Malwarebytes Locks Up

Brother_Jim · July 26, 2013

OTL Log

OTL logfile created on: 7/26/2013 8:37:35 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 51.68% Memory free
3.93 Gb Paging File | 2.59 Gb Available in Paging File | 66.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 95.99 Gb Free Space | 71.44% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/26 08:34:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2013/07/17 11:26:12 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2013/06/21 02:16:28 | 000,308,816 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/02 03:01:48 | 000,193,672 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.2.233.0\BBSvc.EXE
PRC - [2012/11/29 21:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/02 14:46:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/03/31 10:00:24 | 000,483,428 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/03/31 10:00:18 | 000,254,042 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\stacsv.exe
PRC - [2009/03/31 10:00:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\AEstSrv.exe
PRC - [2009/03/31 09:18:54 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/03/31 09:18:34 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/03/31 09:18:32 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/03/31 09:18:32 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/10 07:15:28 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (No Company Name) ==========

MOD - [2013/04/23 17:57:26 | 004,554,752 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\wincfi39.dll
MOD - [2009/08/06 08:25:29 | 000,798,720 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2009/08/06 08:25:29 | 000,786,432 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2009/08/06 08:25:29 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2009/08/06 08:25:29 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2009/08/06 08:25:29 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2009/08/06 08:25:29 | 000,233,472 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2009/08/06 08:25:29 | 000,159,744 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2009/08/06 08:25:29 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2009/08/06 08:25:28 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2009/08/06 08:25:28 | 001,396,736 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2009/08/06 08:25:28 | 000,872,448 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2009/08/06 08:25:27 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2009/08/06 08:25:26 | 000,128,512 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2009/08/06 08:25:26 | 000,086,016 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2009/08/06 08:25:26 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2009/08/06 08:25:26 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2009/08/06 08:25:25 | 000,466,944 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2009/08/06 08:25:25 | 000,403,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2009/08/06 08:25:25 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2009/08/06 08:25:25 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2009/08/06 08:25:24 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2009/08/06 08:25:24 | 000,354,816 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2009/08/06 08:25:24 | 000,311,296 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2009/08/06 08:25:24 | 000,258,560 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2009/08/06 08:25:24 | 000,232,448 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2009/08/06 08:25:24 | 000,096,256 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2009/08/06 08:25:23 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2009/08/06 08:25:23 | 000,171,008 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2009/08/06 08:25:23 | 000,117,760 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2009/08/06 08:25:23 | 000,083,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2009/08/06 08:25:22 | 001,229,312 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2009/08/06 08:25:22 | 000,757,760 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2009/08/06 08:25:22 | 000,675,840 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2009/08/06 08:25:22 | 000,077,312 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - File not found [On_Demand | Stopped] -- -- (gupdatem)
SRV - [2013/07/22 10:02:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe -- (NCO)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/02 03:01:48 | 000,240,264 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/04/02 03:01:48 | 000,193,672 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/04/17 18:58:18 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/10/02 14:46:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/03/31 10:00:18 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\stacsv.exe -- (STacSV)
SRV - [2009/03/31 10:00:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\AEstSrv.exe -- (AESTFilters)
SRV - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\user\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/05/07 10:54:06 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2013/04/15 21:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NST\7DD04000.00A\ccsetx86.sys -- (ccSet_NST)
DRV - [2012/08/23 09:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 09:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 17:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/03/31 10:00:26 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/03/31 09:18:30 | 000,192,048 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/12/21 13:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\SearchScopes,DefaultScope = {05F36679-2397-4BBF-8F10-307359AF6D10}
IE - HKCU\..\SearchScopes\{05F36679-2397-4BBF-8F10-307359AF6D10}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20111044,17681,0,18,0
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{13796C65-BBE9-4BB0-8E72-B7A26F519A0D}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR&pc=MDDC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010/11/13 19:44:52 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\user\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/03/24 11:20:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn\ [2013/07/26 08:30:42 | 000,000,000 | ---D | M]

[2010/09/22 13:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
[2013/07/23 11:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ze0c1pb3.default\extensions
[2010/09/22 13:54:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ze0c1pb3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/07/12 09:12:39 | 000,000,000 | ---D | M] (Cool Smiley Bar for Facebook) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ze0c1pb3.default\extensions\pluswinks@PlusWinks
[2010/09/22 13:54:26 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

