Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: Win32.Downloader.gen problem - log files

  1. #1
    Junior Member BethMcM's Avatar
    Join Date
    Jun 2013
    Location
    DeFuniak Springs Florida
    Posts
    14

    Default Win32.Downloader.gen problem - log files

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2
    Run by Beth's Speed Demon at 8:59:55 on 2013-06-11
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.731 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\nvvsvc.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
    C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\Hewlett-Packard\HP Print View Software\HP Print View Resource Center\HPPrintViewResourceCenter.exe
    C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\SearchIndexer.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\svchost.exe -k SDRSVC
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uSearch Bar = Preserve
    uSearch Page = hxxp://isearch.glarysoft.com/?src=iesearch
    mSearch Page = hxxp://isearch.glarysoft.com/?src=iesearch
    mDefault_Search_URL = hxxp://isearch.glarysoft.com/?src=iesearch
    uSearchURL,(Default) = hxxp://isearch.glarysoft.com/?q=%s&src=iesearch
    BHO: DownloadTerms: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
    uRun: [GoogleChromeAutoLaunch_EC166EC589803CA23C17C93CA8824816] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
    mRun: [ToolboxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
    mRun: [HP LaserJet Professional M1530 MFP Series Fax] c:\program files\hp\digital imaging\fax\fax driver 0.6 base\hppfaxprintersrv.exe "HP LaserJet Professional M1530 MFP Series Fax"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
    mRun: [Family Tree Builder Update] c:\program files\myheritage\bin\FTBCheckUpdates.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\users\beth's~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\hpprin~1.lnk - c:\program files\hewlett-packard\hp print view software\hp print view resource center\HPPrintViewResourceCenter.exe
    StartupFolder: c:\users\beth's~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
    StartupFolder: c:\users\beth's~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{26BD0B6A-2840-4ABF-BC21-7F48E1A8D168} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{C921685F-53D9-4FC0-854F-B8A4DA348920} : DHCPNameServer = 192.168.1.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
    R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2010-10-25 145920]
    R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 100328]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-12-23 1153368]
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-5-14 3289208]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2013-3-22 93072]
    R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2010-10-3 20504]
    R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppcfaxio.sys [2011-12-14 21528]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2011-9-1 42648]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2011-9-1 12184]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
    R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2010-1-7 375808]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-1-15 14848]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-1-15 49664]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-11-24 1343400]
    .
    =============== File Associations ===============
    .
    FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"
    .
    =============== Created Last 30 ================
    .
    2013-06-10 16:38:12 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a83a03ae-d223-4d8e-9b76-61743ef3c5ac}\mpengine.dll
    2013-06-09 21:51:24 -------- d-----w- c:\windows\pss
    2013-06-09 10:17:14 7016152 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2013-05-21 19:41:28 -------- d-----w- c:\programdata\GameHouse
    2013-05-21 16:30:32 724464 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{26a4d2df-542d-441f-8082-4d3480073d2d}\gapaengine.dll
    2013-05-15 23:18:29 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
    2013-05-15 23:18:29 186368 ----a-w- c:\windows\system32\wwansvc.dll
    2013-05-15 23:18:28 2347520 ----a-w- c:\windows\system32\win32k.sys
    2013-05-15 23:18:26 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2013-05-15 23:18:26 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2013-05-15 23:18:24 47104 ----a-w- c:\windows\system32\appinfo.dll
    2013-05-15 23:18:24 1796096 ----a-w- c:\windows\system32\authui.dll
    2013-05-15 23:18:24 101720 ----a-w- c:\windows\system32\consent.exe
    2013-05-14 21:13:34 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
    2013-05-14 21:13:34 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
    2013-05-14 21:13:34 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
    2013-05-14 21:13:34 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
    2013-05-14 20:56:22 -------- d-----w- c:\program files\Intuit
    2013-05-14 20:56:16 502544 ----a-w- c:\windows\system32\MSXML.DLL
    2013-05-14 20:56:16 25088 ----a-w- c:\windows\system32\msxml3a.dll
    2013-05-14 20:56:16 244232 ----a-w- c:\windows\system32\Msflxgrd.ocx
    2013-05-14 20:56:16 1009136 ----a-w- c:\windows\system32\Mschrt20.ocx
    2013-05-14 20:56:15 1694992 ----a-w- c:\windows\system32\vba6.dll
    2013-05-14 20:55:04 -------- d-----w- c:\windows\Intuit
    2013-05-14 20:55:02 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
    .
    ==================== Find3M ====================
    .
    2013-05-10 07:57:38 49728 ----a-w- c:\windows\system32\AdobePDF.dll
    2013-05-10 07:57:34 25160 ----a-w- c:\windows\system32\AdobePDFUI.dll
    2013-05-02 17:53:39 737280 ----a-w- c:\windows\iun6002.exe
    2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
    2013-04-14 21:59:48 926752 ----a-w- c:\windows\system32\FTBSaver.scr
    2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
    2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2013-04-09 22:59:04 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2013-04-04 12:35:08 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-03-22 02:22:46 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-03-22 02:22:46 782240 ----a-w- c:\windows\system32\deployJava1.dll
    2013-03-19 05:04:13 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-03-19 05:04:10 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-03-19 04:48:45 38912 ----a-w- c:\windows\system32\csrsrv.dll
    2013-03-19 02:49:16 69632 ----a-w- c:\windows\system32\smss.exe
    .
    ============= FINISH: 9:00:09.56 ===============

    Thank you for your time and assistance with this malware problem. Beth McM

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-06-11 09:12:33
    -----------------------------
    09:12:33.272 * *OS Version: Windows 6.1.7601 Service Pack 1
    09:12:33.272 * *Number of processors: 2 586 0xF0B
    09:12:33.273 * *ComputerName: BETHSSPEEDDEMON *UserName:*
    09:12:33.517 * *Initialize success
    09:18:57.126 * *AVAST engine defs: 13061100
    09:19:07.509 * *Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-4
    09:19:07.511 * *Disk 0 Vendor: INTEL_SSDSA2CW120G3 4PC10362 Size: 114473MB BusType: 3
    09:19:07.519 * *Disk 0 MBR read successfully
    09:19:07.522 * *Disk 0 MBR scan
    09:19:07.608 * *Disk 0 Windows 7 default MBR code
    09:19:07.610 * *Disk 0 Partition 1 80 (A) 07 * *HPFS/NTFS NTFS * * * 110000 MB offset 2048
    09:19:07.648 * *Disk 0 scanning sectors +225282048
    09:19:07.694 * *Disk 0 scanning C:\Windows\system32\drivers
    09:19:17.178 * *Service scanning
    09:19:23.839 * *Service MpKslc40cbf83 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A83A03AE-D223-4D8E-9B76-61743EF3C5AC}\MpKslc40cbf83.sys **LOCKED** 32
    09:19:36.967 * *Modules scanning
    09:19:39.750 * *Disk 0 trace - called modules:
    09:19:39.758 * *ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys*
    09:19:39.764 * *1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x852322e0]
    09:19:39.768 * *3 CLASSPNP.SYS[88dd759e] -> nt!IofCallDriver -> [0x85182800]
    09:19:39.773 * *5 ACPI.sys[88ac43d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-4[0x8518a908]
    09:19:39.933 * *AVAST engine scan C:\Windows
    09:19:41.100 * *AVAST engine scan C:\Windows\system32
    09:22:02.098 * *AVAST engine scan C:\Windows\system32\drivers
    09:22:12.606 * *AVAST engine scan C:\Users\Beth's Speed Demon
    09:23:21.574 * *Disk 0 MBR has been saved successfully to "C:\Users\Beth's Speed Demon\Desktop\MBR.dat"
    09:23:21.654 * *The log file has been saved successfully to "C:\Users\Beth's Speed Demon\Desktop\aswMBR.txt"

