I am having trouble in copying and pasting the logs. I already right click copy but it does not give me the option of pasting it to the reply. How do I paste it?

Hello,

When searching on Google I've been recently sent to a page asking for a CAPTCHA: The page reads below.

"To continue, please type the characters below:

(CAPTCHA)

About this page

Our systems have detected unusual traffic from your computer network. This page checks to see if it's really you sending the requests, and not a robot. Why did this happen?

IP address: 50.172.132.162
Time: 2014-11-19T07:41:29Z
URL: https://www.google.com/search?q=Michelle+Trachtenberg&client=firefox-a&hs=d1g&rls=org.mozilla:en-US:official&channel=sb&source=lnms&tbm=isch&sa=X&ei=sUhsVIeKH4yjyAT4_4HwDQ& ved=0CAgQ_AUoAQ&biw=1920&bih=922"

Any Help is Greatly Appreciated!


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Core(TM) i5-3330 CPU @ 3.00GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 4
RAM: 8063 Mb
Graphics Card: NVIDIA GeForce GT 620, 1024 Mb
Hard Drives: C: Total - 1894353 MB, Free - 333270 MB; F: Total - 1430795 MB, Free - 288719 MB; G: Total - 99 MB, Free - 68 MB; I: Total - 953766 MB, Free - 881856 MB;
Motherboard: Dell Inc., 084J0R
Antivirus: Windows Defender, Disabled

The virus I'm experienceing does not all downloads, Security alert, "your current security settings do not allow this download

Thanks for telling us Rob.

Glad everything is sorted now. :)

I keep getting java pop ups and it prevents me from doing anything. wants me to dwnload the latest version, I finally gave up and decided to check here 1st. Also get a lot of pop ups of men and women smiling telling me I have virus and to call them, I have 3 tabs right now...1 w/java and the other 2 telling me I have a virus. Had a hard time getting on here!
Thank you in advance for any help you can give me! I'm running win. 8.1

Barb

I decided to run Kaspersky to see if I can get my desk top cleaned up and it's been running an hour and 28 minutes and completed 1% and is to finish in 7 days, I guess I'll close t and start over in the morning.

I am having the same problem as listed below, tried a few things myself, Malwarebytes found some registry issues and I removed those and also ran a security scan thru MSF Security Essentials, removing some things from there, but the problem persists.

Its the same problem as this thread:
http://forums.techguy.org/virus-othe...-platypus.html