========== Chrome ==========

O1 HOSTS File: ([2013/07/24 12:49:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED [2009/11/16 15:39:51 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: amazon.com ([www] https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CA127633-F57D-4475-9445-E5F5B63A01ED} http://invites.myspace.com/invites/MySpace.OutlookContactFinder.cab (MySpaceOutlookContactFinder Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04E69768-4FAE-495E-BEED-3435FA3351B3}: DhcpNameServer = 68.105.28.11 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CA88BDC-C6DB-4A04-8DB9-A9FB6577EDEA}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/26 08:34:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/07/24 12:51:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/24 12:51:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/07/24 12:51:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\temp
[2013/07/24 12:39:27 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/07/24 09:16:00 | 005,092,950 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013/07/23 12:29:51 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\RK_Quarantine
[2013/07/23 12:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\iMesh
[2013/07/23 11:28:37 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/23 11:26:59 | 000,560,934 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\user\Desktop\JRT.exe
[2013/07/22 15:12:56 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\user\Desktop\dds.scr
[2013/07/22 15:11:27 | 000,353,352 | ---- | C] (Malwarebytes Corporation) -- C:\Users\user\Desktop\mbam-check-2.0.0.1000.exe
[2013/07/22 10:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/07/22 10:00:51 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Adobe
[2013/07/22 09:50:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/07/22 09:18:48 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Apple
[2013/07/19 17:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/07/19 16:46:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2013/07/19 16:45:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/19 16:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/19 16:45:37 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/07/19 16:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/07/19 14:13:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/07/19 14:13:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/07/19 14:13:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/07/19 14:13:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/19 14:13:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/07/19 13:11:40 | 000,000,000 | ---D | C] -- C:\found.000
[2013/07/17 14:10:11 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Acelogix
[2013/07/17 11:30:09 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/07/17 11:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/07/17 11:25:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SUPERAntiSpyware.com
[2013/07/17 11:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/07/17 11:24:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/07/17 11:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013/07/17 11:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/07/17 11:21:30 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System TuneUp
[2013/07/17 11:21:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System TuneUp
[2013/07/17 11:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\Acelogix
[2013/07/17 11:21:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Utilities
[2013/07/17 11:21:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace Utilities
[2013/07/17 11:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\Ace Utilities
[2013/07/08 11:23:17 | 000,000,000 | ---D | C] -- C:\Program Files\uPlayer
[2013/07/08 11:20:15 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\DefineExt
[2011/08/13 13:36:09 | 001,044,480 | ---- | C] (eHelp Corporation.) -- C:\Users\user\roboex32.dll
[2011/08/13 13:36:09 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Users\user\PCDLIB32.DLL
[2011/08/13 13:36:09 | 000,150,528 | ---- | C] (Wintertree Software Inc.) -- C:\Users\user\ssce5132.dll
[2011/08/13 13:36:08 | 000,415,744 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\ltkrn13n.dll
[2011/08/13 13:36:08 | 000,338,432 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\LFCMP13n.DLL
[2011/08/13 13:36:08 | 000,310,272 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\ltimg13n.dll
[2011/08/13 13:36:08 | 000,255,488 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\LTDIS13n.dll
[2011/08/13 13:36:08 | 000,205,312 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\ltefx13n.dll
[2011/08/13 13:36:08 | 000,137,216 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\ltfil13n.DLL
[2011/08/13 13:36:08 | 000,128,000 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lftif13n.dll
[2011/08/13 13:36:08 | 000,084,480 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lffpx13n.dll
[2011/08/13 13:36:08 | 000,072,704 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lffax13n.dll
[2011/08/13 13:36:08 | 000,055,296 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lfpsd13n.dll
[2011/08/13 13:36:08 | 000,049,152 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\Lfwmf13n.dll
[2011/08/13 13:36:08 | 000,048,640 | ---- | C] (America Online, Inc.\0) -- C:\Users\user\launch32.dll
[2011/08/13 13:36:08 | 000,035,328 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lttwn13n.dll
[2011/08/13 13:36:08 | 000,031,744 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lflmb13n.dll
[2011/08/13 13:36:08 | 000,029,696 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lfbmp13n.dll
[2011/08/13 13:36:08 | 000,029,184 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lflma13n.dll
[2011/08/13 13:36:08 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lfpcx13n.dll
[2011/08/13 13:36:08 | 000,020,992 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lfimg13n.dll
[2011/08/13 13:36:08 | 000,019,968 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lfpcd13n.dll
[2011/08/13 13:36:07 | 005,517,312 | ---- | C] (MyFamily.com, Inc.) -- C:\Users\user\Ftwbmp32.dll
[2011/08/13 13:36:07 | 000,925,696 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Users\user\cdintf210.dll
[2011/08/13 13:36:07 | 000,548,864 | ---- | C] (MyFamily.com, Inc.) -- C:\Users\user\Ftwstr32.dll
[2011/08/13 13:36:07 | 000,102,400 | ---- | C] (MyFamily.com, Inc.) -- C:\Users\user\Ftwbub32.dll
[2011/08/13 13:36:07 | 000,061,440 | ---- | C] ( Aqueduct Software, Inc.) -- C:\Users\user\aqueduct.dll
[2011/08/13 13:36:07 | 000,048,640 | ---- | C] (Blue Sky Software) -- C:\Users\user\INETWH32.dll
[2011/08/13 13:36:07 | 000,045,056 | ---- | C] (MyFamily.com, Inc.) -- C:\Users\user\Ftwmsc32.dll
[2011/08/13 13:36:06 | 000,293,360 | ---- | C] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Users\user\acfpdf.drv
[2011/08/13 13:36:06 | 000,231,896 | ---- | C] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Users\user\acfpdf.dll
[2011/08/13 13:36:06 | 000,154,893 | ---- | C] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Users\user\acfpdfu.dll
[2011/08/13 13:36:06 | 000,152,292 | ---- | C] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Users\user\acfpdfui.dll
[2011/08/13 13:21:36 | 005,967,872 | ---- | C] (MyFamily.com, Inc.) -- C:\Users\user\Family Treemaker.exe