    Win32.Downloader.gen: [SBI $F65FFCFA] Library (File, nothing done)
    C:\Program Files\Conduit\Community Alerts\Alert.dll
    Properties.size=638560
    Properties.md5=6796F6E449F90A543DC3345538ACC46F
    Properties.filedate=1308835246
    Properties.filedatetext=2011-06-23 06:20:46

    Win32.Downloader.gen: [SBI $82F4FAFD] Data (File, nothing done)
    C:\END
    Properties.size=0
    Properties.md5=D41D8CD98F00B204E9800998ECF8427E
    Properties.filedate=1367517181
    Properties.filedatetext=2013-05-02 10:53:01

    DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    WebTrends live: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2012-12-23 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2013-04-11 Includes\Adware.sbi (*)
    2013-06-04 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2012-11-14 Includes\Dialer.sbi (*)
    2013-04-11 Includes\DialerC.sbi (*)
    2013-04-11 Includes\HeavyDuty.sbi (*)
    2012-11-14 Includes\Hijackers.sbi (*)
    2013-04-11 Includes\HijackersC.sbi (*)
    2012-11-14 Includes\iPhone.sbi (*)
    2012-11-14 Includes\Keyloggers.sbi (*)
    2013-04-11 Includes\KeyloggersC.sbi (*)
    2013-05-29 Includes\Malware.sbi (*)
    2013-06-06 Includes\MalwareC.sbi (*)
    2012-11-14 Includes\PUPS.sbi (*)
    2013-06-05 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2012-11-14 Includes\Security.sbi (*)
    2013-04-11 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2013-05-22 Includes\Spyware.sbi (*)
    2013-05-08 Includes\SpywareC.sbi (*)
    2012-11-19 Includes\Tracks.uti
    2013-01-16 Includes\Trojans.sbi (*)
    2013-05-13 Includes\TrojansC-02.sbi (*)
    2013-06-04 Includes\TrojansC-03.sbi (*)
    2013-05-16 Includes\TrojansC-04.sbi (*)
    2013-05-08 Includes\TrojansC-05.sbi (*)
    2013-04-19 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll
    Attached Files Attached Files
    Last edited by tashi; 2013-06-11 at 17:04. Reason: Merged 3 posts

  2. #2
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    Sorry for the delay , please dont start any new threads, just reply to this one.

    If you still need help run a new scan with DDS and post the log please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Still with me Beth ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  4. #4
    Junior Member BethMcM's Avatar
    Join Date
    Jun 2013
    Location
    DeFuniak Springs Florida
    Posts
    14

    Default Here

    Yes, i am still here, just did not log in the past few days. Sorry, I will keep on top of this.
    Beth
    Drive no faster than your guardian angel can fly.

  5. #5
    Junior Member BethMcM's Avatar
    Join Date
    Jun 2013
    Location
    DeFuniak Springs Florida
    Posts
    14

    Default Dds

    Quote Originally Posted by ken545 View Post


    Sorry for the delay , please dont start any new threads, just reply to this one.

    If you still need help run a new scan with DDS and post the log please
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.25.2
    Run by Beth's Speed Demon at 18:15:09 on 2013-06-25
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.1121 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\nvvsvc.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
    C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
    C:\Program Files\Hewlett-Packard\HP Print View Software\HP Print View Resource Center\HPPrintViewResourceCenter.exe
    C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\svchost.exe -k SDRSVC
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uSearch Bar = Preserve
    uSearch Page = hxxp://isearch.glarysoft.com/?src=iesearch
    mSearch Page = hxxp://isearch.glarysoft.com/?src=iesearch
    mDefault_Search_URL = hxxp://isearch.glarysoft.com/?src=iesearch
    uSearchURL,(Default) = hxxp://isearch.glarysoft.com/?q=%s&src=iesearch
    BHO: DownloadTerms: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
    uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
    uRun: [GoogleChromeAutoLaunch_EC166EC589803CA23C17C93CA8824816] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
    mRun: [ToolboxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
    mRun: [HP LaserJet Professional M1530 MFP Series Fax] c:\program files\hp\digital imaging\fax\fax driver 0.6 base\hppfaxprintersrv.exe "HP LaserJet Professional M1530 MFP Series Fax"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
    mRun: [Family Tree Builder Update] c:\program files\myheritage\bin\FTBCheckUpdates.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\users\beth's~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\hpprin~1.lnk - c:\program files\hewlett-packard\hp print view software\hp print view resource center\HPPrintViewResourceCenter.exe
    StartupFolder: c:\users\beth's~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
    StartupFolder: c:\users\beth's~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{26BD0B6A-2840-4ABF-BC21-7F48E1A8D168} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{C921685F-53D9-4FC0-854F-B8A4DA348920} : DHCPNameServer = 192.168.1.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
    R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2010-10-25 145920]
    R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 100328]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-12-23 1153368]
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-5-14 3289208]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2013-3-22 93072]
    R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2010-10-3 20504]
    R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppcfaxio.sys [2011-12-14 21528]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2011-9-1 42648]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2011-9-1 12184]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
    R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2010-1-7 375808]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-1-15 14848]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-1-15 49664]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-11-24 1343400]
    .
    =============== File Associations ===============
    .
    FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"
    .
    =============== Created Last 30 ================
    .
    2013-06-25 14:19:49 7068072 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5b78ba6a-474c-4e35-af88-ff5b8e64094d}\mpengine.dll
    2013-06-24 16:03:29 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-06-23 16:00:39 7068072 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2013-06-22 02:32:46 724464 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{eefcb614-b861-45fc-ae5c-9654b1a63450}\gapaengine.dll
    2013-06-13 10:02:27 2706432 ----a-w- c:\windows\system32\mshtml.tlb
    2013-06-13 10:02:26 218112 ----a-w- c:\program files\internet explorer\sqmapi.dll
    2013-06-12 22:53:19 1505280 ----a-w- c:\windows\system32\d3d11.dll
    2013-06-12 22:53:17 24576 ----a-w- c:\windows\system32\cryptdlg.dll
    2013-06-12 22:53:16 492544 ----a-w- c:\windows\system32\win32spl.dll
    2013-06-12 22:53:15 903168 ----a-w- c:\windows\system32\certutil.exe
    2013-06-12 22:53:15 1160192 ----a-w- c:\windows\system32\crypt32.dll
    2013-06-12 22:53:14 43008 ----a-w- c:\windows\system32\certenc.dll
    2013-06-12 22:53:14 140288 ----a-w- c:\windows\system32\cryptsvc.dll
    2013-06-12 22:53:14 103936 ----a-w- c:\windows\system32\cryptnet.dll
    2013-06-12 22:53:12 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2013-06-12 22:53:11 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-06-12 22:53:10 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-06-12 22:53:08 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-06-09 21:51:24 -------- d-----w- c:\windows\pss
    .
    ==================== Find3M ====================
    .
    2013-06-24 16:03:23 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-06-24 16:03:23 789416 ----a-w- c:\windows\system32\deployJava1.dll
    2013-05-17 01:25:57 1767936 ----a-w- c:\windows\system32\wininet.dll
    2013-05-17 01:25:27 2877440 ----a-w- c:\windows\system32\jscript9.dll
    2013-05-17 01:25:26 61440 ----a-w- c:\windows\system32\iesetup.dll
    2013-05-17 01:25:26 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2013-05-14 08:40:13 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2013-05-10 07:57:38 49728 ----a-w- c:\windows\system32\AdobePDF.dll
    2013-05-10 07:57:34 25160 ----a-w- c:\windows\system32\AdobePDFUI.dll
    2013-05-02 17:53:39 737280 ----a-w- c:\windows\iun6002.exe
    2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
    2013-04-14 21:59:48 926752 ----a-w- c:\windows\system32\FTBSaver.scr
    2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
    2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2013-04-10 05:18:40 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2013-04-10 05:18:40 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2013-04-10 03:14:06 2347520 ----a-w- c:\windows\system32\win32k.sys
    2013-04-09 22:59:04 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    .
    ============= FINISH: 18:15:22.57 ===============
    Drive no faster than your guardian angel can fly.