I have downloaded FRST64 and here are the results


FRST.TXT

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-11-2014
Ran by Barbel (administrator) on BARBEL-HP on 19-11-2014 15:20:07
Running from C:\Users\Barbel\Desktop
Loaded Profile: Barbel (Available profiles: Barbel)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
() C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\arrmeapsie64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7c\waol.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\Roxio 2011\5.0\CPMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe [307184 2010-07-16] (Sonic Solutions)
HKLM-x32\...\Run: [CPMonitor] => C:\Program Files (x86)\Roxio 2011\5.0\CPMonitor.exe [84464 2010-07-13] ()
HKLM-x32\...\Run: [ospd_us_301] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
HKU\S-1-5-21-913172041-2461324656-1359686728-1000\...\Run: [Google Update] => C:\Users\Barbel\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-19] (Google Inc.)
HKU\S-1-5-21-913172041-2461324656-1359686728-1000\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.7c\AOL.EXE [72296 2014-04-08] (AOL Inc.)
HKU\S-1-5-21-913172041-2461324656-1359686728-1000\...\MountPoints2: {70549a4f-faee-11e3-97cd-806e6f6e6963} - E:\autorun.exe
AppInit_DLLs: C:\PROGRA~3\INTERE~1\INTERE~2.DLL => C:\ProgramData\Interenet Optimizer\InterenetOptimizer_x64.dll [4302848 2014-11-17] ()
AppInit_DLLs-x32: c:\progra~3\intere~1\intere~1.dll => c:\ProgramData\Interenet Optimizer\InterenetOptimizer.dll [4125696 2014-11-17] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
BootExecute: autocheck autochk *
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-913172041-2461324656-1359686728-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://astromenda.com/?f=1&a=ast_wnz...2105396508&ir=
URLSearchHook: HKCU - (No Name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_wnzp01_14_45_ch&cd=2XzuyEtN2Y1L1Qzu0A 0CzztCtCtByDzzyB0AtBzytAtAyD0CtN0D0Tzu0StCtDyEtCtN1L2XzutAtFyCtFtCtFtDtN1L1 CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByDyEtD0A0D0AyCtGyBtBtD0AtGtBtB0B yEtG0EyEyBtBtGtDyDzyyE0DtCtDyEtD0F0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0CyCtDtAy Ezz0DtGyD0C0A0DtGyE0D0DyEtGzy0BtC0CtG0B0FyD0A0AzztC0AtA0D0FtA2Q&cr=21053965 08&ir=
SearchScopes: HKLM -> {9B7CC1F2-0F94-466D-B3F5-5C8438F7FCC8} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {0A77715B-F4C8-4C6B-AB41-64DB4D15FAFE} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
SearchScopes: HKLM-x32 -> {9B7CC1F2-0F94-466D-B3F5-5C8438F7FCC8} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-913172041-2461324656-1359686728-1000 -> DefaultScope {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_wnzp01_14_45_ch&cd=2XzuyEtN2Y1L1Qzu0A 0CzztCtCtByDzzyB0AtBzytAtAyD0CtN0D0Tzu0StCtDyEtCtN1L2XzutAtFyCtFtCtFtDtN1L1 CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByDyEtD0A0D0AyCtGyBtBtD0AtGtBtB0B yEtG0EyEyBtBtGtDyDzyyE0DtCtDyEtD0F0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0CyCtDtAy Ezz0DtGyD0C0A0DtGyE0D0DyEtGzy0BtC0CtG0B0FyD0A0AzztC0AtA0D0FtA2Q&cr=21053965 08&ir=
SearchScopes: HKU\S-1-5-21-913172041-2461324656-1359686728-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tight3_14_33&cd=2XzuyEtN2Y1L1Qzu0A0Cz ztCtCtByDzzyB0AtBzytAtAyD0CtN0D0Tzu0StCtDyEtCtN1L2XzutAtFyCtFtCtFtDtN1L1Czu 2Z1L1N1M2Z1VtCyE1VtCzztN1L1G1B1V1N2Y1L1Qzu2StAtBzz0CtDzyyDyCtGyCzzzzzytGtBt D0FtAtGzz0EyB0FtGyBtD0B0E0Azy0ByE0FtC0CyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0CyCtD tAyEzz0DtGyD0C0A0DtGyE0D0DyEtGzy0BtC0CtG0B0FyD0A0AzztC0AtA0D0FtA2Q&cr=54046 4297&ir=
SearchScopes: HKU\S-1-5-21-913172041-2461324656-1359686728-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_wnzp01_14_45_ch&cd=2XzuyEtN2Y1L1Qzu0A 0CzztCtCtByDzzyB0AtBzytAtAyD0CtN0D0Tzu0StCtDyEtCtN1L2XzutAtFyCtFtCtFtDtN1L1 CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByDyEtD0A0D0AyCtGyBtBtD0AtGtBtB0B yEtG0EyEyBtBtGtDyDzyyE0DtCtDyEtD0F0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0CyCtDtAy Ezz0DtGyD0C0A0DtGyE0D0DyEtGzy0BtC0CtG0B0FyD0A0AzztC0AtA0D0FtA2Q&cr=21053965 08&ir=
SearchScopes: HKU\S-1-5-21-913172041-2461324656-1359686728-1000 -> {6CDA463B-0891-431E-925B-E0622B4ED664} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_ dtid=OSJ000&apn_uid=8D3B63E0-7CA0-427B-8AC3-8BC18CD94F77&apn_sauid=611B0FCA-5C29-451B-81F5-3A739C778A87
SearchScopes: HKU\S-1-5-21-913172041-2461324656-1359686728-1000 -> {7CC69012-088E-4C25-AA39-225C81C0E0B2} URL = http://search.us.com/serp/1/?guid={DE56844E-5A2A-4446-AF33-C27207DADC64}&action=default_search&k={searchTerms}
SearchScopes: HKU\S-1-5-21-913172041-2461324656-1359686728-1000 -> {9B7CC1F2-0F94-466D-B3F5-5C8438F7FCC8} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-913172041-2461324656-1359686728-1000 -> {BCE52743-82D7-42D1-882C-05D2A3D3690D} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
SearchScopes: HKU\S-1-5-21-913172041-2461324656-1359686728-1000 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_cmi_14_44_ch&cd=2XzuyEtN2Y1L1Qzu0A0Cz ztCtCtByDzzyB0AtBzytAtAyD0CtN0D0Tzu0StCtDtAtBtN1L2XzutAtFyDtFtCtFyEtN1L1Czu tCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBtDyC0A0DyC0C0CtG0AyCyByCtG0FtCyCtBt G0A0CtBtAtGyEyDtCyBtA0DzytC0C0FyEzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByE0D0AyC0D0D 0BtGtD0A0EtAtGyEtD0E0FtGzy0CyCzytG0CyEyCyCyC0BtAyD0C0FyEzz2Q&cr=1644917020& ir=
SearchScopes: HKU\S-1-5-21-913172041-2461324656-1359686728-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-913172041-2461324656-1359686728-1000 -> {FE9C280C-F0F8-4E8B-92CA-15FA97D26CDC} URL = http://findwide.com/serp?guid={5A78AA00-D8C5-441C-8C0C-426F60FF39FF}&serpv=6&action=default_search&k={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - {71407865-5678-47ED-B95D-8B547553D97F} - No File
Toolbar: HKLM - No Name - !{37483b40-c254-4a72-bda4-22ee90182c1e} - No File
Toolbar: HKLM - No Name - !{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No File
Toolbar: HKLM - No Name - !{82E1477C-B154-48D3-9891-33D83C26BCD3} - No File
Toolbar: HKLM - No Name - !{C1AF5FA5-852C-4C90-812E-A7F75E011D87} - No File
Toolbar: HKLM - No Name - !{E33CF602-D945-461A-83F0-819F76A199F8} - No File
Toolbar: HKLM - No Name - !{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No File
Toolbar: HKLM-x32 - No Name - !{37483b40-c254-4a72-bda4-22ee90182c1e} - No File
Toolbar: HKLM-x32 - No Name - !{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No File
Toolbar: HKLM-x32 - No Name - !{82E1477C-B154-48D3-9891-33D83C26BCD3} - No File
Toolbar: HKLM-x32 - No Name - !{C1AF5FA5-852C-4C90-812E-A7F75E011D87} - No File
Toolbar: HKLM-x32 - No Name - !{E33CF602-D945-461A-83F0-819F76A199F8} - No File
Toolbar: HKLM-x32 - No Name - !{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Barbel\AppData\Roaming\Mozilla\Firefox\Profiles\u351rgib.default-1402942012330
FF DefaultSearchEngine: Astromenda
FF SelectedSearchEngine: Astromenda
FF Homepage: hxxp://astromenda.com/?f=1&a=ast_wnzp01_14_45_ch&cd=2XzuyEtN2Y1L1Qzu0A0CzztCtCtByDzzyB0AtBzytAtAy D0CtN0D0Tzu0StCtDyEtCtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B 1V1N2Y1L1Qzu2StByDyEtD0A0D0AyCtGyBtBtD0AtGtBtB0ByEtG0EyEyBtBtGtDyDzyyE0DtCt DyEtD0F0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0CyCtDtAyEzz0DtGyD0C0A0DtGyE0D0DyEtG zy0BtC0CtG0B0FyD0A0AzztC0AtA0D0FtA2Q&cr=2105396508&ir=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-913172041-2461324656-1359686728-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Barbel\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-913172041-2461324656-1359686728-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Barbel\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Barbel\AppData\Roaming\Mozilla\Firefox\Profiles\u351rgib.default-1402942012330\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Barbel\AppData\Roaming\Mozilla\Firefox\Profiles\u351rgib.default-1402942012330\searchplugins\Astromenda.xml
FF SearchPlugin: C:\Users\Barbel\AppData\Roaming\Mozilla\Firefox\Profiles\u351rgib.default-1402942012330\searchplugins\Groovorio.xml
FF SearchPlugin: C:\Users\Barbel\AppData\Roaming\Mozilla\Firefox\Profiles\u351rgib.default-1402942012330\searchplugins\trovi-search.xml
FF Extension: deal4me - C:\Users\Barbel\AppData\Roaming\Mozilla\Firefox\Profiles\u351rgib.default-1402942012330\Extensions\RYb@O.net [2014-11-19]
FF Extension: TidyNetwork - C:\Users\Barbel\AppData\Roaming\Mozilla\Firefox\Profiles\u351rgib.default-1402942012330\Extensions\TidyNetwork@TidyNetwork [2014-11-06]
FF Extension: FineDealSoft - C:\Users\Barbel\AppData\Roaming\Mozilla\Firefox\Profiles\u351rgib.default-1402942012330\Extensions\X@BS.com [2014-11-19]
FF Extension: Groovorio - C:\Users\Barbel\AppData\Roaming\Mozilla\Firefox\Profiles\u351rgib.default-1402942012330\Extensions\{73843edf-1075-4a55-947c-e13e0dc9349e} [2014-11-12]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2014-08-15]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2014-08-15]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2014-08-15]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2014-08-15]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSearchKeyword: Profile 1 -> 1E72D05F66BB104EFF1DE9B80821851DDE00E13B4528490B03D0785990389487
CHR DefaultSearchURL: Profile 1 -> 8B25187D736DA966C24942597A4BA290B04E01BC0BE977156EE3BF4884C96183
CHR Profile: C:\Users\Barbel\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Barbel\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\Barbel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Barbel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Barbel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-04]
CHR Extension: (Adblock Plus) - C:\Users\Barbel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-07-04]
CHR Extension: (Coupon Alert) - C:\Users\Barbel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cihkncgahkfiennnplhakaimjbhoefec [2014-08-20]
CHR Extension: (Google Search) - C:\Users\Barbel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-04]
CHR Extension: (deal4real) - C:\Users\Barbel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dbildkbmimhfkgdicnkmkkbbioojggni [2014-11-18]
CHR Extension: (FromDocToPDF) - C:\Users\Barbel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp [2014-06-21]
CHR Extension: (MapsGalaxy) - C:\Users\Barbel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dionlkleedadoocjgnjaijelhnmbbkep [2013-09-17]
CHR Extension: (InboxAce) - C:\Users\Barbel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jhgdphfpmicmcjljihifcbkejmgbnmoc [2014-05-31]
CHR Extension: (Google Wallet) - C:\Users\Barbel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (MapsGalaxy) - C:\Users\Barbel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pcpehlgijbdajfafffojllcaecaecngb [2013-09-14]
CHR Extension: (Gmail) - C:\Users\Barbel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-04]
CHR Extension: (Domain Availability Checker and Whois Lookup) - C:\Users\Barbel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pokekecininnhejfkgcbnekjddnepope [2014-11-18]
CHR HKLM-x32\...\Chrome\Extension: [cfffenfdjeibfomfbppoljahojkbbobb] - C:\Users\Barbel\AppData\Local\CRE\cfffenfdjeibfomfbppoljahojkbbobb.crx [2012-11-13]
CHR HKLM-x32\...\Chrome\Extension: [dionlkleedadoocjgnjaijelhnmbbkep] - C:\Program Files (x86)\MapsGalaxy_39 Chrome Extension\bar\MapsGalaxy@mindspark.com [2013-09-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 0c632643; c:\ProgramData\Interenet Optimizer\InterenetOptimizerSvc.dll [186192 2014-11-17] () [File not signed]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2009-06-02] ()
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-12-28] (Advanced Micro Devices, Inc.) [File not signed]
S4 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [32240 2010-07-14] ()
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 CouponArificService64; C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\arrmeapsie64.exe [172544 2014-09-29] () [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-04-01] (Hewlett-Packard Company)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-08-12] (iolo technologies, LLC)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1099248 2010-07-16] (Sonic Solutions)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2012-08-03] (EldoS Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-09-29] (NetFilterSDK.com)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-07-16] (EldoS Corporation)
R1 {587cb346-a3d8-4884-b39b-f0ed918b6f96}Gw64; C:\Windows\System32\drivers\{587cb346-a3d8-4884-b39b-f0ed918b6f96}Gw64.sys [61120 2014-05-30] (StdLib)
S3 cpuz134; \??\C:\Users\Barbel\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 netr28x; system32\DRIVERS\netr28x.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-19 15:20 - 2014-11-19 15:20 - 00024624 _____ () C:\Users\Barbel\Desktop\FRST.txt
2014-11-19 15:20 - 2014-11-19 15:20 - 00000000 ____D () C:\FRST
2014-11-19 15:19 - 2014-11-19 15:16 - 02117120 _____ (Farbar) C:\Users\Barbel\Desktop\FRST64.exe
2014-11-18 15:25 - 2014-11-19 12:55 - 00000000 ____D () C:\ProgramData\surfkeepit
2014-11-18 09:37 - 2014-11-18 09:37 - 00000000 ____D () C:\Program Files (x86)\saveitkeep
2014-11-18 09:09 - 2014-11-18 09:09 - 00000000 ____D () C:\ProgramData\SaleItCoupon
2014-11-17 20:31 - 2014-11-18 15:25 - 00000000 ____D () C:\ProgramData\ddb1eed151ee3a76
2014-11-17 20:31 - 2014-11-18 10:00 - 00000000 ____D () C:\ProgramData\saveitkeep
2014-11-17 20:02 - 2014-11-17 20:02 - 00000000 ____D () C:\ProgramData\Interenet Optimizer
2014-11-13 11:53 - 2014-11-13 11:53 - 00032742 _____ () C:\Users\Barbel\Downloads\xvideos.com_11baf909d72de82da3261f870b4be128
2014-11-12 15:18 - 2014-11-12 15:18 - 00000000 ____D () C:\Users\Barbel\Downloads\martys chip patterns
2014-11-12 10:51 - 2014-11-12 10:51 - 17926832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-11-08 10:00 - 2014-11-08 10:00 - 00898600 _____ ( ) C:\Users\Barbel\Downloads\adobe_flash_setup.exe
2014-11-06 20:39 - 2014-11-06 20:39 - 00001084 _____ () C:\Users\Barbel\Desktop\Continue WinZip Installation.lnk
2014-11-06 20:37 - 2014-11-06 20:37 - 00000000 ____D () C:\Users\Barbel\Documents\celtic_knot_2d_design
2014-11-06 18:44 - 2014-11-06 18:44 - 01943208 _____ () C:\Users\Barbel\Downloads\winrar-x64-52b3.exe
2014-11-06 18:44 - 2014-11-06 18:44 - 00000000 ____D () C:\Users\Barbel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-06 18:44 - 2014-11-06 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-06 18:44 - 2014-11-06 18:44 - 00000000 ____D () C:\Program Files\WinRAR
2014-11-06 18:37 - 2014-11-06 18:43 - 00000000 ____D () C:\ProgramData\WinZip
2014-11-06 18:36 - 2014-11-06 18:36 - 00880584 _____ ( ) C:\Users\Barbel\Downloads\winzip19-home.exe
2014-11-06 18:21 - 2014-11-06 18:21 - 00000310 _____ () C:\Windows\SysWOW64\ff.bin
2014-11-06 18:17 - 2014-11-06 18:17 - 00000552 _____ () C:\Windows\SysWOW64\schtasks.bin
2014-11-06 15:10 - 2014-11-06 15:10 - 00000000 ____D () C:\Users\Barbel\Downloads\celtic_designs_1
2014-11-06 15:06 - 2014-11-06 15:06 - 00000064 _____ () C:\Users\Barbel\AppData\Local\2c1ee3d1877d1b2fed0e1f95f82b36be
2014-11-06 14:53 - 2014-11-19 14:53 - 00000296 _____ () C:\Windows\Tasks\Groovorio.job
2014-11-06 14:53 - 2014-11-06 14:53 - 00003986 _____ () C:\Windows\System32\Tasks\TidyNetwork Update
2014-11-06 14:53 - 2014-11-06 14:53 - 00003240 _____ () C:\Windows\System32\Tasks\Groovorio
2014-11-06 14:05 - 2014-11-06 14:05 - 00002075 _____ () C:\Users\Barbel\Desktop\celtic_knot_2d_design.zip - Shortcut.lnk
2014-11-06 14:03 - 2013-06-06 14:01 - 00325860 _____ () C:\Users\Barbel\Documents\celtic_knot_2d_design.zip
2014-10-28 15:39 - 2014-10-28 15:39 - 00000000 ____D () C:\Users\Barbel\AppData\Roaming\QuickScan
2014-10-28 15:34 - 2014-10-28 15:34 - 00000000 ____D () C:\Program Files (x86)\predm
2014-10-28 15:32 - 2014-10-28 15:32 - 00000000 ____D () C:\Users\Barbel\AppData\Local\OneSoftperDay
2014-10-28 13:40 - 2014-11-17 20:02 - 00000000 ____D () C:\ProgramData\374311380
2014-10-28 13:03 - 2014-10-28 13:03 - 00783288 _____ ( ) C:\Users\Barbel\Downloads\WindowsCodec.exe
2014-10-28 10:26 - 2014-10-28 10:27 - 00000000 ____D () C:\Users\Barbel\AppData\Roaming\Media Player Classic
2014-10-28 10:09 - 2014-10-28 10:22 - 00000000 ____D () C:\Users\Barbel\AppData\Roaming\Systweak
2014-10-28 10:09 - 2014-10-28 10:09 - 00001905 _____ () C:\Windows\patsearch.bin
2014-10-28 10:09 - 2014-10-28 10:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-10-28 10:09 - 2014-10-06 15:36 - 00020296 _____ () C:\Windows\system32\roboot64.exe
2014-10-28 10:08 - 2014-10-28 10:10 - 00000000 ____D () C:\ProgramData\Unchecky
2014-10-28 10:02 - 2014-10-28 10:02 - 00000000 __SHD () C:\Users\Barbel\AppData\Roaming\AnyProtectEx
2014-10-28 10:02 - 2014-10-28 10:02 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2014-10-28 10:00 - 2014-10-29 19:46 - 00000000 ____D () C:\http_filter
2014-10-28 09:59 - 2014-09-30 17:17 - 00049880 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\netmon_wfp.sys
2014-10-28 09:58 - 2014-11-19 15:15 - 00000000 ____D () C:\Program Files\CouponArific
2014-10-28 09:58 - 2014-10-28 13:07 - 00000005 _____ () C:\end
2014-10-28 09:58 - 2014-10-28 13:07 - 00000000 ____D () C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C
2014-10-28 09:56 - 2014-10-28 09:56 - 00072048 _____ (Premium Installer ) C:\Users\Barbel\Downloads\mpcsetup.exe
2014-10-23 09:50 - 2014-10-23 09:50 - 00033245 _____ () C:\Users\Barbel\Downloads\dirty_laundry_1.htm

