Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92789 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Unknown infection and can't run FRST [Solved]

win 7 32 bit

  • This topic is locked This topic is locked
41 replies to this topic

#1 GeekStyle59

GeekStyle59

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 28 November 2014 - 03:59 AM

Something serious is down deep in my system. It has been slowing it down more and more. I know I am running 32 bit but the FRST file will not even open saying it "is not a valid Win32 application." Just for kicks, I downloaded the 64 bit version but it clearly states that it will not work on my system.

 

Before that, I ran the MBR file as admin and got this result: {Please note that these results say I am running a version before Win 7 which I don't get at all}

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-11-28 03:25:41
-----------------------------
03:25:41.213    OS Version: Windows 6.1.7601 Service Pack 1
03:25:41.213    Number of processors: 4 586 0x2A07
03:25:41.213    ComputerName: Admin-0602snr  UserName: Grandma
03:25:42.555    Initialize success
03:25:44.879    AVAST engine defs: 14112800
03:26:04.067    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
03:26:04.083    Disk 0 Vendor: WDC_WD3200BEVT-75A23T0 01.01A01 Size: 305245MB BusType: 11
03:26:04.270    Disk 0 MBR read successfully
03:26:04.285    Disk 0 MBR scan
03:26:04.644    Disk 0 unknown MBR code
03:26:04.675    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       305242 MB offset 63
03:26:04.691    Disk 0 Boot: NTFS     code=2
03:26:04.956    Disk 0 scanning sectors +625137345
03:26:05.331    Disk 0 scanning C:\Windows\system32\drivers
03:26:22.491    Service scanning
03:26:58.402    Modules scanning
03:26:58.402    Disk 0 trace - called modules:
03:26:58.418    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys 
03:26:58.418    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8592f030]
03:26:58.433    3 CLASSPNP.SYS[8b3d459e] -> nt!IofCallDriver -> [0x857b8900]
03:26:58.433    5 ACPI.sys[8b4983d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x857af030]
03:26:59.182    AVAST engine scan C:\Windows
03:27:01.772    AVAST engine scan C:\Windows\system32
03:29:59.253    AVAST engine scan C:\Windows\system32\drivers
03:30:18.753    AVAST engine scan C:\Users\Grandma
03:40:36.483    AVAST engine scan C:\ProgramData
03:44:21.233    Disk 0 statistics 2972347/0/0 @ 1.74 MB/s
03:44:21.248    Scan finished successfully
04:14:53.191    Disk 0 MBR has been saved successfully to "C:\Users\Grandma\Documents\MBR.dat"
04:14:53.206    The log file has been saved successfully to "C:\Users\Grandma\Documents\aswMBR_11-28-14.txt"
 
 
 
What should my next step be?Attached File  aswMBR_11-28-14.txt   1.94KB   100 downloads
 

    Advertisements

Register to Remove


#2 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,745 posts
  • Interests:LFC, music, more LFC, more music

Posted 29 November 2014 - 02:57 AM

Hello GeekStyle59 and welcome to the WTT forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested


Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download RogueKiller to your desktop


  • close all running programs
  • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.

If you have trouble running it, try it in safe mode:

How to start Windows in Safe Mode - Windows 7/Vista

Satchfan

 

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#3 GeekStyle59

GeekStyle59

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 29 November 2014 - 05:16 AM

Hello Satchfan!

 

Thank you for your response. I have run Rogue Killer as requsted.



#4 GeekStyle59

GeekStyle59

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 29 November 2014 - 05:17 AM

Satchfan,

 

I attached the report but can't see if it uploaded to you.

 

GeekStyle59



#5 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,745 posts
  • Interests:LFC, music, more LFC, more music

Posted 29 November 2014 - 08:54 AM

I don't want it uploaded; just copy and paste it in your post please.


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#6 GeekStyle59

GeekStyle59

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 29 November 2014 - 09:11 AM

Oh, OK! Here it is:

 

RogueKiller V10.0.8.0 [Nov 20 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Grandma [Administrator]
Mode : Scan -- Date : 11/29/2014  05:59:22
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 8 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswVmm (\??\C:\Users\Grandma\AppData\Local\Temp\aswVmm.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswVmm (\??\C:\Users\Grandma\AppData\Local\Temp\aswVmm.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aswVmm (\??\C:\Users\Grandma\AppData\Local\Temp\aswVmm.sys) -> Found
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.yahoo.co...t&type=avastbcl  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-3135014543-1366911502-1036751248-1003\Software\Microsoft\Internet Explorer\Main | Start Page : http://ghostviet.com/  -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-3135014543-1366911502-1036751248-1003\Software\Microsoft\Internet Explorer\Main | Search Page : https://search.yahoo...simp=yhs-001&p={searchTerms}  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 1 ¤¤¤
[Suspicious.Path][File] SleepMapper Data Card Uploader.lnk -- C:\Users\Grandma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SleepMapper Data Card Uploader.lnk [LNK@] C:\Users\Grandma\AppData\Local\Apps\2.0\4568C6E5.B0R\TB1LKN1N.68X\PCMDTI~1.000\PCMDCA.exe -FromStartup -> Found
 
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-75A23T0 ATA Device +++++
--- User ---
[MBR] 55a8383f61851be5a8bba1ea2379f97c
[BSP] 47903395ed53d7ac174fbf6fe04b27d5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 305242 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_11282014_230134.log


#7 GeekStyle59

GeekStyle59

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 29 November 2014 - 09:18 AM

FYI Satchfan, I have just read through it. My host file is too big, it says, but I have used the MVPS host file for protection. Is that a mistake? Also, the Sleep Mapper thing is for my medical CPAP machine. I had uninstalled the program from the Control Panel, but this keeps showing on reboots that the program may not load properly -- probably because this file didn't get uninstalled, right?



#8 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,745 posts
  • Interests:LFC, music, more LFC, more music

Posted 29 November 2014 - 03:56 PM

Can you run another scan.
 

  • Please download MGADiag by clicking here and save it to your desktop.
  • double click the diagicon.png icon on your desktop.
  • push continue.png
  • push copy.png
  • go to Start -> Run and type in "Notepad"
  • go to Edit -> Paste in notepad.
  • "x" out all of the numbers and letters in the line beginning with "Windows Product Key:"
  • Copy and paste that log here.

Thanks

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#9 GeekStyle59

GeekStyle59

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 29 November 2014 - 08:20 PM

Here are the MGADiag results:

 

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
 
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: 
Windows Product Key Hash: 
Windows Product ID: 
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {F574C17D-EF63-4F82-BD44-B743D5A9E6AC}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.140303-2144
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A
 
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
 
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
 
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
 
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
 
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
 
File Scan Data-->
 
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{F574C17D-EF63-4F82-BD44-B743D5A9E6AC}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-HYRR2</PKey><PID>00426-OEM-8992662-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-3135014543-1366911502-1036751248</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron N5110</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A10</Version><SMBIOSVersion major="2" minor="6"/><Date>20120322000000.000000+000</Date></BIOS><HWID>33003C07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  
 
Spsys.log Content: 0x80070002
 
Licensing Data-->
Software licensing service version: 6.1.7601.17514
 
Name: Windows® 7, Ultimate edition
Description: Windows Operating System - Windows® 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600006-02-1033-7600.0000-1182010
Installation ID: 016884399206919065587460862045260792429200015150705410
Processor Certificate URL: http://go.microsoft....k/?LinkID=88338
Product Key Certificate URL: http://go.microsoft....k/?LinkID=88340
Partial Product Key: HYRR2
License Status: Licensed
Remaining Windows rearm count: 1
Trusted time: 11/29/2014 9:13:10 PM
 
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x80072F8F
HealthStatus: 0x0000000000000000
Event Time Stamp: 10:9:2014 13:28
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
 
 
HWID Data-->
HWID Hash Current: MgAAAAEAAgABAAEAAAABAAAABAABAAEA6GG8x16sBoYora4rdHS8xKSk0jmiXcYlLnM=
 
OEM Activation 1.0 Data-->
N/A
 
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information: 
  ACPI Table Name OEMID Value OEMTableID Value
  APIC DELL WN09
  FACP DELL WN09
  HPET DELL WN09
  MCFG DELL WN09
  SSDT TrmRef PtidDevc
  SLIC ACRSYS ACRPRDCT
  SSDT TrmRef PtidDevc
  SSDT TrmRef PtidDevc
  OSFR DELL   M08    


#10 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,745 posts
  • Interests:LFC, music, more LFC, more music

Posted 30 November 2014 - 03:18 AM

Please run these in the order presented in the post.

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Can you try running FRST again.

If it won’t run, try running it in Safe mode.

If it still won’t run:

Run OTL

  • download OTL to your desktop.
  • double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • click Scan all users.
  • under Custom Scan paste this in


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT


     

  • click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
  • when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • you may need two posts to fit them both in.