  6. #6
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Looks like you just have a bogus toolbar installed.

    Go here and download AdwCleaner to your desktop

    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.








    Please download Malwarebytes Anti-Malware to your desktop.

    • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan as shown below.


    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.







    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the "Scan All Users" checkbox.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.



    I need to see

    1. AdwCleaner log
    2. Malwarebytes log
    3. OTL log
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #7
    Junior Member BethMcM's Avatar
    Join Date
    Jun 2013
    Location
    DeFuniak Springs Florida
    Posts
    14

    Default Logs - June 26, 2013

    # AdwCleaner v2.303 - Logfile created 06/26/2013 at 13:05:15
    # Updated 08/06/2013 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
    # User : Beth's Speed Demon - BETHSSPEEDDEMON
    # Boot Mode : Normal
    # Running from : C:\Users\Beth's Speed Demon\Desktop\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\END
    Folder Deleted : C:\Program Files\AVG Secure Search
    Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\Users\Beth's Speed Demon\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Beth's Speed Demon\AppData\Local\Discount Buddy
    Folder Deleted : C:\Users\Beth's Speed Demon\AppData\Local\SwvUpdater
    Folder Deleted : C:\Users\Beth's Speed Demon\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\Beth's Speed Demon\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Beth's Speed Demon\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Beth's Speed Demon\AppData\LocalLow\StumbleUpon
    Folder Deleted : C:\Users\Beth's Speed Demon\AppData\Roaming\DefaultTab

    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
    Key Deleted : HKCU\Software\PIP
    Key Deleted : HKCU\Software\StumbleUpon
    Key Deleted : HKCU\Software\Zugo
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279141
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\Software\StumbleUpon

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16611

    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://isearch.glarysoft.com/?src=iesearch --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://isearch.glarysoft.com/?src=iesearch --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Search Page] = hxxp://isearch.glarysoft.com/?src=iesearch --> hxxp://www.google.com
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - (Par défaut)] = hxxp://isearch.glarysoft.com/?q=%s&src=iesearch --> Empty data
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - (Par défaut)] = hxxp://isearch.glarysoft.com/?q=%s&src=iesearch --> Empty data

    -\\ Google Chrome v27.0.1453.116

    File : C:\Users\Beth's Speed Demon\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [3321 octets] - [26/06/2013 13:05:15]

    ########## EOF - C:\AdwCleaner[S1].txt - [3381 octets] ##########
    Drive no faster than your guardian angel can fly.

  8. #8
    Junior Member BethMcM's Avatar
    Join Date
    Jun 2013
    Location
    DeFuniak Springs Florida
    Posts
    14

    Default mbam-log

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.06.26.05

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 10.0.9200.16618
    Beth's Speed Demon :: BETHSSPEEDDEMON [administrator]

    6/26/2013 1:27:10 PM
    mbam-log-2013-06-26 (13-27-10).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 279781
    Time elapsed: 3 minute(s), 50 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\Beth's Speed Demon\Downloads\mplayer_Setup.exe (PUP.IBryte) -> Quarantined and deleted successfully.

    (end)
    I need to see

    1. AdwCleaner log
    2. Malwarebytes log
    3. OTL log[/QUOTE]
    Drive no faster than your guardian angel can fly.

  9. #9
    Junior Member BethMcM's Avatar
    Join Date
    Jun 2013
    Location
    DeFuniak Springs Florida
    Posts
    14

    Default Otl

    OTL logfile created on: 6/26/2013 1:41:56 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Beth's Speed Demon\Desktop
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16614)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.38% Memory free
    4.00 Gb Paging File | 2.98 Gb Available in Paging File | 74.59% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 107.42 Gb Total Space | 12.20 Gb Free Space | 11.36% Space Free | Partition Type: NTFS

    Computer Name: BETHSSPEEDDEMON | User Name: Beth's Speed Demon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Beth's Speed Demon\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
    PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
    PRC - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
    PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
    PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
    PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
    PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
    PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
    PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    PRC - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
    PRC - C:\Program Files\Hewlett-Packard\HP Print View Software\HP Print View Resource Center\HPPrintViewResourceCenter.exe (Hewlett-Packard)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe (HP)
    PRC - C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)
    PRC - C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company)
    PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
    PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    PRC - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\33125250f48dd834dde012979858b39f\System.Deployment.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\56765d6988c0fc573c31d3c6066fc704\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\eb4fa29ea9ab56d453b36696edbe6423\System.Runtime.Serialization.Formatters.Soap.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
    MOD - C:\Program Files\Yahoo!\Messenger\yui.dll ()
    MOD - C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll ()
    MOD - C:\Program Files\HP\ToolboxFX\bin\NativeUtils.dll ()