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-19 15:00 - 2014-02-04 18:54 - 01580829 _____ () C:\Windows\WindowsUpdate.log
2014-11-19 14:51 - 2012-10-12 18:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-19 14:36 - 2012-09-19 14:01 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-19 14:35 - 2012-09-19 14:24 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-913172041-2461324656-1359686728-1000UA.job
2014-11-19 13:07 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-19 13:07 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-19 13:04 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-19 12:59 - 2014-10-07 11:39 - 00005186 _____ () C:\Windows\setupact.log
2014-11-19 12:59 - 2012-09-19 14:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-19 12:59 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-19 12:37 - 2014-04-05 19:03 - 00000151 _____ () C:\Users\Barbel\AppData\Roaming\WB.CFG
2014-11-18 15:25 - 2012-09-19 14:24 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-913172041-2461324656-1359686728-1000Core.job
2014-11-18 08:55 - 2014-08-13 08:50 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForBarbel.job
2014-11-17 15:11 - 2014-08-13 08:50 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBarbel
2014-11-17 09:33 - 2012-09-12 11:28 - 00000000 ___RD () C:\Users\Barbel\Downloads\misc
2014-11-16 13:17 - 2011-06-28 19:41 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-11-15 19:38 - 2014-07-28 18:29 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-15 19:38 - 2014-07-28 18:27 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-15 19:38 - 2014-07-28 18:27 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-14 13:33 - 2011-12-17 14:40 - 00000000 ____D () C:\Users\Barbel\Documents\lora irish
2014-11-14 11:31 - 2012-09-19 14:01 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 11:31 - 2012-09-19 14:01 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 20:26 - 2012-11-17 12:40 - 00000000 ____D () C:\Users\Barbel\Downloads\celtic
2014-11-12 15:20 - 2012-09-19 14:24 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-913172041-2461324656-1359686728-1000UA
2014-11-12 15:20 - 2012-09-19 14:24 - 00003492 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-913172041-2461324656-1359686728-1000Core
2014-11-12 15:17 - 2013-10-03 11:56 - 00000000 ____D () C:\Users\Barbel\Downloads\martys chip patterns - Copy
2014-11-12 10:52 - 2012-10-12 18:36 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 10:51 - 2012-10-12 18:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 10:51 - 2011-06-29 20:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-10 14:06 - 2011-11-07 21:37 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-10 14:06 - 2011-06-27 10:27 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-09 16:17 - 2012-11-16 14:42 - 00000000 ____D () C:\Users\Barbel\Downloads\Google_files
2014-11-07 10:39 - 2014-10-06 10:34 - 02257703 _____ () C:\Users\Barbel\Downloads\Knots_Outline.zip
2014-11-07 08:31 - 2011-06-26 12:51 - 00117880 _____ () C:\Users\Barbel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-07 08:31 - 2009-07-13 23:45 - 00436840 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-07 08:30 - 2014-10-10 08:10 - 02200224 _____ () C:\Windows\PFRO.log
2014-11-06 18:45 - 2012-11-15 14:47 - 00000000 ____D () C:\Users\Barbel\AppData\Roaming\WinRAR
2014-11-06 18:35 - 2012-08-25 15:08 - 00000000 ____D () C:\Users\Barbel\AppData\Roaming\vlc
2014-11-06 18:32 - 2012-12-06 10:29 - 00000000 ____D () C:\Users\Barbel\Downloads\martys vidios
2014-11-06 16:22 - 2014-04-20 16:27 - 00000000 ____D () C:\Users\Barbel\AppData\Roaming\iolo
2014-11-06 15:31 - 2013-05-19 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-06 13:21 - 2011-06-30 16:31 - 00000000 ____D () C:\Users\Barbel\Documents\Barbel's Studio
2014-11-06 10:00 - 2012-12-20 10:12 - 00000000 ____D () C:\Users\Barbel\Downloads\funney farm
2014-11-04 10:47 - 2014-09-30 15:37 - 00000000 ____D () C:\Users\Barbel\AppData\Roaming\dvdcss
2014-10-30 14:15 - 2013-05-09 17:41 - 00001136 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
2014-10-30 14:15 - 2013-05-09 17:41 - 00001124 _____ () C:\Users\Public\Desktop\TeamViewer 8.lnk
2014-10-30 14:02 - 2011-06-26 22:11 - 00000000 ____D () C:\Users\Barbel\Documents\Chip Carving
2014-10-30 08:19 - 2011-06-26 11:36 - 00000000 ____D () C:\Users\Barbel
2014-10-30 06:25 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 19:46 - 2011-08-09 15:57 - 00000000 ____D () C:\Users\Barbel\AppData\Local\CrashDumps

Files to move or delete:
====================
C:\Users\Barbel\jagex_cl_oldschool_LIVE.dat
C:\Users\Barbel\random.dat
C:\Users\Barbel\xobglu16.dll
C:\Users\Barbel\xobglu32.dll


Some content of TEMP:
====================
C:\Users\Barbel\AppData\Local\Temp\ICReinstall_winzip19-home.exe
C:\Users\Barbel\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 16:23

==================== End Of Log ============================





and then the ADDITION.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-11-2014
Ran by Barbel at 2014-11-19 15:21:12
Running from C:\Users\Barbel\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.600 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)
ATI Catalyst Install Manager (HKLM\...\{3A477F94-D551-17B2-26A5-7AD895F6C8BA}) (Version: 3.0.804.0 - ATI Technologies, Inc.)
ATI Problem Report Wizard (Version: 3.0.804.0 - ATI Technologies) Hidden
ATI Stream SDK v2 Developer (HKLM\...\{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}) (Version: 2.2.0.0 - ATI Technologies Inc.)
Brother MFL-Pro Suite MFC-J6510DW (HKLM-x32\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 0.0.78.0 - Brother Industries, Ltd.)
Canon PowerShot SX160 IS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSSX160IS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.9.0.4 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
ccc-core-static (x32 Version: 2010.1228.2239.40637 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DesignPro 5.0 Limited Edition (HKLM-x32\...\InstallShield_{97AE00A8-1336-410F-B467-1C6623127BD6}) (Version: 5.2.1201 - Avery Dennison)
DesignPro 5.0 Limited Edition (x32 Version: 5.2.1201 - Avery Dennison) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Google Chrome (HKU\S-1-5-21-913172041-2461324656-1359686728-1000\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP LinkUp (HKLM-x32\...\{C1AD9241-3ADD-483F-914D-071F3E50855A}) (Version: 2.01.026 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BB760C1D-98F4-4E38-8CC4-3B67329AA981}) (Version: 1.0.6.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{69FD2930-C361-47F6-822E-71B021526778}) (Version: 11.50.0015 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.184.0 - ATI Technologies Inc.) Hidden
Interenet Optimizer (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{c632643}) (Version: - BullPoint) <==== ATTENTION
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 14.0.1 - iolo technologies, LLC)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3609 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3609 - CyberLink Corp.) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
MapsGalaxy Toolbar Chrome Extension (HKLM-x32\...\MapsGalaxy_39 Chrome Extension Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTION
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.5 - Notepad++ Team)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Pattern Wizard (HKLM-x32\...\Pattern Wizard_is1) (Version: - Patrick Roberts Software)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4817 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4817 - CyberLink Corp.) Hidden
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Roxio Creator 2011 (HKLM-x32\...\{4433FF9E-AF21-4E41-B296-4E13BF4D52F5}) (Version: 13.0 - Roxio)
Roxio PhotoShow (HKLM-x32\...\Roxio PhotoShow) (Version: 6.0 - Sonic Solutions)
Scansoft PDF Professional (x32 Version: - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.7 - SmartSound Software Inc.) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
Update for Zip Opener (HKU\S-1-5-21-913172041-2461324656-1359686728-1000\...\Digital Sites) (Version: - Update for Zip Opener) <==== ATTENTION
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.20 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.3 - win.rar GmbH)
Wise Program Uninstaller 1.62 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 1.62 - WiseCleaner.com, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-913172041-2461324656-1359686728-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Barbel\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-913172041-2461324656-1359686728-1000_Classes\CLSID\{4D766FD3-B880-49D3-B7BD-6CF925221E04}\InprocServer32 -> C:\Program Files\Roxio 2011\Virtual Drive 10\DC_ShellExt64.dll (Sonic Solutions)
CustomCLSID: HKU\S-1-5-21-913172041-2461324656-1359686728-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Barbel\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-913172041-2461324656-1359686728-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Barbel\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

27-10-2014 12:42:21 Windows Update
28-10-2014 16:10:40 Removed Media Player Z
28-10-2014 16:11:37 Removed Media Player Z
30-10-2014 14:41:54 Windows Update
02-11-2014 21:24:30 Windows Update
06-11-2014 15:07:22 Windows Update
06-11-2014 23:24:38 Removed Mediatek Wireless LAN
06-11-2014 23:42:28 Removed WinZip 19.0
09-11-2014 18:50:54 Windows Update
13-11-2014 15:03:21 Windows Update
16-11-2014 19:12:16 Windows Update
19-11-2014 17:56:22 Removed File Association Helper