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/26 08:37:57 | 000,011,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/26 08:37:57 | 000,011,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/26 08:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/26 08:34:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/07/26 08:30:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/26 08:30:23 | 1581,010,944 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/25 19:49:20 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3094632099-2433005807-751425020-1000UA.job
[2013/07/25 19:49:20 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3094632099-2433005807-751425020-1000Core.job
[2013/07/25 14:57:10 | 000,000,036 | ---- | M] () -- C:\Users\user\Desktop\defrag.bat
[2013/07/24 12:49:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/07/24 09:16:01 | 005,092,950 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013/07/23 12:29:41 | 000,915,968 | ---- | M] () -- C:\Users\user\Desktop\RogueKiller.exe
[2013/07/23 11:27:33 | 000,666,633 | ---- | M] () -- C:\Users\user\Desktop\AdwCleaner.exe
[2013/07/23 11:27:08 | 000,560,934 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\user\Desktop\JRT.exe
[2013/07/22 15:13:00 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\user\Desktop\dds.scr
[2013/07/22 15:11:27 | 000,353,352 | ---- | M] (Malwarebytes Corporation) -- C:\Users\user\Desktop\mbam-check-2.0.0.1000.exe
[2013/07/22 09:49:01 | 000,628,554 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/22 09:49:01 | 000,108,700 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/19 16:45:39 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/18 10:03:54 | 000,007,335 | ---- | M] () -- C:\Windows\wininit.ini
[2013/07/18 09:08:06 | 000,000,005 | ---- | M] () -- C:\Users\user\AppData\Roaming\WBPU-TTL.DAT
[2013/07/17 11:30:09 | 000,001,224 | ---- | M] () -- C:\Users\user\Desktop\Revo Uninstaller.lnk
[2013/07/17 11:24:52 | 000,001,963 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/07/17 11:23:42 | 000,001,218 | ---- | M] () -- C:\Users\user\Desktop\Spybot - Search & Destroy.lnk
[2013/07/17 11:22:51 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2013/07/17 11:22:02 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/07/17 11:21:30 | 000,001,216 | ---- | M] () -- C:\Users\user\Desktop\System TuneUp.lnk
[2013/07/17 11:21:12 | 000,002,234 | ---- | M] () -- C:\Users\user\Desktop\Ace Utilities.lnk
[2013/07/14 01:20:51 | 000,002,968 | ---- | M] () -- C:\{A89EC46B-77E1-4FAD-83A8-AA057BBE83A6}
[2013/07/13 18:31:53 | 000,002,362 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk
[2013/07/12 11:14:41 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/12 11:14:41 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/12 08:54:38 | 000,000,258 | RHS- | M] () -- C:\Users\user\ntuser.pol
[2013/07/12 01:40:31 | 000,343,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/06 10:13:05 | 001,102,848 | ---- | M] () -- C:\Users\user\Louis David Geneology.ftw
[2013/07/06 10:13:05 | 001,102,848 | ---- | M] () -- C:\Users\user\Louis David Geneology.FBK
[2013/07/06 10:13:05 | 000,001,781 | ---- | M] () -- C:\Users\user\FTW.ini
[2013/07/01 12:09:03 | 003,686,425 | ---- | M] () -- C:\Users\user\Documents\Fluorescent lighting.pdf
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/25 14:57:10 | 000,000,036 | ---- | C] () -- C:\Users\user\Desktop\defrag.bat
[2013/07/23 12:29:41 | 000,915,968 | ---- | C] () -- C:\Users\user\Desktop\RogueKiller.exe
[2013/07/23 11:27:33 | 000,666,633 | ---- | C] () -- C:\Users\user\Desktop\AdwCleaner.exe
[2013/07/19 16:45:39 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/19 14:13:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/07/19 14:13:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/07/19 14:13:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/07/19 14:13:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/07/19 14:13:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/18 10:03:10 | 000,007,335 | ---- | C] () -- C:\Windows\wininit.ini
[2013/07/17 11:30:09 | 000,001,224 | ---- | C] () -- C:\Users\user\Desktop\Revo Uninstaller.lnk
[2013/07/17 11:24:52 | 000,001,963 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/07/17 11:23:42 | 000,001,218 | ---- | C] () -- C:\Users\user\Desktop\Spybot - Search & Destroy.lnk
[2013/07/17 11:22:51 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2013/07/17 11:22:02 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/07/17 11:21:30 | 000,001,216 | ---- | C] () -- C:\Users\user\Desktop\System TuneUp.lnk
[2013/07/17 11:21:11 | 000,002,234 | ---- | C] () -- C:\Users\user\Desktop\Ace Utilities.lnk
[2013/07/14 01:20:51 | 000,002,968 | ---- | C] () -- C:\{A89EC46B-77E1-4FAD-83A8-AA057BBE83A6}
[2013/07/12 08:54:38 | 000,000,258 | RHS- | C] () -- C:\Users\user\ntuser.pol
[2013/07/01 12:09:01 | 003,686,425 | ---- | C] () -- C:\Users\user\Documents\Fluorescent lighting.pdf
[2013/06/16 18:50:03 | 000,000,005 | ---- | C] () -- C:\Users\user\AppData\Roaming\WBPU-TTL.DAT
[2012/08/05 14:20:38 | 000,470,869 | ---- | C] () -- C:\Users\user\Louis David Geneology.FBC
[2012/04/30 21:53:55 | 000,128,443 | ---- | C] () -- C:\Users\user\David Hernandez.jpeg.jpeg.jpeg
[2012/04/30 21:51:32 | 000,316,390 | ---- | C] () -- C:\Users\user\David Hernandez.jpeg.jpeg
[2012/04/30 21:47:36 | 000,128,443 | ---- | C] () -- C:\Users\user\David Hernandez.jpeg
[2012/02/01 15:45:26 | 000,143,476 | ---- | C] () -- C:\Users\user\February 2012 Activity Update.pdf
[2012/02/01 15:45:26 | 000,102,116 | ---- | C] () -- C:\Users\user\Feb 2012 Calendar.pdf
[2012/01/29 11:41:05 | 000,000,605 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/08/21 13:46:00 | 000,009,519 | ---- | C] () -- C:\Users\user\LDS Program.zip
[2011/08/21 13:13:10 | 000,118,784 | ---- | C] () -- C:\Users\user\LDS Program.paf
[2011/08/13 13:36:09 | 000,023,120 | ---- | C] () -- C:\Users\user\pkwdcl.dll
[2011/08/13 13:36:09 | 000,010,432 | ---- | C] () -- C:\Users\user\winsock.aol
[2011/08/13 13:36:09 | 000,004,544 | ---- | C] () -- C:\Users\user\New Journal Document.jnt
[2011/08/13 13:36:09 | 000,001,096 | ---- | C] () -- C:\Users\user\OLD Documents and Settings - Shortcut.lnk
[2011/08/13 13:36:09 | 000,000,412 | ---- | C] () -- C:\Users\user\prd.bin
[2011/08/13 13:36:08 | 001,102,848 | ---- | C] () -- C:\Users\user\Louis David Geneology.ftw
[2011/08/13 13:36:08 | 001,102,848 | ---- | C] () -- C:\Users\user\Louis David Geneology.FBK
[2011/08/13 13:36:08 | 001,018,368 | ---- | C] () -- C:\Users\user\Louis David Geneology Backup.FBK
[2011/08/13 13:36:08 | 000,338,944 | ---- | C] () -- C:\Users\user\lffpx7.dll
[2011/08/13 13:36:08 | 000,122,880 | ---- | C] () -- C:\Users\user\LFKODAK.DLL
[2011/08/13 13:36:07 | 001,519,616 | ---- | C] () -- C:\Users\user\ftwmfc.dll
[2011/08/13 13:36:07 | 000,435,200 | ---- | C] () -- C:\Users\user\ftwsys.bin
[2011/08/13 13:36:07 | 000,001,781 | ---- | C] () -- C:\Users\user\FTW.ini
[2009/11/05 13:39:36 | 000,024,206 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png
[2009/08/05 14:48:09 | 000,014,560 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/10/27 08:33:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Clip Art Collection
[2011/06/14 14:17:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Garmin
[2011/03/23 17:59:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ParetoLogic
[2010/12/21 11:51:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PCDr
[2009/08/06 08:34:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Skinux
[2009/11/16 15:40:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template
[2011/06/11 18:42:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Tific