    ========== Services (SafeList) ==========

    SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
    SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
    SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
    SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
    SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
    SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
    SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
    SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
    SRV - (HP LaserJet Service) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe (HP)
    SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
    SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
    SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
    DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
    DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
    DRV - (ADIHdAudAddService) -- system32\drivers\ADIHdAud.sys File not found
    DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
    DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
    DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
    DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
    DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
    DRV - (LEqdUsb) -- C:\Windows\System32\drivers\LEqdUsb.sys (Logitech, Inc.)
    DRV - (LHidEqd) -- C:\Windows\System32\drivers\LHidEqd.sys (Logitech, Inc.)
    DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
    DRV - (HPFXFAX) -- C:\Windows\System32\drivers\hppcfaxio.sys (Hewlett Packard)
    DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
    DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
    DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
    DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
    DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
    DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
    DRV - (HPFXBULKLEDM) -- C:\Windows\System32\drivers\hppcbulkio.sys (Hewlett Packard)
    DRV - (RTL8187) -- C:\Windows\System32\drivers\RTL8187.sys (Realtek Semiconductor Corporation )
    DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
    DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
    DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
    DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://isearch.glarysoft.com/?src=iesearch
    IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT3279141
    IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enUS459
    IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/05/16 17:11:29 | 000,000,000 | ---D | M]

    [2011/12/02 11:09:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Beth's Speed Demon\AppData\Roaming\Mozilla\Extensions
    [2011/12/02 11:09:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Beth's Speed Demon\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.com/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\system32\npdeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: Bejeweled = C:\Users\Beth's Speed Demon\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
    CHR - Extension: Google Drive = C:\Users\Beth's Speed Demon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Beth's Speed Demon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\Beth's Speed Demon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Word Search = C:\Users\Beth's Speed Demon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj\1.0.0.1_0\
    CHR - Extension: Word Search = C:\Users\Beth's Speed Demon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj\1.0.0.1_0\~
    CHR - Extension: BBC Good Food = C:\Users\Beth's Speed Demon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkffnoliaheoidfeejcmnidkkgilkja\5_0\
    CHR - Extension: FastestChrome - Browse Faster = C:\Users\Beth's Speed Demon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.2.2_0\
    CHR - Extension: Gmail = C:\Users\Beth's Speed Demon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/12/23 10:30:16 | 000,445,864 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O1 - Hosts: 127.0.0.1 practivate.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.adobe.com
    O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 wip3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
    O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
    O1 - Hosts: 127.0.0.1 practivate.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.adobe.com
    O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 wip3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
    O1 - Hosts: 15308 more lines...
    O2 - BHO: (DownloadTerms) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Beth's Speed Demon\AppData\Local\DownloadTerms\temp.dat File not found
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
    O4 - HKLM..\Run: [HP LaserJet Professional M1530 MFP Series Fax] C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [ToolboxFX] C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)
    O4 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001..\Run: [GoogleChromeAutoLaunch_EC166EC589803CA23C17C93CA8824816] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    O4 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O4 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003..\Run: [GoogleChromeAutoLaunch_EC166EC589803CA23C17C93CA8824816] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    O4 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
    O4 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\Beth's Speed Demon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP Print View Resource Center.lnk = C:\Program Files\Hewlett-Packard\HP Print View Software\HP Print View Resource Center\HPPrintViewResourceCenter.exe (Hewlett-Packard)
    O4 - Startup: C:\Users\Beth's Speed Demon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.25.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26BD0B6A-2840-4ABF-BC21-7F48E1A8D168}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C921685F-53D9-4FC0-854F-B8A4DA348920}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/06/26 13:39:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Beth's Speed Demon\Desktop\OTL.exe
    [2013/06/26 13:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/06/26 13:26:06 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2013/06/26 13:26:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013/06/26 13:25:37 | 000,000,000 | ---D | C] -- C:\Users\Beth's Speed Demon\AppData\Local\Programs
    [2013/06/26 13:22:42 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Beth's Speed Demon\Desktop\mbam-setup-1.75.0.1300.exe
    [2013/06/25 11:53:22 | 000,000,000 | ---D | C] -- C:\Users\Beth's Speed Demon\Documents\Woody
    [2013/06/24 09:03:29 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
    [2013/06/24 09:03:15 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2013/06/18 14:59:56 | 000,928,288 | ---- | C] (MyHeritage) -- C:\Windows\System32\FTBSaver.scr
    [2013/06/13 13:09:04 | 000,000,000 | ---D | C] -- C:\Users\Beth's Speed Demon\Documents\Hot Summer Day
    [2013/06/13 12:25:20 | 000,000,000 | ---D | C] -- C:\Users\Beth's Speed Demon\Documents\Bamboo Too
    [2013/06/13 03:02:27 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2013/06/13 03:02:26 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2013/06/13 03:00:30 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2013/06/13 03:00:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2013/06/13 03:00:29 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2013/06/13 03:00:28 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2013/06/13 03:00:28 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2013/06/13 03:00:28 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
    [2013/06/13 03:00:28 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2013/06/13 03:00:28 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2013/06/12 15:53:19 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
    [2013/06/12 15:53:17 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
    [2013/06/12 15:53:15 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
    [2013/06/12 15:53:14 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
    [2013/06/12 15:53:11 | 003,913,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
    [2013/06/12 15:53:10 | 003,968,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
    [2013/06/12 10:01:36 | 000,000,000 | ---D | C] -- C:\Users\Beth's Speed Demon\Documents\Bamboo & Planters
    [2013/06/11 09:10:37 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Beth's Speed Demon\Desktop\aswMBR.exe
    [2013/06/11 08:59:03 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Beth's Speed Demon\Desktop\dds.com
    [2013/06/11 08:57:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2013/06/11 08:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2013/06/11 08:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2013/06/11 08:54:56 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Beth's Speed Demon\Desktop\erunt-setup.exe
    [2013/06/09 14:51:24 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2013/06/05 00:10:03 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
    [2013/06/05 00:10:03 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
    [2013/06/05 00:10:03 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
    [2013/06/05 00:10:03 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
    [2013/06/05 00:10:03 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
    [2013/06/05 00:10:03 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
    [2013/06/05 00:10:03 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
    [2013/06/05 00:10:02 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
    [2013/06/05 00:10:02 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
    [2013/06/05 00:10:02 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
    [2013/06/05 00:10:02 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
    [2013/06/05 00:10:02 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2013/06/05 00:10:02 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
    [2013/06/05 00:10:02 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
    [2013/06/05 00:10:02 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
    [2013/06/05 00:10:02 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
    [2013/06/05 00:10:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
    [2013/06/05 00:10:02 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
    [2013/06/05 00:10:02 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
    [2013/06/05 00:10:02 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
    [2013/06/05 00:10:01 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2013/06/05 00:10:01 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
    [2013/06/05 00:10:01 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
    [2013/06/05 00:10:01 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2013/06/05 00:10:01 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2013/06/05 00:10:01 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