Logs to include with next post:

AdwCleaner log
JRT.txt


Also, either
FRST.txt

or

OTL.txt
Extras.txt


Thanks

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

    Advertisements

Register to Remove


#11 GeekStyle59

GeekStyle59

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 30 November 2014 - 08:03 AM

Problems along the way:

 

AdwCleaner.log found no where on my computer, but the scan results showed noithing found.
 
FRST still would not dowload; Googled it and found 32 bit version 3.3.8.1 on MajorGeeks.com which, on opening said it needed updating and took me back to Bleeping Computer and, again, it would not download so used OTL
 
OTL, in the middle of the scan reports "There is no disk in the drive. Please insert a disk into drive \Device\Harddisk3\DR3" When I hit Retry, Cancel or Continue, nothing happened until I hit Continue about 10 times, then it proceeded with the scan.
 
Here are the reports I was able to get:
 
JRT.txt
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Ultimate x86
Ran by Grandma on Sun 11/30/2014 at  7:27:46.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\System32\Tasks\Driver Booster Scan
Successfully deleted: [File] C:\Windows\System32\Tasks\Driver Booster SkipUAC (Grandma)
Successfully deleted: [File] C:\Windows\System32\Tasks\Driver Booster Update
Successfully deleted: [File] C:\Windows\prefetch\DRIVERBOOSTER.EXE-35A61CB4.pf
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\Grandma\AppData\Roaming\mozilla\firefox\profiles\morjvmye.default\minidumps [165 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/30/2014 at  7:30:06.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
OTL.txt:
 

OTL logfile created on: 11/30/2014 8:21:59 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Grandma\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.41 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 58.05% Memory free
6.82 Gb Paging File | 5.32 Gb Available in Paging File | 78.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 228.16 Gb Free Space | 76.54% Space Free | Partition Type: NTFS
Drive D: | 563.26 Gb Total Space | 266.59 Gb Free Space | 47.33% Space Free | Partition Type: FAT32
Unable to calculate disk information.
Drive F: | 465.65 Gb Total Space | 170.27 Gb Free Space | 36.57% Space Free | Partition Type: FAT32
Drive H: | 364.13 Gb Total Space | 351.46 Gb Free Space | 96.52% Space Free | Partition Type: FAT32
Drive I: | 3.94 Gb Total Space | 3.89 Gb Free Space | 98.73% Space Free | Partition Type: NTFS
 
Computer Name: Admin-0602snr | User Name: Grandma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/30 07:54:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Grandma\Desktop\OTL.exe
PRC - [2014/11/30 01:35:21 | 000,264,488 | ---- | M] (Dell) -- C:\Users\Grandma\AppData\Local\Apps\2.0\4568C6E5.B0R\TB1LKN1N.68X\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe
PRC - [2014/11/28 13:54:04 | 001,084,704 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
PRC - [2014/11/21 13:41:50 | 005,282,584 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2014/11/13 01:58:58 | 035,419,192 | ---- | M] (Dropbox, Inc.) -- C:\Users\Grandma\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/10/31 20:53:20 | 005,223,016 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/10/26 08:52:43 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/10/26 08:52:29 | 003,192,344 | ---- | M] (Avast Software) -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
PRC - [2014/10/15 14:06:24 | 007,670,592 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
PRC - [2014/10/15 13:56:50 | 000,656,376 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
PRC - [2014/08/20 12:27:26 | 000,788,256 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
PRC - [2014/08/18 16:36:14 | 000,893,216 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
PRC - [2013/08/01 19:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/01/29 17:13:12 | 001,668,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
PRC - [2013/01/29 17:13:12 | 001,093,744 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
PRC - [2012/03/26 20:01:52 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Bluetooth\obexsrv.exe
PRC - [2012/03/26 20:01:44 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Bluetooth\devmonsrv.exe
PRC - [2012/02/08 14:11:24 | 008,241,767 | ---- | M] ( ) -- C:\Program Files\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
PRC - [2011/04/13 10:41:22 | 000,057,680 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2011/04/12 14:19:18 | 000,501,624 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/17 02:45:28 | 000,056,480 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Dell Wireless\Bluetooth Suite\AdminService.exe
PRC - [2010/11/13 23:22:42 | 001,605,632 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
PRC - [2010/11/06 23:03:30 | 000,450,560 | ---- | M] (Red Bend Ltd.) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
PRC - [2010/11/06 22:54:30 | 001,437,696 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
PRC - [2010/09/30 23:49:08 | 000,151,552 | ---- | M] (Atheros) -- C:\Program Files\Dell Wireless\Ath_CoexAgent.exe
PRC - [2010/07/07 12:59:22 | 000,054,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2010/05/31 13:17:06 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/12/03 09:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/09/14 04:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
PRC - [2009/09/14 04:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
PRC - [2007/12/17 03:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/09/07 13:40:34 | 000,132,392 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Wacom_TabletUser.exe
PRC - [2007/09/07 13:40:04 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe
PRC - [2007/01/11 03:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/30 08:14:35 | 000,043,008 | ---- | M] () -- c:\Users\Grandma\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgdixcs.dll
MOD - [2014/11/13 01:49:58 | 003,610,624 | ---- | M] () -- C:\Users\Grandma\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/10/26 08:52:46 | 038,561,576 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/10/18 14:03:18 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll
MOD - [2014/10/18 14:03:03 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
MOD - [2014/10/18 14:02:50 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2014/10/18 14:02:41 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll
MOD - [2014/10/18 14:01:48 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014/10/15 14:06:40 | 000,087,896 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_thread-vc100-mt-1_55.dll
MOD - [2014/10/15 14:06:40 | 000,022,360 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_system-vc100-mt-1_55.dll
MOD - [2014/10/15 14:06:38 | 000,405,848 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_locale-vc100-mt-1_55.dll
MOD - [2014/10/15 14:06:38 | 000,107,872 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_filesystem-vc100-mt-1_55.dll
MOD - [2014/10/15 14:06:36 | 000,048,480 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_date_time-vc100-mt-1_55.dll
MOD - [2014/10/15 14:06:36 | 000,030,040 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_chrono-vc100-mt-1_55.dll
MOD - [2014/10/15 14:06:30 | 002,423,600 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\RCF.dll
MOD - [2014/10/15 14:06:28 | 001,626,432 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\HtmlFramework.dll
MOD - [2014/10/15 14:06:28 | 000,641,344 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\Localization.dll
MOD - [2014/10/15 14:06:26 | 000,056,632 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\DllStorage.dll
MOD - [2014/10/15 14:06:24 | 007,670,592 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
MOD - [2014/10/15 14:06:24 | 000,870,224 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTrayDefaultSkin.dll
MOD - [2014/10/15 14:06:18 | 002,560,336 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareShellExtension.dll
MOD - [2014/10/11 13:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/09/13 19:00:50 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\0483c93466914f3fbd5b44454b0c8a98\Accessibility.ni.dll
MOD - [2014/09/13 18:59:30 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014/07/31 11:16:44 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/08/23 14:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Grandma\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/06/08 17:21:52 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2013/01/15 17:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 7\madexcept_.bpl
MOD - [2013/01/15 17:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 7\maddisAsm_.bpl
MOD - [2013/01/15 17:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 7\madbasic_.bpl
MOD - [2013/01/15 17:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 7\webres.dll
MOD - [2012/02/07 14:59:26 | 012,977,947 | ---- | M] () -- C:\Program Files\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\RBScript.dll
MOD - [2012/02/07 14:59:26 | 000,761,856 | ---- | M] () -- C:\Program Files\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\XML.dll
MOD - [2012/02/07 14:59:26 | 000,274,432 | ---- | M] () -- C:\Program Files\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\CGamma.dll
MOD - [2012/02/07 14:59:26 | 000,098,304 | ---- | M] () -- C:\Program Files\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\Shell.dll
MOD - [2012/02/07 14:59:26 | 000,086,016 | ---- | M] () -- C:\Program Files\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\CSensor.dll
MOD - [2012/02/07 14:59:26 | 000,039,936 | ---- | M] () -- C:\Program Files\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\MBSRegistrationPlugin16724.dll
MOD - [2012/02/07 14:59:26 | 000,025,600 | ---- | M] () -- C:\Program Files\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\MBSPluginVersionPlugin16724.dll
MOD - [2012/02/07 14:59:25 | 000,151,552 | ---- | M] () -- C:\Program Files\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\RegEx.dll
MOD - [2012/02/07 14:59:25 | 000,139,264 | ---- | M] () -- C:\Program Files\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\Appearance Pak.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/11/28 13:54:05 | 002,631,456 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2014/11/26 07:39:18 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/11 12:13:51 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/11/05 21:59:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/10/26 08:52:43 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/10/26 08:52:29 | 003,192,344 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV - [2014/10/15 13:56:50 | 000,656,376 | ---- | M] () [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe -- (LavasoftAdAwareService11)
SRV - [2014/08/18 16:36:14 | 000,893,216 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7)
SRV - [2014/04/09 12:54:56 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IntelCpHeciSvc.exe -- (cphs)
SRV - [2014/04/03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2012/03/26 20:01:52 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012/03/26 20:01:50 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2012/03/26 20:01:44 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/12/17 02:45:28 | 000,056,480 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/11/06 23:03:30 | 000,450,560 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV - [2010/11/06 22:54:30 | 001,437,696 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV - [2010/09/30 23:49:08 | 000,151,552 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2010/04/27 22:50:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/09/14 04:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04)
SRV - [2009/09/14 04:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2007/12/17 03:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/09/07 13:40:04 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2007/01/11 03:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01)
SRV - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Grandma\AppData\Local\Temp\aswVmm.sys -- (aswVmm)
DRV - [2014/11/28 22:36:17 | 000,114,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/11/21 19:14:34 | 000,787,800 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2014/11/21 08:53:16 | 000,423,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2014/10/31 20:53:21 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswmonflt.sys -- (aswMonFlt)
DRV - [2014/10/26 08:52:51 | 000,091,496 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswstm.sys -- (aswStm)
DRV - [2014/10/26 08:52:50 | 000,081,768 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2014/10/26 08:52:50 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/10/26 08:52:50 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2014/10/26 08:52:29 | 000,218,192 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV - [2014/07/10 14:09:34 | 000,360,376 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\Trufos.sys -- (Trufos)
DRV - [2013/10/06 20:56:48 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013/10/06 20:56:48 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2013/07/29 03:01:20 | 000,112,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPAL)
DRV - [2013/06/08 17:21:51 | 000,289,792 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2012/03/20 23:13:14 | 000,048,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV - [2012/02/12 21:10:38 | 000,558,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btmhsf.sys -- (btmhsf)
DRV - [2012/02/12 20:53:54 | 000,076,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmaux.sys -- (btmaux)
DRV - [2011/08/03 05:27:18 | 007,517,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32)
DRV - [2011/07/20 13:21:50 | 000,320,832 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tixhci.sys -- (tixhci)
DRV - [2011/07/20 13:21:50 | 000,107,840 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tihub3.sys -- (tihub3)
DRV - [2011/06/02 15:56:38 | 000,012,288 | ---- | M] (Datacolor) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dccmtr.sys -- (Spyder4)
DRV - [2011/05/12 22:07:10 | 000,301,392 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/12/17 02:45:50 | 000,175,776 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV - [2010/12/17 02:45:50 | 000,141,088 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV - [2010/12/17 02:45:50 | 000,049,312 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV - [2010/12/17 02:45:50 | 000,034,976 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
DRV - [2010/12/17 02:45:48 | 000,258,720 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV - [2010/12/17 02:45:48 | 000,024,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/29 15:11:08 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/10/25 07:56:50 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bpenum.sys -- (bpenum)
DRV - [2010/10/19 22:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/06/10 16:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/02/16 14:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/16 13:30:12 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/02/15 19:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/05/11 16:14:40 | 000,014,416 | ---- | M] (Portrait Displays, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pdihwctl.sys -- (PDIHWCTL)
DRV - [2004/10/15 06:54:56 | 000,044,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\i1display.sys -- (i1display)
DRV - [2004/05/07 11:02:08 | 000,044,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EyeOneDp.sys -- (eyeonedp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
IE - HKLM\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB}
IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3135014543-1366911502-1036751248-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Grandma\Desktop
IE - HKU\S-1-5-21-3135014543-1366911502-1036751248-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
IE - HKU\S-1-5-21-3135014543-1366911502-1036751248-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
IE - HKU\S-1-5-21-3135014543-1366911502-1036751248-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ghostviet.com/
IE - HKU\S-1-5-21-3135014543-1366911502-1036751248-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3135014543-1366911502-1036751248-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3135014543-1366911502-1036751248-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 53 4D 1E 06 84 E6 CA 01  [binary data]
IE - HKU\S-1-5-21-3135014543-1366911502-1036751248-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3135014543-1366911502-1036751248-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-3135014543-1366911502-1036751248-1003\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKU\S-1-5-21-3135014543-1366911502-1036751248-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3135014543-1366911502-1036751248-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Yahoo! (Avast)"
FF - prefs.js..browser.search.defaultthis.engineName: "Yahoo! (Avast)"
FF - prefs.js..browser.search.defaulturl: "https://search.yahoo.com/yhs/search"
FF - prefs.js..browser.search.order.1: "Yahoo! (Avast)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll File not found
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Grandma\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Grandma\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Grandma\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Grandma\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Grandma\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/10/26 08:52:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/11/16 22:54:56 | 000,000,000 | ---D | M]
 