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:E965A533
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 152 bytes -> C:\Users\user\David Hernandez.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 152 bytes -> C:\Users\user\David Hernandez.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 152 bytes -> C:\Users\user\David Hernandez.jpeg.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

-------------------------------------

extras

OTL Extras logfile created on: 7/26/2013 8:37:35 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 51.68% Memory free
3.93 Gb Paging File | 2.59 Gb Available in Paging File | 66.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 95.99 Gb Free Space | 71.44% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CE8E15E-F345-4672-970C-22310B0AE962}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1C7BACF9-D1A9-4913-B314-E37EDBA8C4A2}" = lport=139 | protocol=6 | dir=in | app=system |
"{375951B1-7932-440A-B431-B160B7914EA4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{37599CE3-595C-4077-BA69-B651B5751EC9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4018BF1A-2D51-416A-AE68-EE2F8B000165}" = lport=138 | protocol=17 | dir=in | app=system |
"{44D252A7-EAD9-463E-A6D4-001FE2C88016}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdater.exe |
"{4E5D8F7B-4CBA-40DE-B72A-F29186EEF930}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{56FBD8AD-49BA-4691-9C65-48D877BEAC02}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{79440DC0-D5AF-40CB-B810-23DF494B1A13}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E8BD1DC-1C1E-4B02-824A-7ACD0EE99B23}" = rport=445 | protocol=6 | dir=out | app=system |
"{92850AA4-B933-4F3F-8744-1939ACA217D0}" = rport=139 | protocol=6 | dir=out | app=system |
"{9AA0188C-7BBA-4F05-9EA2-1DD48AE63622}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A5275BD9-7E19-41CB-9D40-992FFC7C322D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B516556D-928A-4EE4-ABB4-21EEB76166C1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B64D09DC-9FCE-4B8F-8FA1-D20D10475A05}" = rport=137 | protocol=17 | dir=out | app=system |
"{BDC048B5-32ED-4501-8D22-DF7BAD46DEC8}" = lport=137 | protocol=17 | dir=in | app=system |
"{C9556971-C60F-4CF5-B505-7B35068A81B9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D32FD47B-D2FD-4B49-B824-FFF03AD29799}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{D40081B3-CDFE-4098-9587-523203DB3294}" = lport=445 | protocol=6 | dir=in | app=system |
"{E2BB1B06-94AD-48FF-B4C2-3628F9EE1CA1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F03F5324-1247-430E-90C2-4F5E60C6EEDB}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdateservice.exe |
"{F6124371-8D69-41B7-845F-590126F93996}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05F8B144-1705-404A-8B37-2BE81536FEA1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{105247D6-2BF8-45A9-A14D-F5EDF17F71B5}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{20033045-D444-41EF-8FC9-A412D807CAB5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2222A6BA-2F4E-462B-9072-EAD0A4E83F4C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{2B9D0DF8-CCDD-4C82-9EAC-4796AC73D0BF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{388598CE-028D-4369-AFFF-F230183773BA}" = protocol=6 | dir=in | app=c:\program files\common files\motive\pcservicehost.exe |
"{3B408F0E-EA9E-48BE-925B-8D2EC2CC537B}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{43FC0982-5852-4EEC-80C9-744651A4F60B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{4414946B-12C6-40EE-AFFD-CB2AAFA7883D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4A102BC7-791E-4D88-AD53-9BDE79606197}" = protocol=6 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe |
"{55E95D4F-6997-4C5F-96EB-507EF6AE80EB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5751CB74-85E3-4F43-9965-8BB472977F12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{593A503C-264C-4CCC-A52E-41D8192EC2C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5E76ED78-1533-44BE-9764-D76F173DB562}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5EC3B2FD-FE79-4DC8-BB47-BBD7230D8433}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5F08B597-55BD-4286-A20F-2ED1CAA3023D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6ECEA834-86C1-49EB-80CE-FAD9845C7DD3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6FFDB25A-D307-46A1-87CA-C430BF28E680}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{738F7D03-E5C5-4C0C-898E-98C2736EA12D}" = protocol=6 | dir=in | app=c:\program files\common files\motive\pcservicehost.exe |
"{76437AF3-E165-44BA-84B0-4EDFFB6B5319}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{794A86B7-E9BF-4CE1-A50B-93AB6E155E6F}" = protocol=17 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe |
"{8FFD5803-A3D1-4F2D-A2FD-1E2C1EB8C6D2}" = protocol=6 | dir=out | app=system |
"{91ED1260-3988-4E07-A467-C8E02DDCB040}" = protocol=6 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe |
"{9CB1F707-474B-41AE-8A8D-0298376E9CE2}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{A6A36ADF-FF03-4270-9F49-99188D5999DC}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{A7C4B8D6-5024-4EE8-BF81-44A1FE6711F9}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{A86820F8-1932-468D-B09A-7282E3BE568C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B5CABDCA-3189-4E8A-9C67-D4117240C2C7}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{B8B4BA07-8BAE-4B7A-A421-5C8F5D49C97E}" = protocol=17 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe |
"{BAA2B23C-0BBE-461B-A5BC-31CEB3FFA8FB}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{BD3C18B3-9446-4962-AC0D-8EF66D363F91}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BEC37ADD-1232-4C02-B788-6AB12D12278D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{C514BF3D-BC22-47DB-A1C7-39383EBAE473}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{CDC07AB7-D3FB-4276-B4B2-59D847091CB4}" = protocol=17 | dir=in | app=c:\program files\common files\motive\pcservicehost.exe |
"{D1BA8EF3-ADE7-4B22-A3B9-7EB67A445AC0}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{DC663758-03E7-440E-8298-16049962EEA5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F6DEF0D9-548F-48E3-B4FB-D74C0B08017A}" = protocol=17 | dir=in | app=c:\program files\common files\motive\pcservicehost.exe |
"{F7388795-27EE-42D4-9F05-627C4B8F9CEE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{157EE23B-E16C-44A1-B678-E4F7D31E9138}" = TurboTax 2012 wlaiper
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D63FAE5C-121F-4D15-AC91-13E4F73DFFBC}" = Family Tree Maker
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E461E45A-2B48-42FA-90E1-6F36D85DF101}" = Bing Bar
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FC65A49B-D0F4-4CFE-9304-4C6B4412433F}" = TurboTax 2011 wlaiper
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Ace Utilities_is1" = Ace Utilities
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Defraggler" = Defraggler
"ESET Online Scanner" = ESET Online Scanner v3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NST" = Norton Identity Safe
"Revo Uninstaller" = Revo Uninstaller 1.93
"System TuneUp_is1" = System TuneUp
"TurboTax 2011" = TurboTax 2011
"TurboTax 2012" = TurboTax 2012
"TVWiz" = Intel® TV Wizard
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Mail" = att.net Internet Mail
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/24/2013 10:11:59 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 7/24/2013 10:12:01 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\cool smiley
bar for facebook\BackgroundHost64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/24/2013 10:13:02 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 7/24/2013 10:32:24 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/25/2013 11:04:47 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/25/2013 11:31:48 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 7/25/2013 11:32:47 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 7/25/2013 3:03:28 PM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/25/2013 8:52:57 PM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/26/2013 9:32:16 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