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-10-28 10:19 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E7B8CD5-72D5-4714-AB56-6C7BAFD7DAF8} - System32\Tasks\{2EF09311-664C-4DE5-9DD0-70782A32C808} => C:\Program Files (x86)\AOL Desktop 9.7b\aol.exe [2013-09-07] (AOL Inc.)
Task: {236F11E8-0B0B-4340-897A-EA61FDD09379} - \PC Optimizer Pro64 startups No Task File <==== ATTENTION
Task: {2B54430C-B29B-40C0-963C-2A64C6559B97} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {31A2D8B6-A4C5-45BB-93D7-8E6184EC5CB3} - System32\Tasks\{4E78CA6E-4D53-4DD4-9492-50D0E5E69B98} => C:\Users\Barbel\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_en-US(1).exe
Task: {397A21E1-9E67-4E8F-A259-4A871BF46842} - \Omiga Plus RunAsStdUser No Task File <==== ATTENTION
Task: {3AF99AC4-7A83-415D-B8B4-D2417B0269B8} - \GoforFilesUpdate No Task File <==== ATTENTION
Task: {52689395-4028-46E8-AB6B-1558BF10CCC8} - System32\Tasks\Games\UpdateCheck_S-1-5-21-913172041-2461324656-1359686728-1000
Task: {52E2F688-D113-4C1D-8A3A-8A047694653D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {551672F5-7224-43E0-B8A0-94BC822F083B} - System32\Tasks\TidyNetwork Update => C:\Users\Barbel\AppData\Local\TidyNetwork\petnupdate.exe
Task: {57D1206A-88A9-4FD4-9617-0F654F685178} - System32\Tasks\{4D5DE635-E70F-4E6D-99A0-78C7337C53C4} => C:\Users\Barbel\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_en-US(1).exe
Task: {649C8586-953F-4A8C-8B0A-3E5C9ACF190C} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2011-08-11] (Hewlett-Packard)
Task: {68E4C9A0-0E83-4564-AB1A-BC9F928B30D5} - \YourFile DownloaderUpdate No Task File <==== ATTENTION
Task: {78306CEC-6FA2-4C6D-B36B-37C32E680A33} - System32\Tasks\HPCeeScheduleForBarbel => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {7EE6C43A-1765-43DD-A6FB-647CC843F95F} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2014-08-12] (iolo technologies, LLC)
Task: {83741CB3-83BC-42EF-87E9-728610CD51AB} - System32\Tasks\{DEF440BD-F75C-41B6-BEFD-79CEEBECA815} => C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
Task: {85E8F836-4CFB-48CD-862A-4AE8788F27FC} - \PC Optimizer Pro64 Scan No Task File <==== ATTENTION
Task: {8BD50D04-1802-4D1D-BEBA-14784C37A114} - System32\Tasks\{DF31D076-9560-4ED4-ACAE-2B2B4C82A1E5} => C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
Task: {91640BCA-3D46-4CBD-B767-0121F98D0820} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {A730A9B9-C881-443C-B781-FF49DA05D077} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {A8B98475-6042-44EE-91FB-AE2AD27776AB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {ABAB215F-00B1-4A1C-8B77-A20792BD425C} - \Escolade No Task File <==== ATTENTION
Task: {B863CF91-0462-49CD-8820-3578B9E38283} - System32\Tasks\Groovorio => C:\Users\Barbel\AppData\Roaming\GROOVO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {C0A007F7-44D5-4826-B0CA-5CF4D760206C} - \MySearchDial No Task File <==== ATTENTION
Task: {D11A8C6C-9983-4484-BA66-29CEDD6CB0C9} - System32\Tasks\{364891D6-3355-4F08-A6F6-42BFF701ADE7} => C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
Task: {D53039A2-E344-40D3-9454-CD150ACFA8DA} - \ProtectedSearch\Protected Search No Task File <==== ATTENTION
Task: {D5C11606-2B33-4997-8179-2E0DC3593AB0} - System32\Tasks\{78D947EF-96EA-45ED-B0D3-E70BAD1B68AA} => C:\Program Files (x86)\Adobe\Photoshop 7.0\Photoshop.exe [2013-10-29] (Adobe Systems, Incorporated)
Task: {D814D257-DEAB-4B41-AD19-8E531498EC4D} - System32\Tasks\{95BF54C3-0505-41C4-A917-BAF328727E50} => C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
Task: {DA156BC4-FFDF-4136-9542-CCC9D374F802} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {DF171F8A-9C47-49FE-9B73-A552CA3EB0EE} - \PC Optimizer Pro Updates No Task File <==== ATTENTION
Task: {E2DA7D66-33A5-4FF4-8FC5-FD42CF820268} - System32\Tasks\{81F40CBB-D2E4-46E4-8B9C-88CA0928BF2C} => C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
Task: {F099D441-1A64-4C49-B359-53FAD9575921} - System32\Tasks\{54D08EC2-B925-4160-81B1-FE3D892EB90E} => C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
Task: {F37D4B79-7585-4114-861B-0599233E8991} - System32\Tasks\{E196A4B5-0E97-4C77-9265-BA2A8F75CB51} => C:\ProgramData\AOL Downloads\waol\0.4343.3030.1\waol-0.4343.3030.1.exe [2014-05-20] (AOL Inc.)
Task: {F3B0868C-5B2B-40AD-90D8-39E2D41CD999} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-913172041-2461324656-1359686728-1000UA => C:\Users\Barbel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-19] (Google Inc.)
Task: {F5C28CDF-0B16-4D5C-AB8D-A2EF09A5588E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F64BD1AC-D03B-422D-83E0-58A2DB9EA20A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {F7EA9E45-E198-49F5-ACD0-B9EC79A52783} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {FA5AAECE-1014-48E9-80D3-79E5B03F5EA1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-913172041-2461324656-1359686728-1000Core => C:\Users\Barbel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-19] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-913172041-2461324656-1359686728-1000Core.job => C:\Users\Barbel\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-913172041-2461324656-1359686728-1000UA.job => C:\Users\Barbel\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Groovorio.job => C:\Users\Barbel\AppData\Roaming\GROOVO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\HPCeeScheduleForBarbel.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-11-17 20:02 - 2014-11-17 20:02 - 04302848 _____ () C:\ProgramData\Interenet Optimizer\InterenetOptimizer_x64.dll
2012-06-18 10:24 - 2012-06-18 10:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2009-06-02 18:05 - 2009-06-02 18:05 - 00457200 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
2010-07-14 03:00 - 2010-07-14 03:00 - 00032240 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
2014-09-29 15:13 - 2014-09-29 15:13 - 00172544 _____ () C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\arrmeapsie64.exe
2014-09-29 15:13 - 2014-09-29 15:13 - 00110080 _____ () C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\nfapi.dll
2014-09-29 15:13 - 2014-09-29 15:13 - 00456192 _____ () C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\ProtocolFilters.dll
2010-07-13 20:23 - 2010-07-13 20:23 - 00084464 _____ () C:\Program Files (x86)\Roxio 2011\5.0\CPMonitor.exe
2014-11-17 20:02 - 2014-11-17 20:02 - 04125696 _____ () c:\ProgramData\Interenet Optimizer\InterenetOptimizer.dll
2014-11-17 20:02 - 2014-11-17 20:02 - 00186192 _____ () c:\ProgramData\Interenet Optimizer\InterenetOptimizerSvc.dll
2010-07-14 03:00 - 2010-07-14 03:00 - 01587696 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll
2010-07-14 03:00 - 2010-07-14 03:00 - 00107504 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll
2014-04-08 12:42 - 2014-04-08 12:42 - 00048640 _____ () C:\Program Files (x86)\AOL Desktop 9.7c\zlib.dll
2014-04-08 12:42 - 2014-04-08 12:42 - 21151744 _____ () C:\Program Files (x86)\AOL Desktop 9.7c\libcef.dll
2014-04-08 12:42 - 2014-04-08 12:42 - 00648704 _____ () C:\Program Files (x86)\AOL Desktop 9.7c\libglesv2.dll
2014-04-08 12:42 - 2014-04-08 12:42 - 00122880 _____ () C:\Program Files (x86)\AOL Desktop 9.7c\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: AOL Fast Start => "C:\Program Files (x86)\AOL Desktop 9.7a\AOL.EXE" -b
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
MSCONFIG\startupreg: PDFHook => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

========================= Accounts: ==========================

Administrator (S-1-5-21-913172041-2461324656-1359686728-500 - Administrator - Disabled)
Barbel (S-1-5-21-913172041-2461324656-1359686728-1000 - Administrator - Enabled) => C:\Users\Barbel
Guest (S-1-5-21-913172041-2461324656-1359686728-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: 802.11n Wireless LAN Card
Description: 802.11n Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: WAN Miniport (ATW) #2
Description: WAN Miniport (ATW)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: America Online, Inc.
Service: wanatw
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: WAN Miniport (ATW) #3
Description: WAN Miniport (ATW)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: America Online, Inc.
Service: wanatw
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: WAN Miniport (ATW) #4
Description: WAN Miniport (ATW)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: America Online, Inc.
Service: wanatw
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: WAN Miniport (ATW) #5
Description: WAN Miniport (ATW)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: America Online, Inc.
Service: wanatw
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/19/2014 01:00:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 10:02:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 09:35:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 08:57:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2014 07:16:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 09:13:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2014 03:52:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2014 00:47:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 10:54:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/13/2014 09:16:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/19/2014 01:00:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.

Error: (11/19/2014 00:59:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The AMD FUEL Service service depends on the AMD Reservation Manager service which failed to start because of the following error:
%%1058

Error: (11/18/2014 10:01:58 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.

Error: (11/18/2014 10:01:15 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The AMD FUEL Service service depends on the AMD Reservation Manager service which failed to start because of the following error:
%%1058

Error: (11/18/2014 09:35:06 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.

Error: (11/18/2014 09:34:32 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The AMD FUEL Service service depends on the AMD Reservation Manager service which failed to start because of the following error:
%%1058

Error: (11/18/2014 09:34:16 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:32:24 AM on ‎11/‎18/‎2014 was unexpected.

Error: (11/18/2014 08:56:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.

Error: (11/18/2014 08:55:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The AMD FUEL Service service depends on the AMD Reservation Manager service which failed to start because of the following error:
%%1058

Error: (11/17/2014 07:16:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.


Microsoft Office Sessions:
=========================
Error: (11/19/2014 01:00:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 10:02:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 09:35:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 08:57:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2014 07:16:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 09:13:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2014 03:52:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2014 00:47:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 10:54:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/13/2014 09:16:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 960T Processor
Percentage of memory in use: 17%
Total physical RAM: 7935.29 MB
Available physical RAM: 6527.95 MB
Total Pagefile: 15868.75 MB
Available Pagefile: 13935.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:701.75 GB) (Free:603.52 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.15 GB) (Free:1.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1397.3 GB) (Disk ID: B4D0F735)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=701.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================



that is all, I cannot find the cause of what is going on, and ANY help would be appreciated!