[2014/04/25 18:35:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Grandma\AppData\Roaming\Mozilla\Extensions
[2014/11/16 22:27:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Grandma\AppData\Roaming\Mozilla\Firefox\Profiles\morjvmye.default\extensions
[2014/06/20 00:52:48 | 000,009,419 | ---- | M] () -- C:\Users\Grandma\AppData\Roaming\Mozilla\Firefox\Profiles\morjvmye.default\searchplugins\yahoo-avast.xml
[2014/11/11 12:13:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/11/11 12:13:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/10/28 09:27:02 | 000,185,944 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: iTunes Application Detector (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll
CHR - Extension: No name found = C:\Users\Grandma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Grandma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Grandma\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\
CHR - Extension: No name found = C:\Users\Grandma\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Grandma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Grandma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Grandma\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\Grandma\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.7.0.1_0\
CHR - Extension: No name found = C:\Users\Grandma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Grandma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/11/12 18:16:00 | 000,517,099 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 0.0.0.0 fr.a2dfp.net
O1 - Hosts: 0.0.0.0 m.fr.a2dfp.net
O1 - Hosts: 0.0.0.0 mfr.a2dfp.net
O1 - Hosts: 0.0.0.0 ad.a8.net
O1 - Hosts: 0.0.0.0 asy.a8ww.net
O1 - Hosts: 0.0.0.0 static.a-ads.com
O1 - Hosts: 0.0.0.0 abcstats.com
O1 - Hosts: 0.0.0.0 ad4.abradio.cz
O1 - Hosts: 0.0.0.0 a.abv.bg
O1 - Hosts: 0.0.0.0 adserver.abv.bg
O1 - Hosts: 0.0.0.0 adv.abv.bg
O1 - Hosts: 0.0.0.0 bimg.abv.bg
O1 - Hosts: 0.0.0.0 ca.abv.bg
O1 - Hosts: 0.0.0.0 www2.a-counter.kiev.ua
O1 - Hosts: 0.0.0.0 track.acclaimnetwork.com
O1 - Hosts: 0.0.0.0 accuserveadsystem.com
O1 - Hosts: 0.0.0.0 www.accuserveadsystem.com
O1 - Hosts: 0.0.0.0 achmedia.com
O1 - Hosts: 0.0.0.0 csh.actiondesk.com
O1 - Hosts: 0.0.0.0 ads.activepower.net
O1 - Hosts: 0.0.0.0 app.activetrail.com
O1 - Hosts: 0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 0.0.0.0 traffic.acwebconnecting.com
O1 - Hosts: 15481 more lines...
O2 - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdAwareTray] C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 7] C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe (IObit)
O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 7] C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-3135014543-1366911502-1036751248-1003..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-3135014543-1366911502-1036751248-1003..\Run: [DellSystemDetect] C:\Users\Grandma\AppData\Local\Apps\2.0\4568C6E5.B0R\TB1LKN1N.68X\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe (Dell)
O4 - HKU\S-1-5-21-3135014543-1366911502-1036751248-1003..\Run: [EPSON Artisan 720 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGYA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-3135014543-1366911502-1036751248-1003..\Run: [EPSON NX110 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFBA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-3135014543-1366911502-1036751248-1003..\Run: [EPSON Stylus Photo 1400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBUA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Grandma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Grandma\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Grandma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SleepMapper Data Card Uploader.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3135014543-1366911502-1036751248-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3135014543-1366911502-1036751248-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3135014543-1366911502-1036751248-1003\..Trusted Domains: dell.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C286E05A-D7ED-48F2-A1F0-1C11A2BAAF7A}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c2e9b4e6-52eb-11df-964e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c2e9b4e6-52eb-11df-964e-806e6f6e6963}\Shell\AutoRun\command - "" = J:\hbcd\wintools\autorun.exe
O33 - MountPoints2\{c2e9b4e6-52eb-11df-964e-806e6f6e6963}\Shell\Option1\Command - "" = J:\hbcd\wintools\autorun.exe
O33 - MountPoints2\{d1a658ee-5283-11df-ba8c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d1a658ee-5283-11df-ba8c-806e6f6e6963}\Shell\AutoRun\command - "" = J:\hbcd\wintools\autorun.exe
O33 - MountPoints2\{d1a658ee-5283-11df-ba8c-806e6f6e6963}\Shell\Option1\Command - "" = J:\hbcd\wintools\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
CREATERESTOREPOINT 
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/30 07:54:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Grandma\Desktop\OTL.exe
[2014/11/30 07:27:42 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/11/30 07:23:40 | 001,707,646 | ---- | C] (Thisisu) -- C:\Users\Grandma\Desktop\JRT.exe
[2014/11/30 04:45:09 | 000,000,000 | ---D | C] -- C:\Users\Grandma\AppData\Roaming\Lavasoft
[2014/11/30 04:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2014/11/30 04:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2014/11/30 04:36:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lavasoft
[2014/11/30 04:35:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2014/11/30 04:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
[2014/11/30 04:03:57 | 000,000,000 | ---D | C] -- C:\Program Files\Intel Driver Update Utility
[2014/11/30 03:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2014/11/30 01:35:24 | 000,000,000 | ---D | C] -- C:\Users\Grandma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
[2014/11/29 21:13:31 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2014/11/29 21:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2014/11/29 21:10:21 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\Grandma\Desktop\MGADiag.exe
[2014/11/29 15:59:06 | 000,000,000 | ---D | C] -- C:\Users\Grandma\Desktop\Instagram Pix from Julie
[2014/11/29 05:41:22 | 000,000,000 | ---D | C] -- C:\Users\Grandma\Desktop\What the Tech Reports
[2014/11/29 05:36:22 | 000,000,000 | ---D | C] -- C:\Users\Grandma\Desktop\MajorGeeks Reports
[2014/11/28 23:05:30 | 000,000,000 | ---D | C] -- C:\MGtools
[2014/11/28 22:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/11/28 22:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/11/28 22:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/11/28 22:06:16 | 000,000,000 | ---D | C] -- C:\Desktop
[2014/11/28 21:43:24 | 010,284,408 | ---- | C] (SurfRight B.V.) -- C:\Users\Grandma\Desktop\HitmanPro (2).exe
[2014/11/28 21:30:35 | 004,184,008 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Grandma\Desktop\tdsskiller (2).exe
[2014/11/28 21:29:55 | 019,828,216 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Grandma\Desktop\mb.exe.exe
[2014/11/28 20:51:14 | 000,000,000 | ---D | C] -- C:\Users\Grandma\Documents\Major Geeks Dx Logs
[2014/11/28 20:38:41 | 000,000,000 | ---D | C] -- C:\Users\Grandma\Desktop\GooredFix Backups
[2014/11/28 13:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
[2014/11/28 13:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
[2014/11/28 01:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/11/28 01:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/11/27 22:12:36 | 031,562,952 | ---- | C] (Microsoft Corporation) -- C:\Users\Grandma\Desktop\Windows-KB890830-V5.18.exe
[2014/11/27 22:10:19 | 000,000,000 | -HSD | C] -- C:\Users\Grandma\AppData\Local\EmieBrowserModeList
[2014/11/25 12:51:12 | 000,000,000 | ---D | C] -- C:\Users\Grandma\Desktop\2014 Sect 8 Recert Stuff
[2014/11/19 06:14:50 | 000,000,000 | ---D | C] -- C:\WTablet
[2014/11/17 15:10:41 | 000,000,000 | ---D | C] -- C:\Users\Grandma\AppData\Roaming\LavasoftStatistics
[2014/11/17 14:52:32 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/11/17 14:23:47 | 000,263,072 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2014/11/17 01:38:27 | 000,000,000 | ---D | C] -- C:\Users\Grandma\Desktop\Driver stuff for this computer
[2014/11/17 01:18:08 | 000,000,000 | -H-D | C] -- C:\Windows\System32\WLANProfiles
[2014/11/17 01:04:31 | 000,279,024 | ---- | C] (Intel Corporation) -- C:\Windows\System32\IntelCpHeciSvc.exe
[2014/11/17 01:04:30 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxTMM.dll
[2014/11/17 01:04:30 | 000,102,400 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxCoIn_v3517.dll
[2014/11/17 01:04:29 | 000,435,712 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrtrk.lrc
[2014/11/17 01:04:29 | 000,435,712 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrsve.lrc
[2014/11/17 01:04:29 | 000,435,200 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrtha.lrc
[2014/11/17 01:04:28 | 000,437,248 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrrus.lrc
[2014/11/17 01:04:28 | 000,437,248 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrrom.lrc
[2014/11/17 01:04:28 | 000,436,736 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrsky.lrc
[2014/11/17 01:04:28 | 000,436,736 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrptg.lrc
[2014/11/17 01:04:28 | 000,435,712 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrslv.lrc
[2014/11/17 01:04:27 | 000,438,272 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrell.lrc
[2014/11/17 01:04:27 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfra.lrc
[2014/11/17 01:04:27 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxresn.lrc
[2014/11/17 01:04:27 | 000,436,736 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrplk.lrc
[2014/11/17 01:04:27 | 000,436,736 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrnld.lrc
[2014/11/17 01:04:27 | 000,436,736 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrita.lrc
[2014/11/17 01:04:27 | 000,436,736 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrhrv.lrc
[2014/11/17 01:04:27 | 000,436,736 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrdeu.lrc
[2014/11/17 01:04:27 | 000,436,224 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrhun.lrc
[2014/11/17 01:04:27 | 000,436,224 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfin.lrc
[2014/11/17 01:04:27 | 000,436,224 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrcsy.lrc
[2014/11/17 01:04:27 | 000,435,712 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrptb.lrc
[2014/11/17 01:04:27 | 000,435,712 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrnor.lrc
[2014/11/17 01:04:27 | 000,435,200 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrdan.lrc
[2014/11/17 01:04:27 | 000,433,664 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrheb.lrc
[2014/11/17 01:04:27 | 000,430,080 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrjpn.lrc
[2014/11/17 01:04:27 | 000,429,056 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrkor.lrc
[2014/11/17 01:04:27 | 000,284,160 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrenu.lrc
[2014/11/17 01:04:26 | 000,433,664 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrara.lrc