[ Dell Events ]
Error - 11/17/2009 2:56:02 PM | Computer Name = user-PC | Source = DataSafe | ID = 3
Description = Failed or canceled

Error - 11/17/2009 2:56:02 PM | Computer Name = user-PC | Source = DataSafe | ID = 3
Description = Failed or canceled

Error - 11/17/2009 5:48:55 PM | Computer Name = user-PC | Source = DataSafe | ID = 3
Description = The process has been interrupted and ends prematurely

[ OSession Events ]
Error - 2/5/2010 12:30:58 PM | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/24/2013 1:40:06 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/24/2013 1:40:10 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 7/24/2013 1:44:40 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 7/24/2013 1:49:17 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 7/24/2013 2:15:45 PM | Computer Name = user-PC | Source = DCOM | ID = 10010
Description =

Error - 7/25/2013 12:44:35 PM | Computer Name = user-PC | Source = DCOM | ID = 10005
Description =

Error - 7/25/2013 12:44:35 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdatem) service failed to start due to
the following error:   %%3

Error - 7/25/2013 3:01:45 PM | Computer Name = user-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:52:38 PM on ?7/?25/?2013 was unexpected.

Error - 7/26/2013 9:32:01 AM | Computer Name = user-PC | Source = DCOM | ID = 10005
Description =

Error - 7/26/2013 9:32:01 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdatem) service failed to start due to
the following error:   %%3

< End of report >

Maniac · July 26, 2013

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Follow my instructions strictly. Please try again.

Brother_Jim · July 26, 2013

Follow my instructions strictly. Please try again.

??? What are you talking about ??

Maniac · July 26, 2013

Download OTL to your Desktop
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

You should tick Scan All Users before you proceed.

Brother_Jim · July 26, 2013

Ok sorry did not know what tick was use to hearing click on or check the box. Re-did it but this time it did not produce an extras log just an otl log.

OTL logfile created on: 7/26/2013 11:45:46 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.93% Memory free
3.93 Gb Paging File | 2.70 Gb Available in Paging File | 68.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 96.08 Gb Free Space | 71.51% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/26 08:34:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2013/07/22 10:02:39 | 000,814,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
PRC - [2013/07/17 11:26:12 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2013/06/21 02:16:28 | 000,308,816 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/02 03:01:48 | 000,240,264 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.EXE
PRC - [2012/11/29 21:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/02 14:46:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/03/31 10:00:24 | 000,483,428 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/03/31 10:00:18 | 000,254,042 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\stacsv.exe
PRC - [2009/03/31 10:00:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\AEstSrv.exe
PRC - [2009/03/31 09:18:54 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/03/31 09:18:34 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/03/31 09:18:32 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/03/31 09:18:32 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/10 07:15:28 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (No Company Name) ==========