HI,
My problem started back when i tried to install windows 7 on another disk, but it would not. Now i did this while my primary windows 7 hard drive was already istalled. after i gave up on trying to get windows to install onto this secondary hard drive, i rebooted the computer to find that my primary ssd would not load windows, and simple came to a black screen that said:

Remove disks or other media.
Press any key to restart

then i would press a key and it would say:

Reboot and select proper boot device
or insert boot media in selected boot device and press a key.

I have no recovery disk and most definitely do not understand what remove disks or other media means because I removed the windows installer dis and tried again but nothing happened. Please help, i am so confused, thankyou.

I keep getting a pop up message referencing http://b1.yaqcpx.com. Also asking me to load Java? What is that?

Hello Agarus,

Welcome to TSG.

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called (FRST.txt) in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

How do i get rid of Njrat,i am running windows 7 64 bit,need something simple as not very computer savvy

Hi,
I have a Macbook Pro that is partitioned and has Windows 8 on it. Recently every time I go on to Google Chrome or Internet Explorer in Windows I get a load of ads that just wont go away as well as highlighted words with ads in them. First, I went into my control panel but did not see anything out of the ordinary that needed to be deleted. Second, I went into both Internet Explorer and Chrome where the extensions are and saw nothing in them. Lastly, I thought I would boot the computer in Safe Mode and go into the control panel and extensions to find the virus and found nothing. After all of that I downloaded the free version of AVG and did a scan whole computer. It said it found 36 files and deleted them. When I went back into IE and Chrome the Ad's were still there! I have no idea what to do next, any help will be greatly appreciated
Thanks!!!

security certificate error when in internet explorer and use google ? thanks

I'm trying to fix my neighbours laptop because he hasn't the time .We tried to use factory settings to clear a slowing laptop but couldn't get into factory settings at all .Tried restore but this hasn't been that successful. We can get desktop but when i try to get on the internet i get a flash and no connection .Troubleshooter can't solve it .I'm a silver surfer and not too clever so please be patient.Any help would be appreciated . chalpet

If the system REQUIRES Java, you can install the latest of version 7 here.
http://forums.techguy.org/virus-othe...onfirming.html
Version 8 will not work on Windows XP.

OTL Extras logfile created on: 11/20/2014 7:16:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\marty7474\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

762.90 Mb Total Physical Memory | 195.16 Mb Available Physical Memory | 25.58% Memory free
3.15 Gb Paging File | 1.56 Gb Available in Paging File | 49.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.25 Gb Total Space | 193.35 Gb Free Space | 68.02% Space Free | Partition Type: NTFS
Drive D: | 13.54 Gb Total Space | 1.92 Gb Free Space | 14.21% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 92.17 Mb Free Space | 92.78% Space Free | Partition Type: FAT32

Computer Name: MARTY7474-PC | User Name: marty7474 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3755125194-1514666891-2774385320-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\marty7474\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\marty7474\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{05E30688-25CA-4146-81E5-D189EAF2BD83}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0D93E80B-181D-479F-A485-DF6BA59D8412}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1AC73F7E-9820-48F5-8984-2F2BB8CE4E70}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{282E04B1-ED69-46EB-ABDB-9CA2AF2C148D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2F6D14E4-9D02-47C8-A7A6-D92C548CE0C2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3560A253-B622-4FD6-A463-F063C637098B}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{3BB76EAD-208C-4F1E-8CDD-BC70414C8DFB}" = lport=139 | protocol=6 | dir=in | app=system |
"{3FC6B195-1474-48D4-8286-ADFE5AB66A2C}" = rport=445 | protocol=6 | dir=out | app=system |
"{40C627CD-0022-4E23-B430-BE8B1564D954}" = rport=137 | protocol=17 | dir=out | app=system |
"{40EF9E08-4139-4B29-843B-A5D390BE1AFA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{41FCE954-CCC8-4CBA-BAD6-71399C4C582B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{45491375-4403-4F6D-A1AE-35B62180827C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4B9BBB63-AE9A-44CF-BF52-939C44FF5C0D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4F299A1B-91E0-41E2-BF59-517CE2462D50}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{544B08BA-E7B3-4122-B90A-BDEA19F5F12A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5D99D670-66D8-4582-8B6A-832FB4D02968}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5DFD1BCA-DC90-48C4-9298-97891CBF3F2C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{78C5BE27-B5BA-4E79-B064-A93300E6A26F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7C6E38F9-27FA-47BD-A5C9-A74A624A40C5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{866D1DE4-8B2B-4794-A3EA-A44CD05ABF04}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B3996E1-765A-44D3-8C83-1808FA13256C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8C102395-F66D-4D63-B957-8F8B74DA1576}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{8EA4C8A3-6F32-477C-B22C-6D0E4DB909C0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8FC8857C-7BBD-4563-9703-0CB33E0652DE}" = lport=137 | protocol=17 | dir=in | app=system |
"{9E1CF501-6CFD-4349-B72C-57B885C64BAD}" = lport=138 | protocol=17 | dir=in | app=system |
"{A31E1C43-3D5C-424B-82BB-A30477B29D4D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A7902F4C-69EF-4D30-B585-AA8F92B93F0F}" = lport=445 | protocol=6 | dir=in | app=system |
"{B286BF54-171A-48F1-A8BB-3077DEE23CEE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B43829B0-DC94-47D8-B69C-292B9697B49C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CD08C9D1-6101-4693-B8C9-B56305B8FCEC}" = rport=139 | protocol=6 | dir=out | app=system |
"{D6BC505F-8EB1-478D-AAAC-F9D25E5B84BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E30369F9-31B9-4ADE-B868-66B405E1DF32}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E99CFF66-9D09-494C-8274-59FDF6B700D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{ED9E685A-6BBA-4FFB-8541-6A7147C0E577}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FD2F5FBA-E45D-4436-8307-95178684F452}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{0FD2C924-C914-4A8E-AB63-AF7097EBFBFF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{15402B24-E317-4649-B443-B3846958F9D5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1ACBEB5A-B57E-48DE-9274-BECF139B4E3C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{209ACAA3-678D-4641-9B6D-C5F07C49F21A}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{213D5272-70A4-48C2-83F3-69DF3BBB93E1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{2602573B-17D9-43FE-83DC-ADC0B5CE4242}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{28FB879D-2029-4705-ADE9-1D920F64A73D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2A0A76C7-E7B6-4962-8CAF-E103D858E410}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2C5F6D34-4599-48C1-9D74-BE756A2E071B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2DD7FCB6-434D-4633-B93A-116C3AAE19DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{32AC58FE-1003-4476-BB85-F5F323AAB0B5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3932DA78-B557-4BA4-B11E-24CA2AA3BF82}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{42FFFFB2-900A-42F4-BF66-673C055D6412}" = dir=in | app=c:\users\dylan ipod\appdata\local\microsoft\windows\temporary internet files\content.ie5\vgfq6bpj\$mpyirzlszac1kqsw[1].exe |
"{46B96BC2-653A-4F69-A6CB-E4B31FD7203A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{491D22C4-DCA1-492E-AEFF-0B164DAA4C5F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4ED32E31-6030-43C1-BC49-187E70331C4B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{51A80C23-9D1B-4B2C-B639-32D944D6A650}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{621276F5-6FA9-4453-8A2F-A79D4EE04602}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{68460E03-6539-4CF4-B30E-1A919F5C5756}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6B81E1A7-51BE-4FCF-A5BE-22690B78D3A3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{708311BE-9555-4D84-88A2-634ADBA58171}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{73452F5A-435A-4EC4-8C02-0A79D83951C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{765751F6-A514-4A84-9F3C-0CCA7DE97E5E}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{7798A59A-2B6A-4554-A94A-00584935F2D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{78A5D77A-482F-4883-B034-C918D9C137CD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7A06ED14-CB28-4214-8407-E59E1F48F4A0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8915D659-384A-4975-A4BE-5EE3D71C84AB}" = protocol=17 | dir=in | app=c:\users\marty7474\appdata\local\temp\7zs6a70\hpdiagnosticcoreui.exe |
"{8F7738CE-49BA-455C-9837-D99A727DB2FC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9648B95A-2CE3-4C1C-A05C-774B3FCDB9FA}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{9839D17F-12D3-444C-BF8A-A3A794B0F672}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{A2ED31A2-5F70-4C48-9BF5-80F361A637AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A668AF39-5096-4C7D-AC12-2BA895169EBC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{A892D925-C6D8-449A-80A6-F7934E88818A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{B0EB6388-C73E-484D-8B15-FBBFB864C9BD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B1430A59-60AD-41F7-8983-ABEC0AF6BE03}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{B8C7B744-32F4-4A9F-82FE-A792D08282D9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BAF5D89F-BA97-46EE-94D9-B701EEE0990E}" = protocol=6 | dir=in | app=c:\users\marty7474\appdata\local\temp\7zs6a70\hpdiagnosticcoreui.exe |
"{C956E5A9-49C9-43CA-A2FE-9FECC3106512}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{CE901936-B17D-4970-B0D6-274B97AE064F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{D28BE388-4C03-43AC-968E-35384BE47E88}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{DAA2CA26-95D5-4D75-BC3C-D754026EEC13}" = dir=out | app=c:\users\dylan ipod\appdata\local\microsoft\windows\temporary internet files\content.ie5\vgfq6bpj\$mpyirzlszac1kqsw[1].exe |
"{E2D71BA6-B2D2-44EF-A97A-83FAC7822E9A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E6B3BD47-2755-4224-9BDF-A8D0FB9AEC3C}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{ED1FF900-8B04-4858-AB1C-B6198B7236B5}" = protocol=58 | dir=in | app=system |
"{ED89228E-3081-4C2A-AA1C-DC4626FC8F5C}" = protocol=6 | dir=out | app=system |
"{FD311445-C557-489D-AB32-02C18C6392A4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{35CD2D9A-C06E-4526-921B-E482F787270D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{4D2EDF12-271D-409C-B8EF-6907B8D1A5C3}C:\users\marty7474\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\marty7474\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{CB852719-7962-423A-84E7-4B4D9DCA4FA0}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{3E825C3E-C2CB-406F-ABC0-2D1C681C975D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{A2B71E9C-3A37-4332-8BE5-7FE072748D10}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{EFA00E9C-727B-44F4-BFF8-640198D94FA4}C:\users\marty7474\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\marty7474\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{477EE3A9-4B53-0F22-DB40-277ED46E9E72}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A66C1E5-4146-4CA6-A551-627CFCEACC83}" = HP Quick Launch
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{C3F0426C-175D-39B7-7A14-D6B21952DE5E}" = ATI Catalyst Install Manager
"{E6BC696E-5E96-4C1B-9371-379AF3A46B6B}" = HP Wireless Assistant
"{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}" = RtVOsd
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0AD3D4FC-0B19-B2F2-376A-E6BF36BA342B}" = ccc-core-static
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1E27900B-E594-DCA9-10DB-C87A8318991C}" = CCC Help French
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{31F4E558-F8A8-170E-BD85-BAD4EE739991}" = CCC Help Hungarian
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4123BE4D-C65C-467E-8071-232FB1FBF3B8}" = MSN Toolbar Platform
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5124C3E2-5BE8-3FFA-F958-CF0C99961566}" = CCC Help Swedish
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53839C74-42E0-72E8-0369-C9713A319A26}" = Catalyst Control Center InstallProxy
"{54F17069-7E87-A85A-9078-6F5B06AF21A3}" = CCC Help German
"{6048D442-6C92-D73C-D248-02C1D4038C3E}" = CCC Help Finnish
"{608A6E25-720C-8171-F887-F7664A23CA0C}" = CCC Help Norwegian
"{60FA1132-0486-41F9-B747-6D308C284D1C}" = Catalyst Control Center - Branding
"{60FAD0EE-2F87-FAEB-FE05-0CDCF8179884}" = CCC Help Thai
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6CAABDBA-F58D-565C-D36E-6D573B1B8E44}" = Catalyst Control Center Graphics Light
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{7908E6E5-4BBC-756D-A235-2CFCC142685D}" = CCC Help English
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{854DDB9E-D488-065B-9FEF-18C159E451AF}" = Catalyst Control Center Graphics Previews Vista
"{85BCA864-BDC8-9299-C6AC-C032301D018C}" = Catalyst Control Center Graphics Full New
"{87553C1A-35F4-142A-AC88-86B663F7F136}" = CCC Help Czech
"{88146D95-5AEC-96BD-3107-A59328CE35BF}" = CCC Help Chinese Traditional
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8B8797ED-6E75-FEBA-7210-90A2462B5DA7}" = CCC Help Japanese
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90C2329F-2EE2-5035-21B8-14F2F240D976}" = CCC Help Turkish
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4317FB-5775-4FB3-BDC9-995595106F1F}" = HP User Guides 0178
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A807CEB4-96A8-46A8-A298-C3AA87B47B00}" = HP Software Framework
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.4 MUI
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B75E2857-9A0D-EE0D-B332-A05FBECDDB83}" = Catalyst Control Center Graphics Previews Common
"{BA8D33B9-40B5-BC33-1F48-C2ADC90ABA95}" = CCC Help Italian
"{BD50BAF8-8DBD-C054-ACAA-EB7300A09B5F}" = CCC Help Korean
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C3CBA627-2962-C9B2-6698-C89658757EB9}" = Catalyst Control Center Localization All
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE8F47D8-1C4D-48F3-F9F3-3D5DFCC75C24}" = Catalyst Control Center Core Implementation
"{CF4EFF53-CA7D-9479-3E18-AB6253497A95}" = CCC Help Russian
"{D19E881A-4A1E-A947-717F-B8DA93AE2EDA}" = CCC Help Chinese Standard
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D89D0D05-670D-D6C5-71DA-7C52F754F75F}" = CCC Help Dutch
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{E15BC10F-04AA-0AFD-A6C9-476730195F8B}" = Adobe Download Assistant
"{E2831862-F131-4327-B9CC-FA30F587EB6C}" = HP Setup
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3148F44-518B-3232-58CA-77DB808E255F}" = Catalyst Control Center Graphics Full Existing
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EC67E77D-7873-A1B1-17E1-263E10748EEF}" = CCC Help Danish
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F220D637-1086-83C2-EA21-25AF1FE47BEC}" = CCC Help Polish
"{F4693A78-2E6C-2A26-B833-E13A4A5DACB4}" = CCC Help Greek
"{F6B6A150-08FA-46D5-808A-EB638269551D}" = HP Power Plan Utility
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FD122F1F-A640-082D-F4CB-F01259A956B6}" = CCC Help Portuguese
"{FDE722A1-1AEF-0641-D5D1-BA4C464BAB4C}" = CCC Help Spanish
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"MapsGalaxy_39bar Uninstall" = MapsGalaxy Toolbar
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PhotoMail" = PhotoMail Maker
"StartNow Toolbar" = StartNow Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3755125194-1514666891-2774385320-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/30/2013 6:56:25 PM | Computer Name = marty7474-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2402