[2014/11/17 01:04:26 | 000,427,008 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrcht.lrc
[2014/11/17 01:04:26 | 000,426,496 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrchs.lrc
[2014/11/17 01:04:26 | 000,313,344 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxpph.dll
[2014/11/17 01:04:26 | 000,130,048 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxdo.dll
[2014/11/17 01:04:26 | 000,120,320 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxcpl.cpl
[2014/11/17 01:04:26 | 000,025,088 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxexps.dll
[2014/11/17 01:04:23 | 010,812,928 | ---- | C] (Intel Corporation) -- C:\Windows\System32\ig4icd32.dll
[2014/11/17 01:04:23 | 006,231,536 | ---- | C] (Intel Corporation) -- C:\Windows\System32\GfxUI.exe
[2014/11/17 01:04:23 | 000,175,616 | ---- | C] (Intel Corporation) -- C:\Windows\System32\gfxSrvc.dll
[2014/11/17 01:02:14 | 000,000,000 | ---D | C] -- C:\ProgramData\IntelDLM
[2014/11/17 00:58:33 | 000,000,000 | ---D | C] -- C:\Users\Grandma\AppData\Local\Intel
[2014/11/16 22:58:45 | 000,000,000 | ---D | C] -- C:\Users\Grandma\Desktop\Adobe
[2014/11/16 22:54:50 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2014/11/16 22:40:57 | 000,000,000 | ---D | C] -- C:\Users\Grandma\Desktop\Files to Move
[2014/11/15 21:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Datacolor
[2014/11/15 21:36:45 | 000,000,000 | ---D | C] -- C:\Users\Grandma\AppData\Local\Datacolor
[2014/11/15 21:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Datacolor
[2014/11/12 07:21:07 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2014/11/12 07:20:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2014/11/12 07:20:52 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AUDIOKSE.dll
[2014/11/12 07:20:51 | 000,374,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioEng.dll
[2014/11/12 07:20:51 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDump.dll
[2014/11/12 07:20:51 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2014/11/12 07:20:49 | 002,379,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/11/12 07:20:43 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2014/11/12 07:20:22 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2014/11/12 07:20:19 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2014/11/12 07:20:17 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaudite.dll
[2014/11/12 07:20:12 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/11/12 07:20:12 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/11/12 07:20:12 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/11/12 07:20:10 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/11/12 07:20:09 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/11/12 07:20:09 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/11/12 07:20:08 | 000,341,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/11/12 07:20:07 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/11/12 07:20:07 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/11/12 07:20:06 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/11/12 07:20:06 | 000,688,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/11/12 07:20:06 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/11/12 07:20:06 | 000,418,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/11/12 07:20:05 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/11/12 07:20:04 | 002,051,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/11/12 07:20:03 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/11/12 07:20:03 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/11/12 07:20:02 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/11/12 07:20:00 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/11/12 07:19:59 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/11/12 07:19:56 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014/11/12 07:19:55 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014/11/12 07:19:51 | 004,298,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/11/11 21:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2014/11/11 21:06:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/11/11 12:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/11/09 18:39:30 | 000,000,000 | ---D | C] -- C:\Users\Grandma\AppData\Roaming\ThePluginSite
[2014/11/07 14:28:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/11/07 14:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2014/11/07 14:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/11/07 14:24:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/11/07 14:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/11/07 14:24:47 | 000,000,000 | ---D | C] -- C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
[2014/11/05 08:14:54 | 000,342,016 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\System32\eswiaud.dll
[2014/11/04 08:21:01 | 000,000,000 | ---D | C] -- C:\Users\Grandma\Desktop\Wallpapers
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/30 08:18:43 | 000,020,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/30 08:18:43 | 000,020,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/30 08:17:02 | 000,002,265 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/11/30 08:13:16 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/30 08:12:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/30 08:11:30 | 2746,261,504 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/30 08:06:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/30 07:54:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Grandma\Desktop\OTL.exe
[2014/11/30 07:39:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/30 07:23:56 | 001,707,646 | ---- | M] (Thisisu) -- C:\Users\Grandma\Desktop\JRT.exe
[2014/11/30 07:11:41 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3135014543-1366911502-1036751248-1003UA.job
[2014/11/30 04:25:35 | 000,650,892 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/11/30 04:25:35 | 000,118,628 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/11/30 04:22:28 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
[2014/11/30 04:03:58 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Intel® Driver Update Utility 2.0.lnk
[2014/11/30 00:47:32 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2014/11/29 21:10:26 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Grandma\Desktop\MGADiag.exe
[2014/11/29 20:59:47 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3135014543-1366911502-1036751248-1003Core.job
[2014/11/29 05:53:14 | 000,034,808 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2014/11/29 01:34:40 | 000,474,729 | ---- | M] () -- C:\MGlogs.zip
[2014/11/28 23:05:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2014/11/28 23:05:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2014/11/28 22:36:17 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/11/28 22:09:13 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/11/28 22:06:21 | 000,000,573 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/28 21:43:31 | 010,284,408 | ---- | M] (SurfRight B.V.) -- C:\Users\Grandma\Desktop\HitmanPro (2).exe
[2014/11/28 21:35:30 | 003,645,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/11/28 21:31:43 | 001,990,720 | ---- | M] () -- C:\Users\Grandma\Desktop\MGtools.exe
[2014/11/28 21:30:42 | 004,184,008 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Grandma\Desktop\tdsskiller (2).exe
[2014/11/28 21:30:23 | 019,828,216 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Grandma\Desktop\mb.exe.exe
[2014/11/28 21:29:42 | 015,196,248 | ---- | M] () -- C:\Users\Grandma\Desktop\RogueKiller (1).exe
[2014/11/28 21:09:03 | 000,099,344 | ---- | M] () -- C:\Users\Grandma\Documents\cc_20141128_210851.reg
[2014/11/28 13:56:28 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\Driver Booster 2.lnk
[2014/11/28 13:54:13 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\IObit Uninstaller.lnk
[2014/11/28 13:11:34 | 000,000,785 | ---- | M] () -- C:\Users\Grandma\Documents\Caramelized Chicken Wings.rtf
[2014/11/28 04:14:53 | 000,000,512 | ---- | M] () -- C:\Users\Grandma\Documents\MBR.dat
[2014/11/28 02:57:53 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2014/11/28 02:24:33 | 000,004,102 | ---- | M] () -- C:\Users\Grandma\Documents\cc_20141128_022430.reg
[2014/11/28 01:58:21 | 000,000,748 | ---- | M] () -- C:\Users\Grandma\Documents\cc_20141128_015816.reg
[2014/11/28 01:55:18 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/11/28 01:47:08 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Uninstaller_SkipUac_Administrator.job
[2014/11/28 01:43:48 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\Trojan Killer.job
[2014/11/27 22:12:41 | 031,562,952 | ---- | M] (Microsoft Corporation) -- C:\Users\Grandma\Desktop\Windows-KB890830-V5.18.exe
[2014/11/26 07:39:17 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/11/26 07:39:17 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/11/25 23:51:20 | 000,004,100 | ---- | M] () -- C:\Users\Grandma\Documents\Artist Vision.rtf
[2014/11/25 21:10:31 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/11/25 11:45:23 | 000,011,580 | ---- | M] () -- C:\Users\Grandma\Documents\Speccy Results.rtf
[2014/11/21 19:14:34 | 000,787,800 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsnx.sys
[2014/11/21 08:53:16 | 000,423,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2014/11/19 00:27:46 | 000,000,963 | ---- | M] () -- C:\Users\Grandma\Documents\Lonnie Prayer for Justice.rtf
[2014/11/18 11:54:09 | 000,001,339 | ---- | M] () -- C:\Users\Grandma\Documents\Rack CArd text.rtf
[2014/11/17 15:07:21 | 001,754,248 | ---- | M] () -- C:\Users\Grandma\Desktop\Adaware_Installer.exe
[2014/11/17 14:45:27 | 000,001,998 | ---- | M] () -- C:\Users\Grandma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SleepMapper Data Card Uploader.lnk
[2014/11/17 14:37:47 | 000,123,928 | ---- | M] () -- C:\Users\Grandma\AppData\Local\census.cache
[2014/11/17 14:37:43 | 000,154,945 | ---- | M] () -- C:\Users\Grandma\AppData\Local\ars.cache
[2014/11/17 14:31:21 | 000,000,010 | ---- | M] () -- C:\Users\Grandma\AppData\Local\sponge.last.runtime.cache
[2014/11/17 14:23:39 | 000,000,036 | ---- | M] () -- C:\Users\Grandma\AppData\Local\housecall.guid.cache
[2014/11/17 11:54:53 | 000,002,015 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 5.6.lnk
[2014/11/17 09:26:40 | 000,024,220 | ---- | M] () -- C:\Users\Grandma\Documents\cc_20141117_092636.reg
[2014/11/17 01:55:55 | 000,017,326 | ---- | M] () -- C:\Users\Grandma\Documents\cc_20141117_015550.reg
[2014/11/17 01:31:49 | 000,016,480 | ---- | M] () -- C:\Windows\System32\results.xml
[2014/11/16 22:54:54 | 000,001,135 | ---- | M] () -- C:\Users\Public\Desktop\PDF-Viewer.lnk
[2014/11/16 21:52:55 | 000,445,326 | ---- | M] () -- C:\Users\Grandma\Documents\cc_20141116_215224_Big Dump.reg
[2014/11/16 15:01:46 | 000,177,311 | ---- | M] () -- C:\Users\Grandma\Documents\SongwritersNotepad.pdf
[2014/11/16 09:55:10 | 000,000,246 | ---- | M] () -- C:\Users\Grandma\Documents\cc_20141116_095507.reg
[2014/11/16 08:18:18 | 000,000,464 | ---- | M] () -- C:\Users\Grandma\Documents\cc_20141116_081814.reg
[2014/11/16 08:13:53 | 000,006,124 | ---- | M] () -- C:\Users\Grandma\Documents\cc_20141116_081346.reg
