | dir=in | app=c:\program files (x86)\globalinx\globalinx gsp-10\globalinx-gsp-10.exe |
    "UDP Query User{E23110EA-2570-410E-8575-FDC054380AC5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
    "{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{2D5E3D2B-919F-407C-8757-E64827518BB6}" = HP Officejet Pro 8600 Basic Device Software
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}" = PaperPort Anywhere 1.1.4269.39023 powered by OfficeDrop
    "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{91415F19-4C22-3609-A105-92ED3522D83C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
    "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
    "{D6A47464-38FF-379F-C683-9DA1F8371810}" = ATI Catalyst Install Manager
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E40EC00B-EE04-DC80-1903-F3A0225BD512}" = WMV9/VC-1 Video Playback
    "{E9A0490E-44EE-6715-3F35-0D0B921A4D71}" = ccc-utility64
    "{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}" = HP Officejet Pro 8500 A910 Basic Device Software
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F792E5B0-11C4-4C68-8A63-FB5F52749180}" = HP Officejet Pro 8600 Product Improvement Study
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Smart Web Printing" = HP Smart Web Printing 4.51
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Shop for HP Supplies" = Shop for HP Supplies
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
    "{042A6F10-F770-4886-A502-B795DCF2D3B5}" = Nuance PDF Viewer Plus
    "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
    "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
    "{0847420B-9C5D-4880-B7D9-6312AC24C8F1}" = 7300
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
    "{13D324E9-9DB1-478D-944C-28BBE1BB80DC}" = HP Officejet Pro 8500 A910 Help
    "{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = clear.fi
    "{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
    "{1895E5C2-A9F8-4757-AD7B-0E9EA8BA1C46}" = Catalyst Control Center - Branding
    "{198235FE-A74B-074D-A296-C9447879FC62}" = CCC Help Polish
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{300F1D49-A89E-FB10-95C5-2BE277DCD00E}" = CCC Help Norwegian
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{32257980-61DF-4685-A72B-08683838233B}" = 7300_Help
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{377739AE-00D9-4E80-8ECB-4C8A7EFFE526}" = 7300Trb
    "{3903E490-B11B-EBD1-8D99-02107FA5E55A}" = CCC Help Korean
    "{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
    "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
    "{3C461A45-7EE5-86A8-70A2-616FE5E46886}" = CCC Help Russian
    "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
    "{3D19DC4C-7BA8-DEFF-50D2-D9ECFDB5B33C}" = CCC Help Italian
    "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
    "{3EFCAD6D-BAE1-AF00-CF70-B6B0B29745AD}" = CCC Help Czech
    "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
    "{41101F0C-DBD9-321C-A6B1-E0689B495A4E}" = Google Talk Plugin
    "{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
    "{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
    "{4796F85F-7F17-1B0B-0B7A-74B0BCB809FB}" = Catalyst Control Center Graphics Previews Common
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048
    "{5E8E67B8-CEF8-445D-BFDF-620077C2584E}_is1" = Free Video Player version 1.0.2
    "{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{6633BDE3-45CB-23C4-EE1A-F596CDA752A1}" = AMD VISION Engine Control Center
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7AA2AB4E-D723-9AD2-F52D-575EDB6D5182}" = CCC Help Finnish
    "{7DB1EA80-CBFD-4912-6ED9-5954FE8A6EF4}" = CCC Help Turkish
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
    "{845E9301-ADEC-51D1-BDA6-3E12BC5B9790}" = CCC Help Japanese
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{84A937E3-1DCA-E377-23D3-C8236E3CE443}" = CCC Help Hungarian
    "{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Help
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{900216A0-2258-359F-4EE6-040BA8DE76FD}" = CCC Help German
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{9511E79A-9EA3-BF62-BA14-F7E7A3E8B7D0}" = CCC Help Dutch
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
    "{98596F7A-AC0F-75DD-2461-AB218E93E4A2}" = Catalyst Control Center InstallProxy
    "{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A28F8828-8BCC-8FC4-C703-0F7F396B68D9}" = CCC Help Greek
    "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