Error - 12/30/2013 6:56:25 PM | Computer Name = marty7474-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2402

Error - 12/30/2013 11:38:21 PM | Computer Name = marty7474-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/30/2013 11:38:21 PM | Computer Name = marty7474-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1092

Error - 12/30/2013 11:38:21 PM | Computer Name = marty7474-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1092

Error - 1/9/2014 5:13:02 PM | Computer Name = marty7474-PC | Source = System Restore | ID = 8193
Description =

Error - 1/9/2014 11:26:01 PM | Computer Name = marty7474-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/9/2014 11:26:01 PM | Computer Name = marty7474-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15693

Error - 1/9/2014 11:26:01 PM | Computer Name = marty7474-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15693

Error - 1/13/2014 6:17:36 PM | Computer Name = marty7474-PC | Source = Application Error | ID = 1000
Description = Faulting application name: POWERPNT.EXE, version: 14.0.6009.1000,
time stamp: 0x4cc1a4ed Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x1c83e8e4 Faulting process id:
0x1aa0 Faulting application start time: 0x01cf10a9aa9d4def Faulting application path:
C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE Faulting module path:
unknown Report Id: 814abad3-7ca0-11e3-8970-7ee40070d5a8

Error - 1/13/2014 6:18:07 PM | Computer Name = marty7474-PC | Source = Application Error | ID = 1000
Description = Faulting application name: POWERPNT.EXE, version: 14.0.6009.1000,
time stamp: 0x4cc1a4ed Faulting module name: ppcore.dll, version: 14.0.7105.5000,
time stamp: 0x51e86edb Exception code: 0xc0000005 Fault offset: 0x00318846 Faulting
process id: 0x1aa0 Faulting application start time: 0x01cf10a9aa9d4def Faulting application
path: C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE Faulting module
path: C:\Program Files (x86)\Microsoft Office\Office14\ppcore.dll Report Id: 93980e6e-7ca0-11e3-8970-7ee40070d5a8

[ Hewlett-Packard Events ]
Error - 9/16/2010 2:54:45 PM | Computer Name = marty7474-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

[ HP Wireless Assistant Events ]
Error - 12/21/2012 2:59:21 PM | Computer Name = marty7474-PC | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 12/21/2012 2:59:21 PM | Computer Name = marty7474-PC | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.

Error - 12/21/2012 9:06:55 PM | Computer Name = marty7474-PC | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 12/21/2012 9:06:55 PM | Computer Name = marty7474-PC | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.

Error - 12/23/2012 9:18:59 PM | Computer Name = marty7474-PC | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 12/23/2012 9:18:59 PM | Computer Name = marty7474-PC | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.

Error - 12/23/2012 9:45:38 PM | Computer Name = marty7474-PC | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 12/23/2012 9:45:38 PM | Computer Name = marty7474-PC | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.

Error - 12/23/2012 10:57:15 PM | Computer Name = marty7474-PC | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 12/23/2012 10:57:15 PM | Computer Name = marty7474-PC | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.

[ System Events ]
Error - 11/20/2014 4:48:26 PM | Computer Name = marty7474-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/20/2014 4:48:26 PM | Computer Name = marty7474-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/20/2014 4:48:26 PM | Computer Name = marty7474-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/20/2014 4:48:26 PM | Computer Name = marty7474-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/20/2014 4:48:26 PM | Computer Name = marty7474-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/20/2014 4:48:26 PM | Computer Name = marty7474-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/20/2014 4:50:18 PM | Computer Name = marty7474-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Group
Policy Client service to connect.

Error - 11/20/2014 4:50:18 PM | Computer Name = marty7474-PC | Source = Service Control Manager | ID = 7000
Description = The Group Policy Client service failed to start due to the following
error: %%1053

Error - 11/20/2014 4:52:13 PM | Computer Name = marty7474-PC | Source = DCOM | ID = 10016
Description =

Error - 11/20/2014 4:53:19 PM | Computer Name = marty7474-PC | Source = Service Control Manager | ID = 7000
Description = The HP Health Check Service service failed to start due to the following
error: %%2


< End of report >


OTL logfile created on: 11/20/2014 7:16:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\marty7474\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

762.90 Mb Total Physical Memory | 195.16 Mb Available Physical Memory | 25.58% Memory free
3.15 Gb Paging File | 1.56 Gb Available in Paging File | 49.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.25 Gb Total Space | 193.35 Gb Free Space | 68.02% Space Free | Partition Type: NTFS
Drive D: | 13.54 Gb Total Space | 1.92 Gb Free Space | 14.21% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 92.17 Mb Free Space | 92.78% Space Free | Partition Type: FAT32

Computer Name: MARTY7474-PC | User Name: marty7474 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/11/20 19:12:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\marty7474\Downloads\OTL.exe
PRC - [2014/04/25 13:14:28 | 004,101,584 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2014/04/25 13:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2014/04/25 13:12:10 | 002,081,752 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2014/04/25 13:12:06 | 001,738,200 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/06/13 12:03:00 | 000,943,016 | ---- | M] (Lavasoft) -- C:\ProgramData\Search Protection\SearchProtection.exe
PRC - [2012/06/25 19:06:35 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe
PRC - [2010/08/04 13:56:58 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/06/29 07:04:18 | 000,020,480 | ---- | M] (AG Interactive) -- C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2014/04/25 13:11:24 | 000,167,768 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2014/04/25 13:11:22 | 000,109,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2014/04/25 13:11:20 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2014/02/12 19:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 19:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/08/22 15:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 15:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/08/18 17:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/20 00:56:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/19 17:55:18 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/02/05 12:50:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2010/01/27 16:01:04 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/01/12 17:44:24 | 000,019,968 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 20:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/06/25 19:06:35 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe -- (MapsGalaxy_39Service)
SRV - [2011/07/27 06:06:44 | 000,267,488 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2010/08/04 13:56:58 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/29 07:04:18 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Running] -- C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe -- (AGCoreService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/07/17 18:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/28 16:11:28 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/09/20 01:14:16 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/20 00:21:04 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/02 15:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/02/22 15:00:12 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/07 22:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 22:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/08/23 21:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2011/08/09 14:55:47 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0BC6E3FA-78EF-4886-842C-5A1258C4455A}
IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag.com/?appid=wsdt&component=&c=GNWDO59900&sbs=2&sc=2&f=web&vernum=3.1.5.7619&uid= 0&did=%7b739b74fa-4580-4268-8b9a-b17d3504715b%7d&q={searchTerms}
IE - HKLM\..\SearchScopes\{65C01AE4-5679-4864-8E19-08FB542221BD}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
IE - HKLM\..\SearchScopes\{8C421D09-0649-456B-8262-405D4AA33ACA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=UXxdm025YYus&ptnrS=UXxdm025YYus&si=21786&ptb=23281C3D-4C6F-48B5-928C-47E64426E52A&ind=2012062820&n=77eda464&psa=&st=sb&searchfor={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found