[2014/11/15 21:39:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_dccmtr_01001.Wdf
[2014/11/15 21:36:56 | 000,002,029 | ---- | M] () -- C:\Users\Grandma\Desktop\Spyder4Pro 4.5.4.lnk
[2014/11/15 21:36:55 | 000,001,246 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpyderUtility.lnk
[2014/11/14 22:29:44 | 000,001,528 | ---- | M] () -- C:\Users\Grandma\Documents\Annie Clark letter to Mrs. Z.rtf
[2014/11/14 03:50:22 | 000,001,056 | ---- | M] () -- C:\Users\Grandma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/11/14 03:49:54 | 000,001,028 | ---- | M] () -- C:\Users\Grandma\Desktop\Dropbox.lnk
[2014/11/12 18:16:00 | 000,517,099 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2014/11/12 10:16:39 | 000,000,727 | ---- | M] () -- C:\Users\Grandma\Documents\Section 8 Dental Request 2014.rtf
[2014/11/10 20:19:02 | 000,000,029 | RH-- | M] () -- C:\ProgramData\GD4985JED2.sys
[2014/11/07 14:28:22 | 000,001,775 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/11/07 14:26:18 | 000,001,713 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/11/07 14:23:39 | 000,341,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/11/06 10:32:44 | 000,000,878 | ---- | M] () -- C:\Users\Grandma\Documents\Reva_Securus 10-3-14.rtf
[2014/11/06 10:14:11 | 000,000,878 | ---- | M] () -- C:\Users\Grandma\Documents\Reva_Securus 11-5-14.rtf
[2014/11/05 22:28:20 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/11/05 22:28:06 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/11/05 22:13:36 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/11/05 22:12:44 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/11/05 22:10:58 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014/11/05 22:04:45 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/11/05 22:03:56 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/11/05 22:00:56 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/11/05 21:59:36 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/11/05 21:59:34 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/11/05 21:58:38 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/11/05 21:51:33 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/11/05 21:48:12 | 000,418,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/11/05 21:42:36 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/11/05 21:37:58 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/11/05 21:34:21 | 000,285,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/11/05 21:22:26 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/11/05 21:22:12 | 000,688,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/11/05 21:21:49 | 004,298,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/11/05 21:21:25 | 002,051,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/11/05 21:20:37 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014/11/05 20:47:17 | 000,708,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/11/05 11:45:58 | 000,081,540 | ---- | M] () -- C:\Users\Grandma\Documents\Blog Post_Day of the Dead.odt
[2014/11/05 08:32:53 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2014/11/04 14:30:58 | 000,229,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2014/11/03 11:02:36 | 000,004,157 | ---- | M] () -- C:\Users\Grandma\Documents\Lonnie_Pat's Eulogy.rtf
[2014/11/02 22:32:15 | 000,004,250 | ---- | M] () -- C:\Users\Grandma\Documents\Rose, Her Name Is.rtf
[2014/11/02 21:26:05 | 000,000,880 | ---- | M] () -- C:\Users\Grandma\Documents\cc_20141102_212600.reg
[2014/11/02 18:01:25 | 000,005,120 | ---- | M] () -- C:\Users\Grandma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/10/31 20:53:21 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswmonflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/11/30 04:38:02 | 000,002,265 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/11/30 04:03:58 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Intel® Driver Update Utility 2.0.lnk
[2014/11/28 23:05:48 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2014/11/28 23:05:48 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2014/11/28 23:05:46 | 000,474,729 | ---- | C] () -- C:\MGlogs.zip
[2014/11/28 22:09:13 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/11/28 22:06:52 | 000,034,808 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2014/11/28 22:06:21 | 000,000,573 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/28 21:31:35 | 001,990,720 | ---- | C] () -- C:\Users\Grandma\Desktop\MGtools.exe
[2014/11/28 21:29:27 | 015,196,248 | ---- | C] () -- C:\Users\Grandma\Desktop\RogueKiller (1).exe
[2014/11/28 21:08:53 | 000,099,344 | ---- | C] () -- C:\Users\Grandma\Documents\cc_20141128_210851.reg
[2014/11/28 13:54:53 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\Driver Booster 2.lnk
[2014/11/28 13:11:34 | 000,000,785 | ---- | C] () -- C:\Users\Grandma\Documents\Caramelized Chicken Wings.rtf
[2014/11/28 04:14:53 | 000,000,512 | ---- | C] () -- C:\Users\Grandma\Documents\MBR.dat
[2014/11/28 02:57:53 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2014/11/28 02:24:32 | 000,004,102 | ---- | C] () -- C:\Users\Grandma\Documents\cc_20141128_022430.reg
[2014/11/28 01:58:19 | 000,000,748 | ---- | C] () -- C:\Users\Grandma\Documents\cc_20141128_015816.reg
[2014/11/28 01:55:18 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/11/28 01:43:48 | 000,000,316 | ---- | C] () -- C:\Windows\tasks\Trojan Killer.job
[2014/11/28 01:42:41 | 000,000,270 | ---- | C] () -- C:\Windows\tasks\Uninstaller_SkipUac_Administrator.job
[2014/11/25 23:51:19 | 000,004,100 | ---- | C] () -- C:\Users\Grandma\Documents\Artist Vision.rtf
[2014/11/25 11:45:23 | 000,011,580 | ---- | C] () -- C:\Users\Grandma\Documents\Speccy Results.rtf
[2014/11/19 00:21:02 | 000,000,963 | ---- | C] () -- C:\Users\Grandma\Documents\Lonnie Prayer for Justice.rtf
[2014/11/18 11:50:45 | 000,001,339 | ---- | C] () -- C:\Users\Grandma\Documents\Rack CArd text.rtf
[2014/11/17 15:07:10 | 001,754,248 | ---- | C] () -- C:\Users\Grandma\Desktop\Adaware_Installer.exe
[2014/11/17 14:37:47 | 000,123,928 | ---- | C] () -- C:\Users\Grandma\AppData\Local\census.cache
[2014/11/17 14:37:43 | 000,154,945 | ---- | C] () -- C:\Users\Grandma\AppData\Local\ars.cache
[2014/11/17 14:31:21 | 000,000,010 | ---- | C] () -- C:\Users\Grandma\AppData\Local\sponge.last.runtime.cache
[2014/11/17 14:23:39 | 000,000,036 | ---- | C] () -- C:\Users\Grandma\AppData\Local\housecall.guid.cache
[2014/11/17 11:54:53 | 000,002,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.6.lnk
[2014/11/17 11:54:53 | 000,002,015 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 5.6.lnk
[2014/11/17 09:26:38 | 000,024,220 | ---- | C] () -- C:\Users\Grandma\Documents\cc_20141117_092636.reg
[2014/11/17 01:55:53 | 000,017,326 | ---- | C] () -- C:\Users\Grandma\Documents\cc_20141117_015550.reg
[2014/11/17 01:31:49 | 000,016,480 | ---- | C] () -- C:\Windows\System32\results.xml
[2014/11/17 01:04:30 | 000,067,956 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp
[2014/11/17 01:04:26 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2014/11/17 01:04:24 | 000,078,848 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2014/11/16 22:54:54 | 000,001,135 | ---- | C] () -- C:\Users\Public\Desktop\PDF-Viewer.lnk
[2014/11/16 21:52:36 | 000,445,326 | ---- | C] () -- C:\Users\Grandma\Documents\cc_20141116_215224_Big Dump.reg
[2014/11/16 15:01:37 | 000,177,311 | ---- | C] () -- C:\Users\Grandma\Documents\SongwritersNotepad.pdf
[2014/11/16 09:55:09 | 000,000,246 | ---- | C] () -- C:\Users\Grandma\Documents\cc_20141116_095507.reg
[2014/11/16 08:18:16 | 000,000,464 | ---- | C] () -- C:\Users\Grandma\Documents\cc_20141116_081814.reg
[2014/11/16 08:13:49 | 000,006,124 | ---- | C] () -- C:\Users\Grandma\Documents\cc_20141116_081346.reg
[2014/11/15 21:39:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_dccmtr_01001.Wdf
[2014/11/15 21:36:55 | 000,002,029 | ---- | C] () -- C:\Users\Grandma\Desktop\Spyder4Pro 4.5.4.lnk
[2014/11/15 21:36:55 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpyderUtility.lnk
[2014/11/14 22:26:16 | 000,001,528 | ---- | C] () -- C:\Users\Grandma\Documents\Annie Clark letter to Mrs. Z.rtf
[2014/11/12 10:16:38 | 000,000,727 | ---- | C] () -- C:\Users\Grandma\Documents\Section 8 Dental Request 2014.rtf
[2014/11/09 19:10:53 | 000,000,029 | RH-- | C] () -- C:\ProgramData\GD4985JED2.sys
[2014/11/07 14:28:22 | 000,001,775 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/11/07 14:26:18 | 000,001,713 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/11/06 10:32:44 | 000,000,878 | ---- | C] () -- C:\Users\Grandma\Documents\Reva_Securus 10-3-14.rtf
[2014/11/06 10:14:11 | 000,000,878 | ---- | C] () -- C:\Users\Grandma\Documents\Reva_Securus 11-5-14.rtf
[2014/11/05 11:45:55 | 000,081,540 | ---- | C] () -- C:\Users\Grandma\Documents\Blog Post_Day of the Dead.odt
[2014/11/03 11:02:36 | 000,004,157 | ---- | C] () -- C:\Users\Grandma\Documents\Lonnie_Pat's Eulogy.rtf
[2014/11/02 22:32:14 | 000,004,250 | ---- | C] () -- C:\Users\Grandma\Documents\Rose, Her Name Is.rtf
[2014/11/02 21:26:03 | 000,000,880 | ---- | C] () -- C:\Users\Grandma\Documents\cc_20141102_212600.reg
[2014/09/16 21:39:21 | 000,005,120 | ---- | C] () -- C:\Users\Grandma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/05/31 09:06:18 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-Admin-0602snr-Microsoft-Windows-7-Ultimate-(32-bit).dat
[2014/05/01 00:26:32 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/03/26 14:58:36 | 169,927,680 | ---- | C] () -- C:\Users\Grandma\AppData\Local\ACCCx2_5_1_369.zip.aamdownload
[2014/03/26 14:58:36 | 000,001,984 | ---- | C] () -- C:\Users\Grandma\AppData\Local\ACCCx2_5_1_369.zip.aamdownload.aamd
[2014/03/22 13:57:51 | 000,000,218 | ---- | C] () -- C:\Users\Grandma\AppData\Local\recently-used.xbel
[2014/03/11 00:20:48 | 000,001,456 | ---- | C] () -- C:\Users\Grandma\AppData\Local\Adobe Save for Web 12.0 Prefs
[2013/10/11 08:59:17 | 000,044,344 | ---- | C] () -- C:\Windows\System32\drivers\i1display.sys
[2013/10/11 08:49:10 | 000,044,344 | ---- | C] () -- C:\Windows\System32\drivers\EyeOneDp.sys
[2013/06/17 07:59:21 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2013/06/17 07:57:01 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013/06/08 23:54:18 | 000,000,094 | ---- | C] () -- C:\Windows\EPART725.ini
[2013/06/08 17:20:33 | 000,000,836 | RHS- | C] () -- C:\Users\Grandma\ntuser.pol
[2013/06/08 16:24:24 | 000,206,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/06/08 16:24:24 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/06/05 20:42:26 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2013/03/08 18:09:44 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2013/03/08 18:06:46 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2013/03/08 18:06:44 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin
[2013/03/08 18:06:44 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/08/13 16:56:32 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = c:\windows\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.exe >
[2013/06/09 00:10:36 | 060,500,344 | ---- | M] () -- C:\R311896.exe
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
 