MOD - [2013/04/23 17:57:26 | 004,554,752 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\wincfi39.dll
MOD - [2009/08/06 08:25:29 | 000,798,720 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2009/08/06 08:25:29 | 000,786,432 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2009/08/06 08:25:29 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2009/08/06 08:25:29 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2009/08/06 08:25:29 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2009/08/06 08:25:29 | 000,233,472 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2009/08/06 08:25:29 | 000,159,744 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2009/08/06 08:25:29 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2009/08/06 08:25:28 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2009/08/06 08:25:28 | 001,396,736 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2009/08/06 08:25:28 | 000,872,448 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2009/08/06 08:25:27 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2009/08/06 08:25:26 | 000,128,512 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2009/08/06 08:25:26 | 000,086,016 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2009/08/06 08:25:26 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2009/08/06 08:25:26 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2009/08/06 08:25:25 | 000,466,944 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2009/08/06 08:25:25 | 000,403,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2009/08/06 08:25:25 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2009/08/06 08:25:25 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2009/08/06 08:25:24 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2009/08/06 08:25:24 | 000,354,816 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2009/08/06 08:25:24 | 000,311,296 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2009/08/06 08:25:24 | 000,258,560 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2009/08/06 08:25:24 | 000,232,448 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2009/08/06 08:25:24 | 000,096,256 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2009/08/06 08:25:23 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2009/08/06 08:25:23 | 000,171,008 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2009/08/06 08:25:23 | 000,117,760 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2009/08/06 08:25:23 | 000,083,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2009/08/06 08:25:22 | 001,229,312 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2009/08/06 08:25:22 | 000,757,760 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2009/08/06 08:25:22 | 000,675,840 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2009/08/06 08:25:22 | 000,077,312 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2009/07/23 23:22:42 | 000,110,800 | ---- | M] () -- C:\Program Files\Acelogix\System TuneUp\wipext.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - File not found [On_Demand | Stopped] -- -- (gupdatem)
SRV - [2013/07/22 10:02:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe -- (NCO)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/02 03:01:48 | 000,240,264 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/04/02 03:01:48 | 000,193,672 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/04/17 18:58:18 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/10/02 14:46:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/03/31 10:00:18 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\stacsv.exe -- (STacSV)
SRV - [2009/03/31 10:00:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\AEstSrv.exe -- (AESTFilters)
SRV - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\user\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/07/26 10:03:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/05/07 10:54:06 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2013/04/15 21:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NST\7DD04000.00A\ccsetx86.sys -- (ccSet_NST)
DRV - [2012/08/23 09:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 09:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 17:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/03/31 10:00:26 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/03/31 09:18:30 | 000,192,048 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/12/21 13:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..\SearchScopes,DefaultScope = {05F36679-2397-4BBF-8F10-307359AF6D10}
IE - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..\SearchScopes\{05F36679-2397-4BBF-8F10-307359AF6D10}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20111044,17681,0,18,0
IE - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..\SearchScopes\{13796C65-BBE9-4BB0-8E72-B7A26F519A0D}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR&pc=MDDC
IE - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010/11/13 19:44:52 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\user\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/03/24 11:20:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn\ [2013/07/26 11:11:13 | 000,000,000 | ---D | M]

[2010/09/22 13:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
[2013/07/23 11:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ze0c1pb3.default\extensions
[2010/09/22 13:54:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ze0c1pb3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/07/12 09:12:39 | 000,000,000 | ---D | M] (Cool Smiley Bar for Facebook) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ze0c1pb3.default\extensions\pluswinks@PlusWinks
[2010/09/22 13:54:26 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