IE - HKU\S-1-5-20\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found

IE - HKU\S-1-5-21-3755125194-1514666891-2774385320-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKU\S-1-5-21-3755125194-1514666891-2774385320-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-3755125194-1514666891-2774385320-1000\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
IE - HKU\S-1-5-21-3755125194-1514666891-2774385320-1000\..\SearchScopes,DefaultScope = {8513471D-63F1-4BF8-BC1F-33732C67ADEC}
IE - HKU\S-1-5-21-3755125194-1514666891-2774385320-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-3755125194-1514666891-2774385320-1000\..\SearchScopes\{8513471D-63F1-4BF8-BC1F-33732C67ADEC}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer: source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-3755125194-1514666891-2774385320-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=160315&lng=en
IE - HKU\S-1-5-21-3755125194-1514666891-2774385320-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3755125194-1514666891-2774385320-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@MapsGalaxy_39.com/Plugin: C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\NP39Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\marty7474\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowse rplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\Firefox [2010/06/07 03:35:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\39ffxtbr@MapsGalaxy _39.com: C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin [2012/07/03 20:22:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\speedanalysis02@Spe edAnalysis.com: C:\Users\marty7474\AppData\Roaming\Mozilla\Extensions\speedanalysis02@Speed Analysis.com [2013/08/26 19:53:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\7go@7go.com: C:\Users\marty7474\AppData\Roaming\Mozilla\Extensions\7go@7go.com [2013/08/26 19:53:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis02@Spee dAnalysis.com: C:\Users\marty7474\AppData\Roaming\Mozilla\Extensions\speedanalysis02@Speed Analysis.com [2013/08/26 19:53:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\7go@7go.com: C:\Users\marty7474\AppData\Roaming\Mozilla\Extensions\7go@7go.com [2013/08/26 19:53:14 | 000,000,000 | ---D | M]

[2013/08/26 19:53:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marty7474\AppData\Roaming\mozilla\Extensions
[2013/08/26 19:53:14 | 000,000,000 | ---D | M] (7Go Games) -- C:\Users\marty7474\AppData\Roaming\mozilla\Extensions\7go@7go.com
[2013/08/26 19:53:13 | 000,000,000 | ---D | M] (Speed Analysis 2) -- C:\Users\marty7474\AppData\Roaming\mozilla\Extensions\speedanalysis02@Speed Analysis.com

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\marty7474\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\marty7474\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\marty7474\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\marty7474\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\marty7474\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\marty7474\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\marty7474\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.14_0\
CHR - Extension: No name found = C:\Users\marty7474\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-3755125194-1514666891-2774385320-1000\..\Toolbar\WebBrowser: (no name) - {364EA597-E728-4CE4-BB4A-ED846EF47970} - No CLSID value found.
O3 - HKU\S-1-5-21-3755125194-1514666891-2774385320-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-3755125194-1514666891-2774385320-1000\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe (Lavasoft)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3755125194-1514666891-2774385320-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3755125194-1514666891-2774385320-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3755125194-1514666891-2774385320-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3755125194-1514666891-2774385320-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://paychexeservices.webex.com/c...x/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1827E86-547D-42BE-94BA-32245AE3CDC1}: DhcpNameServer = 65.32.5.111 65.32.5.112
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\MARTY7~1\AppData\LocalLow\FUNWEB~1\SCREEN~1\Images\f3wallpp.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/11/20 17:45:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2014/11/20 17:44:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/11/20 17:42:54 | 000,000,000 | ---D | C] -- C:\b27b089dd4cc24a3e80aee
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/11/20 18:40:34 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/20 17:51:06 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/11/20 16:16:38 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/20 16:16:37 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/20 15:57:36 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/20 15:57:36 | 000,662,650 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/20 15:57:36 | 000,122,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/20 15:52:51 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/20 15:50:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/20 15:50:03 | 599,965,696 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/19 18:14:41 | 000,000,203 | ---- | M] () -- C:\Windows\wininit.ini
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/11/20 17:47:20 | 000,002,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/11/20 17:43:07 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/11/19 18:14:39 | 000,000,203 | ---- | C] () -- C:\Windows\wininit.ini
[2014/05/20 17:36:13 | 000,000,000 | ---- | C] () -- C:\Users\marty7474\AppData\Local\{31DD5E56-1F68-4ADC-907E-DB955FCFC2B1}
[2014/04/18 17:42:07 | 000,775,124 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/28 19:52:29 | 000,000,000 | ---- | C] () -- C:\Users\marty7474\AppData\Roaming\wklnhst.dat
[2011/12/25 07:39:47 | 000,000,632 | RHS- | C] () -- C:\Users\marty7474\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/03 18:13:00 | 000,000,000 | ---D | M] -- C:\Users\Dylan Ipod\AppData\Roaming\WildTangent
[2013/08/26 19:53:11 | 000,000,000 | ---D | M] -- C:\Users\marty7474\AppData\Roaming\7go
[2013/07/31 19:34:31 | 000,000,000 | ---D | M] -- C:\Users\marty7474\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloa dAssistant
[2014/05/09 16:47:23 | 000,000,000 | ---D | M] -- C:\Users\marty7474\AppData\Roaming\Dropbox
[2013/08/26 19:53:10 | 000,000,000 | ---D | M] -- C:\Users\marty7474\AppData\Roaming\SpeedAnalysis2
[2013/01/28 19:52:30 | 000,000,000 | ---D | M] -- C:\Users\marty7474\AppData\Roaming\Template
[2013/05/29 14:55:52 | 000,000,000 | ---D | M] -- C:\Users\marty7474\AppData\Roaming\webex
[2010/08/26 15:33:50 | 000,000,000 | ---D | M] -- C:\Users\marty7474\AppData\Roaming\Webshots
[2010/08/26 15:11:30 | 000,000,000 | ---D | M] -- C:\Users\marty7474\AppData\Roaming\WebshotsDailyFeatures.D47BD63EE77CC0AC7A E23BFA386A3F1EDA7C080D.1

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

I have, on my own, tried to rid my laptop of a constant barrage of spyware and after several months, have decided it best to ask for some expert advice. My HP laptop runs on Windows 7/64bit, Processor is AMD E-450 APU w/Radeon HD Graphics 1.65 GHz.

I have virtually every browser installed but use Chrome 90% of the time (mainly because I use Chromecast a lot).

A couple months ago I purchased SuperAntiSpyware and it does a great job of identifying spyware and other gunk and it deletes it as well but the crap just keeps coming back almost immediately. I also have Norton which Comcast supplies for free.

TSG SysInfo:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD E-450 APU with Radeon(tm) HD Graphics, AMD64 Family 20 Model 2 Stepping 0
Processor Count: 2
RAM: 3692 Mb
Graphics Card: AMD Radeon HD 6320 Graphics, 384 Mb
Hard Drives: C: Total - 591485 MB, Free - 307584 MB; D: Total - 14729 MB, Free - 1591 MB; E: Total - 4055 MB, Free - 1125 MB;
Motherboard: Hewlett-Packard, 1699
Antivirus: Norton Security Suite, Updated and Enabled

After reading a post in these forums that sounded similar to my dilemma, I decided it best to try AdwCleaner. The results from that scan are:

# AdwCleaner v4.101 - Report created 20/11/2014 at 19:38:10
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Joe Burr - JOEBURR-HP
# Running from : C:\Users\Joe Burr\Desktop\Prank calls\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files (x86)\comcasttb
Folder Deleted : C:\Program Files (x86)\Funmoods
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Program Files (x86)\Trymedia
Folder Deleted : C:\Program Files (x86)\xfin_portal
Folder Deleted : C:\Users\Joe Burr\AppData\Local\apn
Folder Deleted : C:\Users\Joe Burr\AppData\Local\Zoom_Downloader
Folder Deleted : C:\Users\Joe Burr\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Joe Burr\AppData\LocalLow\comcasttb
Folder Deleted : C:\Users\Joe Burr\AppData\LocalLow\xfin_portal
Folder Deleted : C:\Users\Joe Burr\AppData\Roaming\DSite
Folder Deleted : C:\Users\Joe Burr\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Public\Documents\iWin
Folder Deleted : C:\Users\Joe Burr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
File Deleted : C:\Users\Joe Burr\AppData\Roaming\Mozilla\Firefox\Profiles\yqovw7m1.default\searchplugin s\SweetIm.xml
File Deleted : C:\Users\Joe Burr\AppData\Roaming\Mozilla\Firefox\Profiles\yqovw7m1.default\user.js
File Deleted : C:\Users\Joe Burr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Joe Burr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : Funmoods
Task Deleted : RunAsStdUser Task

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C45EC9F0-8333-465D-9728-074BD41985C9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\performersoft llc
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\ImInstaller
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Updater By Sweetpacks
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xfin_portal
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.2
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CE C23332751B47BA4B95BAA50C9D0

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v13.0 (en-US)

[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=112542&tt=010812_newm_3112_5&babsrc=NT_ss&mntrId=82cdeccd00000000000 09439e56d7b6d");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.id", "82cdeccd0000000000009439e56d7b6d");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15557");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112542&tt=010812_newm_3112_5");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "82cdeccd0000000000009439e56d7b6d");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "82cdeccd0000000000009439e56d7b6d");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15505");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112542&tt=010812_newm_3112_5&babsrc=NT_ss&mntrId=82cdeccd00000000000 09439e56d7b6d");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.621:18:20");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.aflt", "adknlg1y");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.autoRvrt", false);
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.dfltLng", "");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.dfltSrch", true);
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.dnsErr", true);
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.envrmnt", "production");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.excTlbr", false);
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.hmpg", true);
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1QzuzyyEtAzy0EyDyC0DyB0ByC0D0E0C 0C0DtN0D0Tzu0CtAyBzztN1L2XzutBtFtBtFtCtFyEtDyB&cr=1452949[...]
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.id", "9439E56D7B6DECCD");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.instlDay", "15718");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.instlRef", "adknlg1y");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1QzuzyyEtAzy0EyDyC0DyB0ByC0D0E0C 0C0DtN0D0Tzu0CtAyBzztN1L2XzutBtFtBtFtCtFyEtDyB&cr=14529[...]
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.tlbrId", "base");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1QzuzyyEtAzy0EyDyC0DyB0ByC0D0E0C 0C0DtN0D0Tzu0CtAyBzztN1L2XzutBtFtBtFtCtFyEtDyB&cr=145[...]
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.newTab", true);
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2211:5:41");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.AutoSearchEventData", "auto%20search");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.ClearCacheDate", 6);
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.DisplayEULA", false);
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.DnsCatchEventData", "dns%20catch");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.FirstLaunchShown", true);
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.LoadLayoutDate.62781", 5);
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.NewTabSearchEventData" , "tab%20search");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.ShowRecommendedOptions ", true);
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.StateReportDate", "1399342627187");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.TopRightSearchEventDat a", "top%20right%20search");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.beforeInstallSaved", true);
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.beforeinstall.homepage ", "hxxp%3A//www.google.com/ig");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.beforeinstall.search", "Google");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.customNewTab", true);
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.helpUsImprove", true);
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.hideOthers", false);
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.processAddrBar", false);
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.restoreSearch", false);
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.revision", "37");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.searchHistory", true);
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.session", "6AC7A10535EE0A48E1E00535BA1537C6C492007759543A6446760B520C61FF9D6DDA2C4562 9ABF697807A8F6D2A758BC8104320523F9EBC390AAD06D8CE4BBDD");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.showFirstLaunchOptions ", false);
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.tb_lang", "en");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.tool_id", "62781");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_id", "78723029");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_key", "cc2ea2aa3030ea08388be47b2e43d7b762789a5b");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_layouts", "62781");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_lnames", "Gamers%20Unite%21%20Snag%20Bar");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.xml_service_url", "64e3a27980eeceb34248bc3e680b4e63");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.yahooSearch", false);
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://start.sweetpacks.com/?src=2&st=12&crg=3.5000006.10042&barid={D59C4781-E528-11E2-B807-78E3B55E634E}&q=");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Search the web (Babylon)");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Google");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.google.com/");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.babylon.com/?affID=112542&tt=010812_newm_3112_5&babsrc=KW_ss&mntrId=82cdeccd00000000000 09439e56d7b6d&q=");
[yqovw7m1.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={D59C4781-E528-11E2-B807-78E3B55E634E}");