< MD5 for: SVCHOST.EXE  >
[2014/10/01 11:38:18 | 000,761,656 | ---- | M] (MalwareBytes) MD5=4EFE23CA7073815F85C75ED8DC9E8083 -- C:\Desktop\Chameleon\Windows\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2014/10/01 11:38:18 | 000,761,656 | ---- | M] (MalwareBytes) MD5=4EFE23CA7073815F85C75ED8DC9E8083 -- C:\Desktop\Chameleon\Windows\winlogon.exe
[2014/07/15 21:56:14 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=4F37B93C14AEE313BEC52A23AFB15C2E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_7224b2134c7555fa\winlogon.exe
[2014/07/16 20:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\System32\winlogon.exe
[2014/07/16 20:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_71a5e34e334f9d18\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2014/03/04 04:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe
[2014/03/04 05:39:02 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=D53972F87D850CD2EB4B29B60CAFDD77 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe
 
< %systemroot%\*. /rp /s >
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD3200BEVT-75A23T0 ATA Device
Partitions: 1
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE1 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: WD 10EAVS External USB Device
Partitions: 3
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE2 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: Hitachi HDS721050CLA362 USB Device
Partitions: 1
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE3 - 
Interface type: USB
Media Type: 
Model: EPSON Storage USB Device
Partitions: 0
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 298.00GB
Starting Offset: 32256
Hidden sectors: 0
 