    "{AB6CDDDD-C21D-D286-3318-547DF17794D7}" = CCC Help English
    "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.9) MUI
    "{AD611D1C-E3F9-7C13-FB25-198251248BA4}" = CCC Help Thai
    "{B26B34D7-EEE9-BE54-6812-FEBBD72DB1F8}" = CCC Help Chinese Standard
    "{B2E2A3A6-3044-430B-88E6-DBC32BFDD659}" = EGW Comprehensive Research Edition
    "{B50132FD-7CD4-6036-B3D8-588CEA3E99CA}" = CCC Help French
    "{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}" = HP Officejet Pro 8600 Help
    "{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C158E4E4-B2A2-4D62-9C61-D0FC62D78E6D}" = Nuance PaperPort 14
    "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
    "{C28D96C0-6A90-459E-A077-A6706F4EC0FC}" = Bing Bar
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CB2BA5CD-265B-E5F6-CC60-3D30A474F3B4}" = CCC Help Swedish
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
    "{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3A5C52C-3F24-779F-6968-E1CACFEC898F}" = CCC Help Danish
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
    "{EC8A98CE-8E48-D4B1-E764-7FF76581DB21}" = CCC Help Chinese Traditional
    "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F9D3A001-2D26-6DC3-F390-E24F991F9F4F}" = CCC Help Portuguese
    "{FB5E6121-1A8B-C137-B72E-ECFE84814713}" = Catalyst Control Center Localization All
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FD6A2243-E191-0540-A8F1-A9068E21673A}" = CCC Help Spanish
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Acer Registration" = Acer Registration
    "Acer Screensaver" = Acer ScreenSaver
    "Acer Welcome Center" = Welcome Center
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
    "BibleTriviaTime_4lbar Uninstall" = Know the Bible? Toolbar
    "BN_DesktopReader" = NOOK for PC
    "CobBackup11" = Cobian Backup 11 Gravity
    "com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
    "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "DVDFab 7_is1" = DVDFab 7.0.4.0 (15/04/2010)
    "DVDFab 8 Qt_is1" = DVDFab 8.2.1.2 (21/09/2012) Qt
    "Globalinx GSP-10" = Globalinx GSP-10
    "Identity Card" = Identity Card
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
    "InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
    "InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
    "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
    "InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
    "InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
    "LManager" = Launch Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "Orb" = Winamp Remote
    "Stamps.com" = Stamps.com
    "TotalRecipeSearch_14bar Uninstall" = TotalRecipeSearch Toolbar
    "VLC media player" = VLC media player 2.0.4
    "webmmf" = WebM Media Foundation Components
    "WildTangent acer Master Uninstall" = Acer Games
    "Winamp" = Winamp
    "WinLiveSuite" = Windows Live Essentials
    "WTA-26cbf7a2-3b3d-4481-8358-ed50190d0d7a" = Mystery of Mortlake Mansion
    "WTA-3de1282e-a58e-404d-a928-38ab7c9b0f8b" = Dora's World Adventure
    "WTA-56710ea8-ec2c-460b-b26f-ea79134a1193" = Polar Bowler
    "WTA-58d4f4a7-b429-491f-a6ef-f9dd96dfb17b" = Agatha Christie - Death on the Nile
    "WTA-59465ebf-f978-4148-9000-d7b7310ca38f" = Build-a-lot 4 - Power Source
    "WTA-61f98117-a3c4-46df-9608-885f018e7138" = Final Drive: Nitro
    "WTA-6cd3f34e-d585-437f-8c94-8c1478184c94" = Chronicles of Albian
    "WTA-6e48c455-dbbf-4adc-829a-8a791c65ccc3" = Polar Golfer
    "WTA-723d9a74-7bdf-47a6-9ebf-86f8aaac080a" = Zuma's Revenge
    "WTA-76f3d33a-85b3-4b97-8676-f237822328b0" = Governor of Poker 2 Premium Edition
    "WTA-8da34abd-d689-4b34-8007-d2d91849eae6" = FATE: The Cursed King
    "WTA-92ec207f-5ccb-4b9c-9822-edba6148e742" = Bejeweled 2 Deluxe
    "WTA-9c61fbbc-e133-4dd1-b1d0-ae071a5e80b0" = Virtual Villagers 5 - New Believers
    "WTA-9f4c3758-a1d2-4d5c-b72e-cc67f0f8f76a" = Torchlight
    "WTA-ccb42585-7045-453c-9cd7-50d097e23977" = Penguins!
    "WTA-d85936c5-d646-4e59-9632-2d70c21e62f5" = Chuzzle Deluxe
    "WTA-dad68615-76cf-4564-b094-13c133f636b5" = Cradle of Rome 2
    "WTA-e45d9e83-10fd-408d-acd4-d85e11e52960" = Plants vs. Zombies - Game of the Year
    "WTA-eaf82169-5630-4c78-bd1d-38753e3d9eb6" = Jewel Match 3
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1321444690-2986647034-1287303203-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "6c2290d276fa0f0d" = RabbitTV
    "FreeScreenSharing" = FreeScreenSharing
    "GoToMeeting" = GoToMeeting 5.4.0.1082