    ========== Files - Modified Within 30 Days ==========

    [2013/06/26 13:41:52 | 000,677,482 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/06/26 13:41:52 | 000,125,956 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/06/26 13:39:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Beth's Speed Demon\Desktop\OTL.exe
    [2013/06/26 13:38:01 | 000,001,731 | ---- | M] () -- C:\Users\Beth's Speed Demon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP Print View Resource Center.lnk
    [2013/06/26 13:37:55 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/06/26 13:37:45 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
    [2013/06/26 13:37:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/06/26 13:37:36 | 1609,916,416 | -HS- | M] () -- C:\hiberfil.sys
    [2013/06/26 13:37:12 | 000,013,936 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/06/26 13:37:12 | 000,013,936 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/06/26 13:26:15 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/06/26 13:25:11 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Beth's Speed Demon\Desktop\mbam-setup-1.75.0.1300.exe
    [2013/06/26 13:08:02 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/06/26 13:01:40 | 000,001,092 | ---- | M] () -- C:\Users\Beth's Speed Demon\Desktop\MyHeritage Family Tree Builder.lnk
    [2013/06/26 13:00:55 | 000,648,201 | ---- | M] () -- C:\Users\Beth's Speed Demon\Desktop\AdwCleaner.exe
    [2013/06/25 18:18:30 | 000,003,084 | ---- | M] () -- C:\Users\Beth's Speed Demon\Desktop\Attach a.zip
    [2013/06/24 09:03:25 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
    [2013/06/24 09:03:24 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2013/06/24 09:03:24 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2013/06/24 09:03:23 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
    [2013/06/24 09:03:23 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
    [2013/06/24 09:03:23 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2013/06/21 13:33:58 | 000,788,123 | ---- | M] () -- C:\Users\Beth's Speed Demon\Documents\Walton County Notices.pdf
    [2013/06/21 13:32:13 | 005,784,817 | ---- | M] () -- C:\Users\Beth's Speed Demon\Documents\Walton County Notice B.pdf
    [2013/06/21 13:30:58 | 005,797,219 | ---- | M] () -- C:\Users\Beth's Speed Demon\Documents\Walton County Notice A.pdf
    [2013/06/18 14:59:56 | 000,928,288 | ---- | M] (MyHeritage) -- C:\Windows\System32\FTBSaver.scr
    [2013/06/17 11:49:06 | 000,259,474 | ---- | M] () -- C:\Users\Beth's Speed Demon\Desktop\Family Tree June 2013.pdf
    [2013/06/11 09:23:21 | 000,000,512 | ---- | M] () -- C:\Users\Beth's Speed Demon\Desktop\MBR.dat
    [2013/06/11 09:12:24 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Beth's Speed Demon\Desktop\aswMBR.exe
    [2013/06/11 09:06:19 | 000,003,765 | ---- | M] () -- C:\Users\Beth's Speed Demon\Desktop\attach.zip
    [2013/06/11 08:59:07 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Beth's Speed Demon\Desktop\dds.com
    [2013/06/11 08:56:23 | 000,000,888 | ---- | M] () -- C:\Users\Beth's Speed Demon\Desktop\ERUNT.lnk
    [2013/06/11 08:55:00 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Beth's Speed Demon\Desktop\erunt-setup.exe
    [2013/06/08 04:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2013/06/08 04:13:19 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2013/06/05 00:10:03 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
    [2013/06/05 00:10:03 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
    [2013/06/05 00:10:03 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
    [2013/06/05 00:10:03 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
    [2013/06/05 00:10:03 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
    [2013/06/05 00:10:03 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
    [2013/06/05 00:10:03 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
    [2013/06/05 00:10:02 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
    [2013/06/05 00:10:02 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
    [2013/06/05 00:10:02 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
    [2013/06/05 00:10:02 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
    [2013/06/05 00:10:02 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
    [2013/06/05 00:10:02 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2013/06/05 00:10:02 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
    [2013/06/05 00:10:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
    [2013/06/05 00:10:02 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
    [2013/06/05 00:10:02 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
    [2013/06/05 00:10:02 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
    [2013/06/05 00:10:02 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
    [2013/06/05 00:10:02 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
    [2013/06/05 00:10:02 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
    [2013/06/05 00:10:01 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2013/06/05 00:10:01 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
    [2013/06/05 00:10:01 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2013/06/05 00:10:01 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2013/06/05 00:10:01 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
    [2013/06/05 00:10:01 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