-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [26921 octets] - [20/11/2014 19:24:29]
AdwCleaner[S0].txt - [27027 octets] - [20/11/2014 19:38:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [27088 octets] ##########

My goal is to hopefully rid my laptop of all the gunk that keeps sucking up my resources so I can begin to be more vigilant in keeping my system clean.

Thanks a ton for any help!

Joe

Hi Eddie,

Here it is:
ComboFix 14-11-18.01 - Armando 11/20/2014 19:12:01.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2136 [GMT -5:00]
Running from: c:\users\Armando\Desktop\username123.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\374311380
c:\programdata\374311380\BIT79BE.tmp
c:\users\Armando\AppData\Roaming\systweak\ssd\SSDPTstub.exe
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\Cache
c:\windows\SysWow64\Cache\075884af680ff6dc.fb
c:\windows\SysWow64\Cache\227113dfa1ca894d.fb
c:\windows\SysWow64\Cache\27190ca958d6fff3.fb
c:\windows\SysWow64\Cache\49fbbc5a8678d502.fb
c:\windows\SysWow64\Cache\613e8ce7ab7106af.fb
c:\windows\SysWow64\Cache\633a76311867bd11.fb
c:\windows\SysWow64\Cache\691f14230153a9e1.fb
c:\windows\SysWow64\Cache\6cb409d7ac73d9f1.fb
c:\windows\SysWow64\Cache\7614bd6cfa99e546.fb
c:\windows\SysWow64\Cache\77664b6ccc36be9f.fb
c:\windows\SysWow64\Cache\881b3593316772f0.fb
c:\windows\SysWow64\Cache\98657d0579ae1930.fb
c:\windows\SysWow64\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\SysWow64\Cache\d9ca663388d21ec0.fb
c:\windows\SysWow64\Cache\f2cda51fd108941f.fb
c:\windows\SysWow64\Cache\f34d8db84131d925.fb
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2014-10-21 to 2014-11-21 )))))))))))))))))))))))))))))))
.
.
2014-11-21 00:24 . 2014-11-21 00:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-19 12:20 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-19 12:20 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-19 12:20 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-19 12:20 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-18 22:27 . 2014-11-18 22:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-11-18 22:27 . 2014-11-18 22:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-11-18 22:27 . 2014-11-18 22:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-11-18 22:27 . 2014-11-18 22:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-11-18 22:27 . 2014-11-18 22:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-11-18 22:27 . 2014-11-18 22:27 -------- d-----w- c:\program files (x86)\QuickTime
2014-11-18 13:16 . 2014-11-18 13:16 -------- d-----w- c:\program files (x86)\Java Runtime and Options
2014-11-18 13:16 . 2014-11-18 13:16 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-11-18 13:16 . 2014-11-18 13:16 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-18 13:15 . 2014-11-18 13:24 -------- d-----w- c:\program files (x86)\CompuClever
2014-11-18 13:15 . 2014-11-18 13:15 -------- d-----w- c:\users\Armando\AppData\Roaming\CompuClever
2014-11-13 02:55 . 2014-11-13 02:55 -------- d-sh--w- c:\users\Armando\AppData\Local\EmieBrowserModeList
2014-11-12 05:44 . 2014-08-21 06:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2014-11-12 05:43 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll
2014-11-12 05:43 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-11-12 05:43 . 2014-10-10 00:57 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-11-12 05:43 . 2014-10-14 02:13 3241984 ----a-w- c:\windows\system32\msi.dll
2014-11-12 05:43 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-11-12 05:41 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-12 05:41 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-11-06 02:28 . 2014-11-06 02:28 -------- d-----w- C:\_OTL
2014-11-02 17:39 . 2014-11-02 17:45 -------- d-----w- c:\programdata\Systweak
2014-11-02 17:39 . 2014-11-02 17:45 -------- d-----w- c:\users\Armando\AppData\Roaming\systweak
2014-11-02 17:38 . 2014-11-02 23:43 -------- d-----w- c:\program files (x86)\globalUpdate
2014-11-02 17:38 . 2014-11-02 17:38 -------- d-----w- c:\users\Armando\AppData\Local\globalUpdate
2014-10-27 23:21 . 2014-10-27 23:21 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-10-27 22:15 . 2014-10-27 23:12 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-27 22:15 . 2014-10-27 22:15 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-10-27 22:15 . 2014-10-27 22:15 -------- d-----w- c:\programdata\Malwarebytes
2014-10-27 22:15 . 2014-10-01 15:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-27 22:15 . 2014-10-01 15:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-27 22:15 . 2014-10-01 15:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-27 20:22 . 2014-10-30 12:55 -------- d-----w- C:\FRST
2014-10-26 21:16 . 2014-11-20 21:02 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-26 21:16 . 2014-11-20 21:02 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-26 18:02 . 2014-11-12 08:23 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-10-24 00:42 . 2014-10-24 01:11 -------- d-----w- c:\users\Armando\AppData\Local\TorrenTV
2014-10-23 17:31 . 2014-10-26 16:38 -------- d-----w- c:\users\Armando\AppData\Roaming\HandBrake
2014-10-23 17:29 . 2014-10-26 16:38 -------- d-----w- c:\program files\Handbrake
2014-10-23 11:37 . 2014-10-23 11:37 -------- d-----w- c:\programdata\F-Secure
2014-10-23 11:34 . 2014-10-23 11:34 -------- d-----w- c:\users\Armando\AppData\Roaming\QuickScan
2014-10-22 16:05 . 2014-10-27 18:22 -------- d-----w- c:\program files\Recuva
2014-10-22 02:13 . 2014-11-11 01:26 -------- d-----w- c:\users\Armando\AppData\Local\CrashDumps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-12 08:01 . 2011-08-23 10:40 103374192 ----a-w- c:\windows\system32\MRT.exe
2014-11-04 19:30 . 2011-07-31 22:34 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-20 18:17 . 2014-10-20 18:17 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-10-12 16:53 . 2014-10-12 16:53 19 ----a-w- c:\windows\SysWow64\59175765.bat
2014-10-02 19:23 . 2014-10-02 19:23 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2014-10-02 19:23 . 2014-10-02 19:23 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2014-09-25 02:08 . 2014-10-01 11:17 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 11:17 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-09 22:11 . 2014-09-24 10:45 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 10:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-04 05:23 . 2014-10-20 14:39 424448 ----a-w- c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-20 14:39 372736 ----a-w- c:\windows\SysWow64\rastls.dll
2014-08-28 23:04 . 2012-07-17 18:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07 . 2014-08-28 17:56 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 17:56 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-04-24 21:14 220632 ----a-w- c:\users\Armando\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveSh ell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-04-24 21:14 220632 ----a-w- c:\users\Armando\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveSh ell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-04-24 21:14 220632 ----a-w- c:\users\Armando\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveSh ell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-16 6276408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-13 343168]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-09-27 559696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2010-6-17 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe ;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCo llector.exe [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVER S\LVPr2M64.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIV E\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNA TIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drive rs\usbaapl64.sys [x]
R3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgx64gps.sys;c:\windows\SYSNATIVE\DRIVERS\ lgx64gps.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\Wa tAdminSvc.exe [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\d rivers\avgtpx64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVER S\amdiox64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\ lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIV ERS\lvuvc64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS \netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVER S\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DR IVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNAT IVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYS NATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE \DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVE RS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-27 19:36 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-26 21:02]
.
2014-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22 19:30]
.
2014-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22 19:30]
.
2014-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1015054256-2377368507-1928368229-1000Core.job
- c:\users\Armando\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22 19:34]
.
2014-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1015054256-2377368507-1928368229-1000UA.job
- c:\users\Armando\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22 19:34]
.
2014-11-18 c:\windows\Tasks\HPCeeScheduleForArmando.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 09:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-04-24 21:14 244696 ----a-w- c:\users\Armando\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyD riveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-04-24 21:14 244696 ----a-w- c:\users\Armando\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyD riveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-04-24 21:14 244696 ----a-w- c:\users\Armando\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyD riveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-11-12 21720]
.
------- Supplementary Scan -------
.
uStart Page = https://my.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = localhost:8080
uSearchAssistant = about:blank
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Armando\AppData\Roaming\Mozilla\Firefox\Profiles\xog3bbof.default\
FF - prefs.js: browser.startup.homepage - hxxps://my.yahoo.com/
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Itibiti.exe - c:\program files (x86)\Itibiti Soft Phone\Itibiti.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Activeris AntiMalware_is1 - c:\program files (x86)\Activeris AntiMalware\unins000.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1015054256-2377368507-1928368229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1015054256-2377368507-1928368229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_ 0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.e xe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_ 0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.e xe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-11-20 19:37:52
ComboFix-quarantined-files.txt 2014-11-21 00:37
.
Pre-Run: 627,471,384,576 bytes free
Post-Run: 627,168,952,320 bytes free
.
- - End Of File - - 004AE7CCF78F9F184FA976A96FFC440B

After running quick scan in OTL I get an error message that says acess denied and an empty text screen pops up. Oh Oh what's up? Matt

My son's laptop has been infected by Windows Antibreach Tool. How do I get rid of it?
Help!

THANKS AGAIN FOR YOUR ASISSTANCE.

NewTechGuy