    < End of report >
     
  11. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    [​IMG] Please reinstall your AV program as soon as possible.

    [​IMG]
    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    IE - HKU\S-1-5-21-1321444690-2986647034-1287303203-1000\..\URLSearchHook: {3f2ae504-aa17-4805-90e8-56e48f98731c} - No CLSID value found
    FF - HKLM\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin: C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [TotalRecipeSearch Home Page Guard 64 bit] "C:\PROGRA~2\TOTALR~2\bar\1.bin\AppIntegrator64.exe" File not found
    O4 - HKLM..\Run: [] File not found
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
    [2014/02/21 18:16:00 | 000,068,161 | ---- | C] () -- C:\Users\Brenda Williams\AppData\Local\ucxaghdo
    [2014/02/11 22:55:58 | 000,012,326 | ---- | C] () -- C:\Users\Brenda Williams\AppData\Local\qwalsbao
    [2014/02/11 22:54:55 | 000,068,260 | ---- | C] () -- C:\Users\Brenda Williams\AppData\Local\apukpdxj
    @Alternate Data Stream - 246 bytes -> C:\ProgramData\Temp:FD9CE1F3
    
    :Services
    
    :Reg
    
    :Files
    C:\FRST
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Click on "Run ESET Online Scanner" button.
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  12. matrix25

    matrix25 TS Rookie Topic Starter

    Here are the logs.

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-1321444690-2986647034-1287303203-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{3f2ae504-aa17-4805-90e8-56e48f98731c} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f2ae504-aa17-4805-90e8-56e48f98731c}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{3f2ae504-aa17-4805-90e8-56e48f98731c}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TotalRecipeSearch Home Page Guard 64 bit deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.
    File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.
    File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found not found.
    C:\Users\Brenda Williams\AppData\Local\ucxaghdo moved successfully.
    C:\Users\Brenda Williams\AppData\Local\qwalsbao moved successfully.
    C:\Users\Brenda Williams\AppData\Local\apukpdxj moved successfully.
    ADS C:\ProgramData\Temp:FD9CE1F3 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File\Folder C:\FRST not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Brenda Williams
    ->Temp folder emptied: 2940533 bytes
    ->Temporary Internet Files folder emptied: 1929669044 bytes
    ->Flash cache emptied: 78804 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56468 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 349032 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 49556 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42304877 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1,884.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Brenda Williams

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Brenda Williams
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 02242014_160133
    Files\Folders moved on Reboot...
    C:\Users\Brenda Williams\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Brenda Williams\AppData\Local\Temp\MMDUtl.log moved successfully.
    C:\Users\Brenda Williams\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...


    Results of screen317's Security Check version 0.99.79
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Firewall Disabled!
    AVG AntiVirus Free Edition 2014
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.75.0.1300
    Adobe Reader 10.1.9 Adobe Reader out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    AVG avgwdsvc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````


    Farbar Service Scanner Version: 16-02-2014
    Ran by Brenda Williams (administrator) on 24-02-2014 at 18:07:59
    Running from "C:\Users\Brenda Williams\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============

    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  13. matrix25

    matrix25 TS Rookie Topic Starter

    C:\Qoobox\Quarantine\C\Users\Brenda Williams\AppData\Local\ogtjvcnc.exe.vir Win32/TrojanDownloader.Zortob.F trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Users\Brenda Williams\AppData\Local\qmssihoq.exe.vir Win32/TrojanDownloader.Zortob.F trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Users\Brenda Williams\AppData\Local\rsfhgkcr.exe.vir a variant of Win32/Kryptik.BVKP trojan cleaned by deleting - quarantined
    C:\Windows 7 Backup\Brenda Williams 2014-02-20 17;43;03 (Full)\AppData\Local\ogtjvcnc.exe Win32/TrojanDownloader.Zortob.F trojan cleaned by deleting - quarantined
    C:\Windows 7 Backup\Brenda Williams 2014-02-20 17;43;03 (Full)\AppData\Local\qmssihoq.exe Win32/TrojanDownloader.Zortob.F trojan cleaned by deleting - quarantined
    C:\Windows 7 Backup\Brenda Williams 2014-02-20 17;43;03 (Full)\AppData\Local\sfplagwv.exe Win32/Injector.AXVW trojan cleaned by deleting - quarantined
     
  14. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    ===============================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  15. matrix25

    matrix25 TS Rookie Topic Starter

    Computer is purring along and no signs of the update flash player popup or the dllhost.exe problem. Thank you so much for all your help. I really appreciate the step by step way of going through the process. It was very informative. Once again thank you.
     
  16. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Yes!! [​IMG]
    Good luck and stay safe :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...