    ========== Files Created - No Company Name ==========

    [2013/06/26 13:26:15 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/06/26 13:00:49 | 000,648,201 | ---- | C] () -- C:\Users\Beth's Speed Demon\Desktop\AdwCleaner.exe
    [2013/06/25 18:18:30 | 000,003,084 | ---- | C] () -- C:\Users\Beth's Speed Demon\Desktop\Attach a.zip
    [2013/06/21 13:33:58 | 000,788,123 | ---- | C] () -- C:\Users\Beth's Speed Demon\Documents\Walton County Notices.pdf
    [2013/06/21 13:32:10 | 005,784,817 | ---- | C] () -- C:\Users\Beth's Speed Demon\Documents\Walton County Notice B.pdf
    [2013/06/21 13:30:55 | 005,797,219 | ---- | C] () -- C:\Users\Beth's Speed Demon\Documents\Walton County Notice A.pdf
    [2013/06/17 11:49:05 | 000,259,474 | ---- | C] () -- C:\Users\Beth's Speed Demon\Desktop\Family Tree June 2013.pdf
    [2013/06/11 09:23:21 | 000,000,512 | ---- | C] () -- C:\Users\Beth's Speed Demon\Desktop\MBR.dat
    [2013/06/11 09:06:19 | 000,003,765 | ---- | C] () -- C:\Users\Beth's Speed Demon\Desktop\attach.zip
    [2013/06/11 08:56:23 | 000,000,888 | ---- | C] () -- C:\Users\Beth's Speed Demon\Desktop\ERUNT.lnk
    [2013/06/05 00:10:01 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
    [2013/05/16 17:01:00 | 000,004,096 | -H-- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\keyfile3.drm
    [2013/05/02 10:53:23 | 000,000,884 | RHS- | C] () -- C:\Users\Beth's Speed Demon\ntuser.pol
    [2013/04/18 10:51:39 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
    [2013/02/25 18:54:06 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
    [2012/08/02 16:48:40 | 000,000,017 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\resmon.resmoncfg
    [2012/01/29 23:14:16 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{60588841-DC3B-43FB-8930-53A015903FE0}
    [2012/01/28 19:07:49 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{64518D0F-05F8-4C4A-AD4F-524AF4614823}
    [2012/01/28 19:06:07 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{EA13A07C-3714-42F8-A0BF-8B1A3E016F53}
    [2012/01/28 19:01:48 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{6DF84C72-753A-406C-A5BF-8A42F278699E}
    [2012/01/28 18:59:50 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{32DCBDC5-32C1-41B5-8720-29418DFB8031}
    [2012/01/28 18:57:07 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{61F70DEE-7919-436C-BA6F-2CDB54E261B6}
    [2012/01/28 18:55:08 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{DBDEFA00-E592-4E03-85BC-9CAEDE98AD36}
    [2012/01/28 18:52:35 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{859F54F2-84A7-4FED-9580-5F13AF4DC4B7}
    [2012/01/28 18:50:37 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{95C2C032-EB89-4668-853F-9C59242C538A}
    [2012/01/28 18:45:18 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{796781C7-4734-4C59-8913-041EB6924F08}
    [2012/01/28 18:43:20 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{AB43DD94-6474-4B55-85BF-B8F3586A0C20}
    [2012/01/25 13:19:00 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{BB81812A-3C33-47D3-A3D5-3B00CD11EEC3}
    [2012/01/24 18:52:48 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{6BF84FBC-576F-4E53-B89C-27E80C3B1BA3}
    [2012/01/24 18:50:56 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{D4874FC7-E0D9-47FE-B0EA-5921095C7C8E}
    [2012/01/22 06:45:07 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{D93627F5-4C56-4B6D-81CB-6ED7C0D5FE5B}
    [2012/01/09 15:45:56 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{6D424C03-05E0-4002-810F-0B29642BE1AD}
    [2012/01/09 15:43:58 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{D8F96319-BF6E-40DA-96ED-726AFA59407F}
    [2012/01/04 20:08:00 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{941727C9-0DC5-41EA-B05E-2FB973A5F856}
    [2012/01/04 20:06:02 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{2309EB2C-2E30-4123-A1CA-891D8DAC9216}
    [2011/12/19 09:23:13 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
    [2011/12/19 09:23:13 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
    [2011/12/15 15:07:30 | 000,000,161 | ---- | C] () -- C:\Windows\Readiris.ini
    [2011/12/14 17:58:57 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys
    [2011/12/14 17:58:57 | 000,000,230 | ---- | C] () -- C:\Windows\System32\hppfaxprinter5.ini
    [2011/11/30 22:10:42 | 000,036,270 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Roaming\Comma Separated Values (Windows).ADR
    [2011/11/27 11:36:30 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
    [2011/11/26 13:21:13 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Definition Bundle
    [2011/11/26 13:21:13 | 000,000,268 | RH-- | C] () -- C:\Users\Beth's Speed Demon\AppData\Roaming\CustomDataViews
    [2011/11/26 13:21:13 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
    [2011/11/26 13:15:58 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Dance Kit
    [2011/11/26 13:15:58 | 000,000,268 | RH-- | C] () -- C:\Users\Beth's Speed Demon\AppData\Roaming\Contextual Menu Items
    [2011/11/26 13:15:58 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
    [2011/11/25 14:28:27 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2011/11/25 14:04:15 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
    [2011/11/25 14:03:48 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

    ========== ZeroAccess Check ==========

    [2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012/01/21 21:26:52 | 000,000,000 | -HSD | M] -- C:\Users\Beth's Speed Demon\AppData\Roaming\.#
    [2012/09/12 18:41:30 | 000,000,000 | ---D | M] -- C:\Users\Beth's Speed Demon\AppData\Roaming\123 Free Solitaire
    [2011/12/05 12:01:09 | 000,000,000 | ---D | M] -- C:\Users\Beth's Speed Demon\AppData\Roaming\Autodesk
    [2012/12/29 12:52:15 | 000,000,000 | ---D | M] -- C:\Users\Beth's Speed Demon\AppData\Roaming\GlarySoft
    [2012/07/02 16:01:25 | 000,000,000 | ---D | M] -- C:\Users\Beth's Speed Demon\AppData\Roaming\Leadertech
    [2013/04/20 14:56:48 | 000,000,000 | ---D | M] -- C:\Users\Beth's Speed Demon\AppData\Roaming\MyHeritage
    [2012/01/03 11:30:18 | 000,000,000 | ---D | M] -- C:\Users\Beth's Speed Demon\AppData\Roaming\Nikon
    [2011/11/27 08:38:41 | 000,000,000 | ---D | M] -- C:\Users\Beth's Speed Demon\AppData\Roaming\Philipp Winterberg
    [2013/04/18 10:51:39 | 000,000,000 | ---D | M] -- C:\Users\Beth's Speed Demon\AppData\Roaming\The Complete Genealogy Reporter - FTB
    [2011/12/02 11:09:26 | 000,000,000 | ---D | M] -- C:\Users\Beth's Speed Demon\AppData\Roaming\TomTom
    [2012/12/11 10:47:16 | 000,000,000 | ---D | M] -- C:\Users\Beth's Speed Demon\AppData\Roaming\TuneUp Software

    ========== Purity Check ==========



    < End of report >
    I need to see

    1. AdwCleaner log
    2. Malwarebytes log
    3. OTL log[/QUOTE]
    Drive no faster than your guardian angel can fly.

  10. #10
    Junior Member BethMcM's Avatar
    Join Date
    Jun 2013
    Location
    DeFuniak Springs Florida
    Posts
    14

    Default Extras

    OTL Extras logfile created on: 6/26/2013 1:41:56 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Beth's Speed Demon\Desktop
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16614)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.38% Memory free
    4.00 Gb Paging File | 2.98 Gb Available in Paging File | 74.59% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 107.42 Gb Total Space | 12.20 Gb Free Space | 11.36% Space Free | Partition Type: NTFS