 
DeviceID: Disk #1, Partition #0
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 563.00GB
Starting Offset: 32256
Hidden sectors: 0
 
 
DeviceID: Disk #1, Partition #1
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 364.00GB
Starting Offset: 604944668160
Hidden sectors: 0
 
 
DeviceID: Disk #1, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 4.00GB
Starting Offset: 995974479360
Hidden sectors: 0
 
 
DeviceID: Disk #2, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 466.00GB
Starting Offset: 32256
Hidden sectors: 0
 
 
< End of report >
 
Extras.txt
 

OTL Extras logfile created on: 11/30/2014 8:21:59 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Grandma\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.41 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 58.05% Memory free
6.82 Gb Paging File | 5.32 Gb Available in Paging File | 78.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 228.16 Gb Free Space | 76.54% Space Free | Partition Type: NTFS
Drive D: | 563.26 Gb Total Space | 266.59 Gb Free Space | 47.33% Space Free | Partition Type: FAT32
Unable to calculate disk information.
Drive F: | 465.65 Gb Total Space | 170.27 Gb Free Space | 36.57% Space Free | Partition Type: FAT32
Drive H: | 364.13 Gb Total Space | 351.46 Gb Free Space | 96.52% Space Free | Partition Type: FAT32
Drive I: | 3.94 Gb Total Space | 3.89 Gb Free Space | 98.73% Space Free | Partition Type: NTFS
 
Computer Name: Admin-0602snr | User Name: Grandma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3135014543-1366911502-1036751248-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2531FF4E-5799-49CA-AC75-A28AAA8D69B3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{27A21597-FE9C-4F59-8755-D394A0B6AD29}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{376B87D5-EAD3-499C-B725-4C3E9C19D8A3}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{88F8FB7C-9078-4BF2-85D2-6C62EA418860}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"{A8D7929B-29CA-4CC8-842A-468AA1AD7B8E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B16E9A65-F1DF-462C-9B82-725D52C7134A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B677F225-A865-4F55-B58E-22D9BC5C6BE6}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B99ADA06-7F1B-45E0-97CF-111F9757A78F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D35FCAD1-99C5-4214-8E47-A2D7ACB638EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EE276C02-E459-4468-976B-933EA61EA4B3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EFFC61FC-5482-4BEF-8CF3-48CDCDFCD420}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F13A99E8-F0BF-49D0-9D1D-C9A432E1E4BD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F1854D02-082E-4B96-80A7-D60B09A02EC0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E43B77-049B-4C38-9337-6212D433803A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{03FC7327-9C07-41C8-9F76-0866FC1183A9}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"{08FBF701-86A5-4B35-94B8-D29408DF4F66}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{2259F807-78A0-4F74-A0F1-D4566E4E026D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{26B3DEE1-43AC-4854-8843-AB3E8E387F4F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{42ED17CE-2020-4967-8DC6-AB517B6F3625}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6EBCCEA3-A7F1-43F3-ADB0-E44E1E48074A}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | 
"{70EA4A1F-5331-43E1-9D7F-CD466BD77F9F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7848874E-D1A3-40F2-BD50-36B6C25B5463}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7D3BE6AF-96D5-4859-9002-CBC500306B7B}" = protocol=6 | dir=out | app=system | 
"{7EEE9E12-0232-4812-AA19-038DF2954602}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{802CA06C-68BB-4CD9-9959-40E2C3F8EA08}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{82E1FAAC-D737-4946-A6E6-B4D354E4C299}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | 
"{8E051D4C-C835-43DC-85CE-950A70D3C91B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{993D624A-0390-482C-919E-EF4A77DA1A57}" = protocol=17 | dir=in | app=c:\program files\gnucash\bin\gnucash.exe | 
"{9BB43B84-E71E-4A1D-93A5-023C5E09C930}" = protocol=6 | dir=in | app=c:\program files\gnucash\bin\gnucash.exe | 
"{9DD2EED9-5CD7-4FF1-A610-6B48E4349F46}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | 
"{A086F9D7-B2EB-490D-8575-0118AD69C98F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A3E84256-4C8A-4ED9-9161-19A18C74ED2B}" = protocol=6 | dir=in | app=c:\users\grandma\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A596A4B5-1C65-4D44-AEC8-45041BB479E0}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"{ABFCB4C9-ABB5-4B21-A990-D54E49E5F6C5}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | 
"{B459F40B-4B1B-474D-B691-42EDF23CBA78}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B534A65C-C342-4BA2-B949-1E4562AABCB9}" = protocol=17 | dir=in | app=c:\users\grandma\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B6355336-4688-4DE6-AD00-6000889571FA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CCCFA8B2-242A-403B-BB91-9E22E53C3BF7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D38837C2-0661-4450-9F24-7839A0B3D248}" = protocol=17 | dir=in | app=c:\program files\gnucash\bin\gconfd-2.exe | 
"{D65352AB-2AEC-4E49-9B38-5D18E39E861C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DEC7F6F3-A1D3-4BA1-BAAF-4FA6A751D82D}" = protocol=6 | dir=in | app=c:\program files\gnucash\bin\gconfd-2.exe | 
"{E3505AD0-431A-4318-B653-A336D0FCF433}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FD6A13A1-CE89-452D-A19D-2E8F0CAB4AAA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{4600ED7B-A559-4785-9A00-F8C297A8B9B0}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{71021F00-16F5-45AC-A044-BF1167175ECF}C:\program files\libreoffice 4\program\soffice.bin" = protocol=6 | dir=in | app=c:\program files\libreoffice 4\program\soffice.bin | 
"TCP Query User{CA72B328-BF23-482C-9437-F2D2912F3DD8}C:\users\grandma\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\grandma\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{09B3D8BD-73AE-4FE6-B294-BCD470337BB2}C:\users\grandma\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\grandma\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{CCA6E45A-67F6-453D-86C7-A8203E3F904C}C:\program files\libreoffice 4\program\soffice.bin" = protocol=17 | dir=in | app=c:\program files\libreoffice 4\program\soffice.bin | 
"UDP Query User{CDDB40BA-1C00-4C24-B4A7-B99AA26568BE}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}" = Google Talk Plugin
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite
"{162F82DC-37FB-4657-958F-E830B79EF962}" = DxO Optics Pro 8
"{213D5223-CD40-4B7B-B292-6D5242AE5039}" = Adobe Photoshop Lightroom 5.6
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{235EBB33-3DA1-46DF-AADE-9955123409CB}" = Apple Mobile Device Support
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.21
"{26A24AE4-039D-4CA4-87B4-2F03217071FF}" = Java 7 Update 71
"{2702885F-ACF0-4051-809D-242D1D2012B7}" = DxO Optics Pro 7
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{2a8eadd2-d3c0-4607-b34a-6a4775796740}" = Intel® PROSet/Wireless Software
"{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}" = QuickTime 7
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59DB38EB-F864-4E10-841D-38CFBCF864B0}" = Intel® Driver Update Utility 2.0
"{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}" = iTunes
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{730807CC-8D94-486C-9DFC-E242A423B918}" = DxO FilmPack 3
"{74307B42-C023-46C8-B9F8-1BDD3A043973}" = Intel® Chipset Device Software
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Apple Application Support
"{8409c4f7-2340-4933-a304-5d37db4fb48b}" = Intel® Driver Update Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8EEFB640-A25D-448E-9F84-3CADF173CAE4}" = AdAwareUpdater
"{8EEFB640-A25D-448E-9F84-3CADF173CAE4}_AdAwareUpdater" = Ad-Aware Antivirus
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{93AD8CBD-C32E-4318-90BB-A294BE2D712C}" = LibreOffice 4.2.5.2
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B025BA0B-64A6-46DE-9D64-32965C83CCA9}" = Citrix Online Launcher
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}" = TI USB3 Host Driver
"{B8EC0AD1-E8E3-42C3-9BAB-6A14E96FD136}" = Microsoft Mouse and Keyboard Center
"{BB2E3B56-83AF-4EF6-972E-68D89214BF89}" = AdAwareInstaller
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{CC347FC6-C8D7-493A-B70E-1D89E22691A7}" = AntimalwareEngine
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{e48a2f61-851a-4155-82f9-af1b04db8c3b}" = Intel® Chipset Device Software
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{FBCA6D68-2FBE-4A52-8EAA-856CFEA714C8}" = Intel® PROSet/Wireless WiMAX Software
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"7-Zip" = 7-Zip 9.22beta
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Advanced SystemCare 7_is1" = Advanced SystemCare 7
"avast" = Avast Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Driver Booster_is1" = Driver Booster 2
"EPSON Artisan 720 Series" = EPSON Artisan 720 Series Printer Uninstall
"EPSON NX110 Series" = EPSON NX110 Series Printer Uninstall
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"GnuCash_is1" = GnuCash 2.4.11
"Google Chrome" = Google Chrome
"HitmanPro37" = HitmanPro 3.7
"InstallShield_{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}" = TI USB 3.0 Host Controller Driver
"IObitUninstall" = IObit Uninstaller
"IrfanView" = IrfanView (remove only)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.3.1025
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Mozilla Firefox 33.1 (x86 en-US)" = Mozilla Firefox 33.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"nik Color Efex Pro 2.0 IE" = nik Color Efex Pro 2.0 IE
"Picasa 3" = Picasa 3
"Qimage Ultimate" = Qimage Ultimate
"SafeSearch_is1" = SafeSearch
"Speccy" = Speccy
"Spyder4Pro" = Spyder4Pro
"VLC media player" = VLC media player
"Wacom Tablet Driver" = Wacom Tablet
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3135014543-1366911502-1036751248-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"73f463568823ebbe" = Dell System Detect
"Adobe Connect 9 Add-in" = Adobe Connect 9 Add-in
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 11/30/2014 9:16:36 AM | Computer Name = Admin-0602snr | Source = WMPNetworkSvc | ID = 866321
Description = A media delivery engine with ID '0' was not initialized due to error
 '0x800700b7' when adding the URL '?????????????????/'. Restart your computer, and
 then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows
 Media Player if possible.
 