========== Chrome ==========

O1 HOSTS File: ([2013/07/24 12:49:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-3094632099-2433005807-751425020-1000..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED [2009/11/16 15:39:51 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O15 - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..Trusted Domains: amazon.com ([www] https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CA127633-F57D-4475-9445-E5F5B63A01ED} http://invites.myspace.com/invites/MySpace.OutlookContactFinder.cab (MySpaceOutlookContactFinder Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04E69768-4FAE-495E-BEED-3435FA3351B3}: DhcpNameServer = 68.105.28.11 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CA88BDC-C6DB-4A04-8DB9-A9FB6577EDEA}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/26 09:58:18 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/07/26 08:34:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/07/24 12:51:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/24 12:51:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/07/24 12:51:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\temp
[2013/07/24 12:39:27 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/07/24 09:16:00 | 005,092,950 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013/07/23 12:29:51 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\RK_Quarantine
[2013/07/23 12:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\iMesh
[2013/07/23 11:28:37 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/23 11:26:59 | 000,560,934 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\user\Desktop\JRT.exe
[2013/07/22 15:12:56 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\user\Desktop\dds.scr
[2013/07/22 15:11:27 | 000,353,352 | ---- | C] (Malwarebytes Corporation) -- C:\Users\user\Desktop\mbam-check-2.0.0.1000.exe
[2013/07/22 10:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/07/22 10:00:51 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Adobe
[2013/07/22 09:50:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/07/22 09:18:48 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Apple
[2013/07/19 17:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/07/19 16:46:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2013/07/19 16:45:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/19 16:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/19 16:45:37 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/07/19 16:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/07/19 14:13:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/07/19 14:13:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/07/19 14:13:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/07/19 14:13:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/19 14:13:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/07/19 13:11:40 | 000,000,000 | ---D | C] -- C:\found.000
[2013/07/17 14:10:11 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Acelogix
[2013/07/17 11:30:09 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/07/17 11:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/07/17 11:25:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SUPERAntiSpyware.com
[2013/07/17 11:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/07/17 11:24:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/07/17 11:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013/07/17 11:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/07/17 11:21:30 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System TuneUp
[2013/07/17 11:21:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System TuneUp
[2013/07/17 11:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\Acelogix
[2013/07/17 11:21:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Utilities
[2013/07/17 11:21:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace Utilities
[2013/07/17 11:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\Ace Utilities
[2013/07/08 11:23:17 | 000,000,000 | ---D | C] -- C:\Program Files\uPlayer
[2013/07/08 11:20:15 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\DefineExt
[2011/08/13 13:36:09 | 001,044,480 | ---- | C] (eHelp Corporation.) -- C:\Users\user\roboex32.dll
[2011/08/13 13:36:09 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Users\user\PCDLIB32.DLL
[2011/08/13 13:36:09 | 000,150,528 | ---- | C] (Wintertree Software Inc.) -- C:\Users\user\ssce5132.dll
[2011/08/13 13:36:08 | 000,415,744 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\ltkrn13n.dll
[2011/08/13 13:36:08 | 000,338,432 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\LFCMP13n.DLL
[2011/08/13 13:36:08 | 000,310,272 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\ltimg13n.dll
[2011/08/13 13:36:08 | 000,255,488 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\LTDIS13n.dll
[2011/08/13 13:36:08 | 000,205,312 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\ltefx13n.dll
[2011/08/13 13:36:08 | 000,137,216 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\ltfil13n.DLL
[2011/08/13 13:36:08 | 000,128,000 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lftif13n.dll
[2011/08/13 13:36:08 | 000,084,480 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lffpx13n.dll
[2011/08/13 13:36:08 | 000,072,704 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lffax13n.dll
[2011/08/13 13:36:08 | 000,055,296 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lfpsd13n.dll
[2011/08/13 13:36:08 | 000,049,152 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\Lfwmf13n.dll
[2011/08/13 13:36:08 | 000,048,640 | ---- | C] (America Online, Inc.\0) -- C:\Users\user\launch32.dll
[2011/08/13 13:36:08 | 000,035,328 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lttwn13n.dll
[2011/08/13 13:36:08 | 000,031,744 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lflmb13n.dll
[2011/08/13 13:36:08 | 000,029,696 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lfbmp13n.dll
[2011/08/13 13:36:08 | 000,029,184 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lflma13n.dll
[2011/08/13 13:36:08 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lfpcx13n.dll
[2011/08/13 13:36:08 | 000,020,992 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lfimg13n.dll
[2011/08/13 13:36:08 | 000,019,968 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lfpcd13n.dll
[2011/08/13 13:36:07 | 005,517,312 | ---- | C] (MyFamily.com, Inc.) -- C:\Users\user\Ftwbmp32.dll
[2011/08/13 13:36:07 | 000,925,696 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Users\user\cdintf210.dll
[2011/08/13 13:36:07 | 000,548,864 | ---- | C] (MyFamily.com, Inc.) -- C:\Users\user\Ftwstr32.dll
[2011/08/13 13:36:07 | 000,102,400 | ---- | C] (MyFamily.com, Inc.) -- C:\Users\user\Ftwbub32.dll
[2011/08/13 13:36:07 | 000,061,440 | ---- | C] ( Aqueduct Software, Inc.) -- C:\Users\user\aqueduct.dll
[2011/08/13 13:36:07 | 000,048,640 | ---- | C] (Blue Sky Software) -- C:\Users\user\INETWH32.dll
[2011/08/13 13:36:07 | 000,045,056 | ---- | C] (MyFamily.com, Inc.) -- C:\Users\user\Ftwmsc32.dll
[2011/08/13 13:36:06 | 000,293,360 | ---- | C] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Users\user\acfpdf.drv
[2011/08/13 13:36:06 | 000,231,896 | ---- | C] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Users\user\acfpdf.dll
[2011/08/13 13:36:06 | 000,154,893 | ---- | C] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Users\user\acfpdfu.dll
[2011/08/13 13:36:06 | 000,152,292 | ---- | C] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Users\user\acfpdfui.dll
[2011/08/13 13:21:36 | 005,967,872 | ---- | C] (MyFamily.com, Inc.) -- C:\Users\user\Family Treemaker.exe
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/26 11:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/26 11:21:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3094632099-2433005807-751425020-1000UA.job
[2013/07/26 11:18:27 | 000,011,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/26 11:18:27 | 000,011,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/26 11:10:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/26 11:10:44 | 1581,010,944 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/26 11:10:20 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2013/07/26 10:03:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/07/26 08:34:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/07/25 19:49:20 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3094632099-2433005807-751425020-1000Core.job
[2013/07/25 14:57:10 | 000,000,036 | ---- | M] () -- C:\Users\user\Desktop\defrag.bat