    Computer Name: BETHSSPEEDDEMON | User Name: Beth's Speed Demon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3239291453-3162581592-1990427089-1001\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003280F9-D810-4587-9914-3D03A5538B48}" = rport=138 | protocol=17 | dir=out | app=system |
    "{099606D3-78D0-4439-8E95-AD05618D091F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{0AF8BD18-8205-4E34-B7E6-868148A9D46E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{0B480CC2-BD01-433F-98A6-7F757CD71E86}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{0F5C64C7-FA08-4C81-AF0D-6A4BA9A88CC6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{11790C48-1F62-471A-813E-2419B4A6F680}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{21DB6128-107F-4AB9-B243-BC816ACEF8C1}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{21DF1924-382F-4988-82D8-C87FEE6BDC8A}" = rport=445 | protocol=6 | dir=out | app=system |
    "{264C8D26-7571-4D31-B662-C36099115D48}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{4CD532EB-FC3A-4B72-A1EA-28C4EB5A6F20}" = lport=138 | protocol=17 | dir=in | app=system |
    "{62527A02-9A2F-4A60-8C89-2A7D0A47C37C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{847C1A82-D726-4907-A2DB-82DAC01D440B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{89548E3B-D767-4271-9F00-19619BA75C79}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{954FBB0E-5BFD-460F-9B81-7940EBC313D8}" = rport=139 | protocol=6 | dir=out | app=system |
    "{A20E22DC-F2D5-4E12-8714-3F48BDC1CF4E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{A69F0D2E-81CA-4027-A348-37425EB093AD}" = lport=137 | protocol=17 | dir=in | app=system |
    "{B7AD4728-8D29-431C-8C79-DB5E83B209AB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C1D50DEB-82D4-4DFA-A057-35D642B412C2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C5C31776-7CDA-4C42-BDAF-E4B10C26901A}" = rport=137 | protocol=17 | dir=out | app=system |
    "{E04FA165-FD30-4783-9ACC-148AE24D93FC}" = lport=445 | protocol=6 | dir=in | app=system |
    "{E31979BD-A412-425F-843E-93D3A18339EF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{E80ED0FC-733A-4E89-82AA-E310F6A0F09D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{EBE408CC-B31B-4A87-A582-8BF991F3B281}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F9886282-9A0A-4087-81D3-ACC33A147E73}" = lport=139 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{07EE594B-CDA0-479E-8CB7-A095A260FB62}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{1551917A-D088-4240-89A6-1497A2E1548B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{18A541C0-5EC0-4100-BD63-59F5DE76EE50}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{19194CED-63F9-4A14-854A-209060B4C3EE}" = protocol=6 | dir=in | app=c:\users\beth's speed demon\appdata\local\temp\7zs437f\hpdiagnosticcoreui.exe |
    "{19D9D15C-0DF7-4A38-9033-BC2C84540F00}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{1CB89DF4-B7E7-4732-8C7A-E13DEA07398D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{284A29BA-02CF-4657-B9F4-465194740A74}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{2929DD47-32F1-48D2-BB02-0C4F4D678ADD}" = protocol=6 | dir=in | app=d:\installer\hpbcsiinstaller.exe |
    "{313C4E2D-23ED-4B8E-9EDC-4D5075C26628}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{31BB9D05-4093-4F35-B9C2-896EE9135DB9}" = protocol=17 | dir=in | app=c:\users\beth's speed demon\appdata\local\temp\7zs437f\hpdiagnosticcoreui.exe |
    "{332A180E-668B-407A-8A2C-BFA693C52DE5}" = protocol=17 | dir=in | app=d:\installer\hpbcsiinstaller.exe |
    "{4A533399-1F4E-4D5E-A034-006A90C535F5}" = protocol=17 | dir=in | app=g:\cnet2_installfreerarextractfrog_exe.exe |
    "{57EB3755-3755-42DF-9F96-82B37045EDD1}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{67AF3DAC-A5D7-4612-9B27-D8BC58076922}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{67CAA86A-9456-4AEE-9068-F273EE098628}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{6CE5157E-8D10-4956-9AA3-1AD08985A102}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{7848058D-95F7-419A-8723-FC50E01F1435}" = protocol=6 | dir=in | app=g:\cnet2_installfreerarextractfrog_exe.exe |
    "{7BC8DF22-1E83-448E-B31D-2F4288932B41}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{7D38E136-9046-46CB-A213-02E81BED15D9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{812BA328-AC31-4288-B2D1-9DC3EF0B3EE3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{84F320FA-D464-4D67-A640-B775CB4B88DE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{85A41C89-A680-423B-8115-FBD4207A5A5F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{89D991AC-E9A8-45E4-9BEE-1F4875B5CB34}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{8C92762E-1624-499C-95C5-D248BBD1FCEA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{922B6E6A-FDE9-4B4C-8EE0-DADCAE84CFEF}" = protocol=6 | dir=out | app=system |
    "{95176FF0-159D-4B0B-9415-EC93EA5EBBE7}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{AE6DF75E-FFC0-4740-AF36-4D7F267C295E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{B2F2A7A2-DB25-4EDA-80B7-213AB5C2AA88}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{B4EA358D-35C8-4634-970B-4B2741570031}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{DAF05715-47D3-473D-847A-6010493A66E0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{E2E84731-061D-4BC3-AA74-8E5DBD664C1F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{EBA30900-38BC-49D7-B5D7-1E43A78B97F7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{F1539F9F-8CB2-4E00-8A01-F6BC190CEF00}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F641932D-E473-4F2D-A18A-656BB184D6DC}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
    "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
    "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
    "{3AC26580-A695-4134-84AE-5121B3AAE545}" = Readiris Pro 12
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{4006E354-3D24-49BA-A36F-7EB75D50D575}" = hppLaserJetService
    "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4F38594F-2C4A-4C42-B2C4-505E225F6F80}" = HP Product Detection
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{5783F2D7-9001-0409-0002-0060B0CE6BBA}" = AutoCAD 2011 - English
    "{5783F2D7-9001-0409-1002-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - English
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{74280B5D-A0AF-46c5-9C85-D9EA078262F1}" = HP LaserJet Professional M1530 MFP Series
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{865E1902-B6FE-4AF0-B61D-A82EBC53569E}" = hppSendFaxM1530
    "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B411F80-3CC1-4CAC-BBA9-7CF30C48851C}" = HP Print View Software
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
    "{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{9112FEA9-0F64-453C-BEA5-9A782F87EDAA}" = hppTLBXFXM1530
    "{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
    "{989FB5FD-9B00-4B32-8663-849CB1370DD1}" = Google Drive
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BD2DD45-8763-4F12-BDC6-958FCFEF0FCB}" = Microsoft IntelliType Pro 8.2
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
    "{A1D53426-D6F3-4886-A72B-E1A8C82259E9}" = hppM1530LaserJetService
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A3A18593-62BE-4AE1-AF3F-E35179CF042E}" = hpzTLBXFX
    "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
    "{A82D0C46-EBDF-4B27-A731-D06EF2056E81}" = HP FWUpdateEDO3
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-1033-0000-BA7E-000000000005}" = Adobe Acrobat X Standard
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.83
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.83
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{C05002F1-06F8-4A15-B6F8-E4DC655C28AA}" = HP LJ M1530 MFP Series HP Scan
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{C462F75B-9A35-4A84-AE52-E8C9112AAE87}" = hppFaxUtilityM1530
    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
    "{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
    "{EC5F4C1B-F838-4CB7-8561-8F809296428B}" = TomTom HOME
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
    "{FD575F8B-6141-455A-8AE5-F2D2E08520FC}" = hppFaxDrvM1530
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
    "AutoCAD 2011 - English" = AutoCAD 2011 - English
    "ERUNT_is1" = ERUNT 1.1j
    "Family Tree Builder" = MyHeritage Family Tree Builder
    "Free RAR Extract Frog" = Free RAR Extract Frog
    "Glary Utilities_is1" = Glary Utilities 2.51.0.1666
    "Google Chrome" = Google Chrome
    "Host OpenAL (ADI)" = Host OpenAL (ADI)
    "HP Marketing Resources" = HP Print View Software
    "Logitech Unifying" = Logitech Unifying Software 2.10
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
    "Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
    "Microsoft Security Client" = Microsoft Security Essentials
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "SP6" = Logitech SetPoint 6.32
    "SQL Anywhere Studio 7.0" = Sybase SQL Anywhere 7
    "ULTIMATER" = Microsoft Office Ultimate 2007
    "Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 11/15/2012 7:55:17 PM | Computer Name = BethsSpeedDemon | Source = Application Hang | ID = 1002
    Description = The program OUTLOOK.EXE version 12.0.6665.5003 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 12b4 Start
    Time: 01cdc38c710e0f12 Termination Time: 20 Application Path: C:\Program Files\Microsoft
    Office\Office12\OUTLOOK.EXE Report Id: d73c8f02-2f7f-11e2-bbd2-001e8c6f7edb