Error - 11/30/2014 9:16:36 AM | Computer Name = Admin-0602snr | Source = WMPNetworkSvc | ID = 866317
Description = A new media server was not initialized because the Windows Media Delivery
 Engine did not initialize due to error '0x800700b7'. Restart your computer, and
 then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows
 Media Player if possible.
 
Error - 11/30/2014 9:19:01 AM | Computer Name = Admin-0602snr | Source = Service Control Manager | ID = 7034
Description = The AvastVBox COM Service service terminated unexpectedly.  It has
 done this 1 time(s).
 
Error - 11/30/2014 9:21:01 AM | Computer Name = Admin-0602snr | Source = Service Control Manager | ID = 7034
Description = The AvastVBox COM Service service terminated unexpectedly.  It has
 done this 1 time(s).
 
Error - 11/30/2014 9:23:01 AM | Computer Name = Admin-0602snr | Source = Service Control Manager | ID = 7034
Description = The AvastVBox COM Service service terminated unexpectedly.  It has
 done this 1 time(s).
 
Error - 11/30/2014 9:25:01 AM | Computer Name = Admin-0602snr | Source = Service Control Manager | ID = 7034
Description = The AvastVBox COM Service service terminated unexpectedly.  It has
 done this 1 time(s).
 
Error - 11/30/2014 9:27:01 AM | Computer Name = Admin-0602snr | Source = Service Control Manager | ID = 7034
Description = The AvastVBox COM Service service terminated unexpectedly.  It has
 done this 1 time(s).
 
Error - 11/30/2014 9:29:01 AM | Computer Name = Admin-0602snr | Source = Service Control Manager | ID = 7034
Description = The AvastVBox COM Service service terminated unexpectedly.  It has
 done this 1 time(s).
 
Error - 11/30/2014 9:31:01 AM | Computer Name = Admin-0602snr | Source = Service Control Manager | ID = 7034
Description = The AvastVBox COM Service service terminated unexpectedly.  It has
 done this 1 time(s).
 
Error - 11/30/2014 9:31:31 AM | Computer Name = Admin-0602snr | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
 


#12 GeekStyle59

GeekStyle59

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 30 November 2014 - 08:36 AM

Oops! Just did a rescan (this time just the Quick Scan ) with Ad Aware and see where I missed the option to download the report -- but it really said it found nothing.



#13 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,745 posts
  • Interests:LFC, music, more LFC, more music

Posted 30 November 2014 - 09:09 AM

No disk in the drive. Please insert a disk into drive \Device\Harddisk3\DR3


That error is usually associated with an external USB-connected device.


After a brief glance I can see no obvious malware but a hugely over-protected computer which could be your problem. We wouldn’t normally advise uninstalling programs on a heavily-infected computer but I would feel that this is not the case and could solve some of your problems, (if not all).

First

IObit Security 360 is a rogue security program known to cause system problems and that had stolen material from other computer security companies to use in their own program.

I recommend that you uninstall IObit. It is has been proved to be untrustworthy in its programming and is pretty ineffective now that it can no longer be propped up by MBAM. Also uninstall iObit’s Driver Booster 2.

See:

http://forums.malwar...showtopic=29681
http://forums.malwar...showtopic=30989
http://forums.malwar...showtopic=33217


===================================================

Multiple antiviruses

You have Ad-Aware and Avast antivirus programs installed.

You can not run two real-time antiviruses at the same time. Although many have different methods of searching for and recognising threats, they will all be 'fighting' in memory to kick each other out, rendering them all ineffective.

I would suggest you uninstall Ad-Aware but it is your choice.

  • click Start, Control Panel, Programs and Features
  • scroll down the list click on either Ad-Aware or Avast and then on Remove.

===================================================

CCleaner

While CCleaner is safe and useful for removing temporary and junk files, I do not recommend using the built-in registry cleaner unless you have a good understanding of the registry. In fact, I do not recommend the routine use of registry cleaners/optimizers ever, unless you are an expert.

One of the malware experts, miekiemoes, has an excellent write-up here
Another excellent article by Bill Castner is located here
Another from quietman7 here

When you have done all of the above, please try FRST again and tell me if your computer is running any better.

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#14 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,745 posts
  • Interests:LFC, music, more LFC, more music

Posted 30 November 2014 - 09:17 AM

Just noticed SafeSearch - please also uninstall that.


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#15 GeekStyle59

GeekStyle59

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 30 November 2014 - 10:12 AM

Wow, Satchfan! I uninstalled the following (including the first which you did not catch):

 

Iobit Uninstaller

Advanced System Care Pro

Driver Booster 2

Ad-Aware (which, in truth, I had only downloaded in an effort to try to find the probelm before posting here and selected the option that irecognized AVast was already uninstalled)

 and Avast found SafeSearch and unistalled it with my permission before your response came to me.

 

Let me tell you HOW much has changed (but has not solved the main problem I was having which is that Adobe Lightroom will no longer work properly in the develop module) --- even my wallpaper!!!

 

Will continue to test other aspects of the system's performance and specific programs but ATM I am DEEPLY impressed!!!! Must tend to my granddaughter before seeing if I can now download FRST.


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users