[2013/07/24 12:49:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/07/24 09:16:01 | 005,092,950 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013/07/23 12:29:41 | 000,915,968 | ---- | M] () -- C:\Users\user\Desktop\RogueKiller.exe
[2013/07/23 11:27:33 | 000,666,633 | ---- | M] () -- C:\Users\user\Desktop\AdwCleaner.exe
[2013/07/23 11:27:08 | 000,560,934 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\user\Desktop\JRT.exe
[2013/07/22 15:13:00 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\user\Desktop\dds.scr
[2013/07/22 15:11:27 | 000,353,352 | ---- | M] (Malwarebytes Corporation) -- C:\Users\user\Desktop\mbam-check-2.0.0.1000.exe
[2013/07/22 09:49:01 | 000,628,554 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/22 09:49:01 | 000,108,700 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/19 16:45:39 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/18 10:03:54 | 000,007,335 | ---- | M] () -- C:\Windows\wininit.ini
[2013/07/18 09:08:06 | 000,000,005 | ---- | M] () -- C:\Users\user\AppData\Roaming\WBPU-TTL.DAT
[2013/07/17 11:30:09 | 000,001,224 | ---- | M] () -- C:\Users\user\Desktop\Revo Uninstaller.lnk
[2013/07/17 11:24:52 | 000,001,963 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/07/17 11:23:42 | 000,001,218 | ---- | M] () -- C:\Users\user\Desktop\Spybot - Search & Destroy.lnk
[2013/07/17 11:22:51 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2013/07/17 11:22:02 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/07/17 11:21:30 | 000,001,216 | ---- | M] () -- C:\Users\user\Desktop\System TuneUp.lnk
[2013/07/17 11:21:12 | 000,002,234 | ---- | M] () -- C:\Users\user\Desktop\Ace Utilities.lnk
[2013/07/14 01:20:51 | 000,002,968 | ---- | M] () -- C:\{A89EC46B-77E1-4FAD-83A8-AA057BBE83A6}
[2013/07/13 18:31:53 | 000,002,362 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk
[2013/07/12 11:14:41 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/12 11:14:41 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/12 08:54:38 | 000,000,258 | RHS- | M] () -- C:\Users\user\ntuser.pol
[2013/07/12 01:40:31 | 000,343,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/06 10:13:05 | 001,102,848 | ---- | M] () -- C:\Users\user\Louis David Geneology.ftw
[2013/07/06 10:13:05 | 001,102,848 | ---- | M] () -- C:\Users\user\Louis David Geneology.FBK
[2013/07/06 10:13:05 | 000,001,781 | ---- | M] () -- C:\Users\user\FTW.ini
[2013/07/01 12:09:03 | 003,686,425 | ---- | M] () -- C:\Users\user\Documents\Fluorescent lighting.pdf
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/26 11:10:20 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2013/07/25 14:57:10 | 000,000,036 | ---- | C] () -- C:\Users\user\Desktop\defrag.bat
[2013/07/23 12:29:41 | 000,915,968 | ---- | C] () -- C:\Users\user\Desktop\RogueKiller.exe
[2013/07/23 11:27:33 | 000,666,633 | ---- | C] () -- C:\Users\user\Desktop\AdwCleaner.exe
[2013/07/19 16:45:39 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/19 14:13:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/07/19 14:13:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/07/19 14:13:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/07/19 14:13:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/07/19 14:13:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/18 10:03:10 | 000,007,335 | ---- | C] () -- C:\Windows\wininit.ini
[2013/07/17 11:30:09 | 000,001,224 | ---- | C] () -- C:\Users\user\Desktop\Revo Uninstaller.lnk
[2013/07/17 11:24:52 | 000,001,963 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/07/17 11:23:42 | 000,001,218 | ---- | C] () -- C:\Users\user\Desktop\Spybot - Search & Destroy.lnk
[2013/07/17 11:22:51 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2013/07/17 11:22:02 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/07/17 11:21:30 | 000,001,216 | ---- | C] () -- C:\Users\user\Desktop\System TuneUp.lnk
[2013/07/17 11:21:11 | 000,002,234 | ---- | C] () -- C:\Users\user\Desktop\Ace Utilities.lnk
[2013/07/14 01:20:51 | 000,002,968 | ---- | C] () -- C:\{A89EC46B-77E1-4FAD-83A8-AA057BBE83A6}
[2013/07/12 08:54:38 | 000,000,258 | RHS- | C] () -- C:\Users\user\ntuser.pol
[2013/07/01 12:09:01 | 003,686,425 | ---- | C] () -- C:\Users\user\Documents\Fluorescent lighting.pdf
[2013/06/16 18:50:03 | 000,000,005 | ---- | C] () -- C:\Users\user\AppData\Roaming\WBPU-TTL.DAT
[2012/08/05 14:20:38 | 000,470,869 | ---- | C] () -- C:\Users\user\Louis David Geneology.FBC
[2012/04/30 21:53:55 | 000,128,443 | ---- | C] () -- C:\Users\user\David Hernandez.jpeg.jpeg.jpeg
[2012/04/30 21:51:32 | 000,316,390 | ---- | C] () -- C:\Users\user\David Hernandez.jpeg.jpeg
[2012/04/30 21:47:36 | 000,128,443 | ---- | C] () -- C:\Users\user\David Hernandez.jpeg
[2012/02/01 15:45:26 | 000,143,476 | ---- | C] () -- C:\Users\user\February 2012 Activity Update.pdf
[2012/02/01 15:45:26 | 000,102,116 | ---- | C] () -- C:\Users\user\Feb 2012 Calendar.pdf
[2012/01/29 11:41:05 | 000,000,605 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/08/21 13:46:00 | 000,009,519 | ---- | C] () -- C:\Users\user\LDS Program.zip
[2011/08/21 13:13:10 | 000,118,784 | ---- | C] () -- C:\Users\user\LDS Program.paf
[2011/08/13 13:36:09 | 000,023,120 | ---- | C] () -- C:\Users\user\pkwdcl.dll
[2011/08/13 13:36:09 | 000,010,432 | ---- | C] () -- C:\Users\user\winsock.aol
[2011/08/13 13:36:09 | 000,004,544 | ---- | C] () -- C:\Users\user\New Journal Document.jnt
[2011/08/13 13:36:09 | 000,001,096 | ---- | C] () -- C:\Users\user\OLD Documents and Settings - Shortcut.lnk
[2011/08/13 13:36:09 | 000,000,412 | ---- | C] () -- C:\Users\user\prd.bin
[2011/08/13 13:36:08 | 001,102,848 | ---- | C] () -- C:\Users\user\Louis David Geneology.ftw
[2011/08/13 13:36:08 | 001,102,848 | ---- | C] () -- C:\Users\user\Louis David Geneology.FBK
[2011/08/13 13:36:08 | 001,018,368 | ---- | C] () -- C:\Users\user\Louis David Geneology Backup.FBK
[2011/08/13 13:36:08 | 000,338,944 | ---- | C] () -- C:\Users\user\lffpx7.dll
[2011/08/13 13:36:08 | 000,122,880 | ---- | C] () -- C:\Users\user\LFKODAK.DLL
[2011/08/13 13:36:07 | 001,519,616 | ---- | C] () -- C:\Users\user\ftwmfc.dll
[2011/08/13 13:36:07 | 000,435,200 | ---- | C] () -- C:\Users\user\ftwsys.bin
[2011/08/13 13:36:07 | 000,001,781 | ---- | C] () -- C:\Users\user\FTW.ini
[2009/11/05 13:39:36 | 000,024,206 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png
[2009/08/05 14:48:09 | 000,014,560 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/10/27 08:33:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Clip Art Collection
[2011/06/14 14:17:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Garmin
[2011/03/23 17:59:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ParetoLogic
[2010/12/21 11:51:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PCDr
[2009/08/06 08:34:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Skinux
[2009/11/16 15:40:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template
[2011/06/11 18:42:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Tific

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:E965A533
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 152 bytes -> C:\Users\user\David Hernandez.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 152 bytes -> C:\Users\user\David Hernandez.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 152 bytes -> C:\Users\user\David Hernandez.jpeg.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

Maniac · July 27, 2013

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2013/07/12 09:12:39 | 000,000,000 | ---D | M] (Cool Smiley Bar for Facebook) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ze0c1pb3.default\extensions\pluswinks@PlusWinks
:files
ipconfig /flushdns /c
:Commands
[emptytemp]
[clearallrestorepoints]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

AdvancedSetup · July 30, 2013

Are you still with us?

Brother_Jim · July 31, 2013

Sorry, I had to go take care of a few things and was gone for a while. Also have to report I ended up deleting MBAM because of it locking up and give the laptop back to the lady in church because she could no longer wait for it. I tried to explain to her their still could be issueswith her computer but she could no longer wait.

Thanks for helping me trying to fix the issue, wished I could have stuck out with it but she no longer wanted to wait.

Thanks and GBU

AdvancedSetup · August 1, 2013

Okay, thanks for letting us know. I'll go ahead then and close your topic now.

AdvancedSetup · August 1, 2013

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Malwarebytes Locks Up

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information