    Error - 11/17/2012 7:18:51 PM | Computer Name = BethsSpeedDemon | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16455,
    time stamp: 0x507284ba Faulting module name: Flash32_11_4_402_287.ocx, version: 11.4.402.287,
    time stamp: 0x5066dd49 Exception code: 0xc0000005 Fault offset: 0x000df906 Faulting
    process id: 0x1718 Faulting application start time: 0x01cdc509b294fcc7 Faulting application
    path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\Macromed\Flash\Flash32_11_4_402_287.ocx
    Report
    Id: 2552527b-310d-11e2-83cf-001e8c6f7edb

    Error - 11/18/2012 11:19:37 PM | Computer Name = BethsSpeedDemon | Source = Windows Backup | ID = 4104
    Description =

    Error - 11/23/2012 12:27:37 PM | Computer Name = BethsSpeedDemon | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16455,
    time stamp: 0x507284ba Faulting module name: MSHTML.dll, version: 9.0.8112.16455,
    time stamp: 0x50728e5d Exception code: 0xc0000005 Fault offset: 0x004c4545 Faulting
    process id: 0x1750 Faulting application start time: 0x01cdc98e236dccf5 Faulting application
    path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\MSHTML.dll
    Report
    Id: b0f0ad8a-358a-11e2-82b9-001e8c6f7edb

    Error - 11/23/2012 12:27:55 PM | Computer Name = BethsSpeedDemon | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16455,
    time stamp: 0x507284ba Faulting module name: MSHTML.dll, version: 9.0.8112.16455,
    time stamp: 0x50728e5d Exception code: 0xc0000005 Fault offset: 0x004c4545 Faulting
    process id: 0x118c Faulting application start time: 0x01cdc9977a68cad5 Faulting application
    path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\MSHTML.dll
    Report
    Id: bbd4738b-358a-11e2-82b9-001e8c6f7edb

    Error - 11/23/2012 12:28:22 PM | Computer Name = BethsSpeedDemon | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16455,
    time stamp: 0x507284ba Faulting module name: MSHTML.dll, version: 9.0.8112.16455,
    time stamp: 0x50728e5d Exception code: 0xc0000005 Fault offset: 0x004c4545 Faulting
    process id: 0x4cc Faulting application start time: 0x01cdc9977a62d754 Faulting application
    path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\MSHTML.dll
    Report
    Id: cbd44e39-358a-11e2-82b9-001e8c6f7edb

    Error - 11/23/2012 12:28:48 PM | Computer Name = BethsSpeedDemon | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16455,
    time stamp: 0x507284ba Faulting module name: MSHTML.dll, version: 9.0.8112.16455,
    time stamp: 0x50728e5d Exception code: 0xc0000005 Fault offset: 0x0079a915 Faulting
    process id: 0x1620 Faulting application start time: 0x01cdc9978fbd360a Faulting application
    path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\MSHTML.dll
    Report
    Id: db08db21-358a-11e2-82b9-001e8c6f7edb

    Error - 11/23/2012 12:34:27 PM | Computer Name = BethsSpeedDemon | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16455,
    time stamp: 0x507284ba Faulting module name: MSHTML.dll, version: 9.0.8112.16455,
    time stamp: 0x50728e5d Exception code: 0xc0000005 Fault offset: 0x00247a38 Faulting
    process id: 0x150c Faulting application start time: 0x01cdc997aad62f9c Faulting application
    path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\MSHTML.dll
    Report
    Id: a54e3e8b-358b-11e2-82b9-001e8c6f7edb

    Error - 11/23/2012 6:30:30 PM | Computer Name = BethsSpeedDemon | Source = Application Hang | ID = 1002
    Description = The program OUTLOOK.EXE version 12.0.6665.5003 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: a80 Start
    Time: 01cdc9c9cb473b9c Termination Time: 10 Application Path: C:\Program Files\Microsoft
    Office\Office12\OUTLOOK.EXE Report Id: 51c58a77-35bd-11e2-85cd-001e8c6f7edb

    Error - 11/25/2012 11:00:06 PM | Computer Name = BethsSpeedDemon | Source = Windows Backup | ID = 4103
    Description =

    [ OSession Events ]
    Error - 2/18/2013 3:20:09 PM | Computer Name = BethsSpeedDemon | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 426
    seconds with 420 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 6/18/2013 3:52:11 PM | Computer Name = BethsSpeedDemon | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort3.

    Error - 6/18/2013 3:52:11 PM | Computer Name = BethsSpeedDemon | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort3.

    Error - 6/18/2013 3:52:11 PM | Computer Name = BethsSpeedDemon | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort3.

    Error - 6/18/2013 3:52:11 PM | Computer Name = BethsSpeedDemon | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort3.

    Error - 6/18/2013 3:52:14 PM | Computer Name = BethsSpeedDemon | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort3.

    Error - 6/18/2013 3:52:14 PM | Computer Name = BethsSpeedDemon | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort3.

    Error - 6/18/2013 3:52:14 PM | Computer Name = BethsSpeedDemon | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort3.

    Error - 6/18/2013 3:52:14 PM | Computer Name = BethsSpeedDemon | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort3.

    Error - 6/22/2013 11:56:58 PM | Computer Name = BethsSpeedDemon | Source = Tcpip | ID = 4199
    Description = The system detected an address conflict for IP address 192.168.1.3
    with the system having network hardware address 00-07-5C-56-66-50. Network operations
    on this system may be disrupted as a result.

    Error - 6/24/2013 11:34:10 AM | Computer Name = BethsSpeedDemon | Source = Microsoft-Windows-Application-Experience | ID = 205
    Description = The Program Compatibility Assistant service failed to perform the
    phase two initialization.


    < End of report >

    I need to see

    1. AdwCleaner log
    2. Malwarebytes log
    3. OTL log[/QUOTE]
    Drive no faster than your guardian angel can fly.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •