Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - PetzWay

Pages: [1]
1
Thanks again for all your help this far!  here is the log:

# DelFix v10.8 - Logfile created 07/08/2014 at 16:56:59
# Updated 29/07/2014 by Xplode
# Username : Beth - BETH-HP
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\Users\Beth\Desktop\AdwCleaner[R1].txt
Deleted : C:\Users\Beth\Desktop\combofix log.txt
Deleted : C:\Users\Beth\Desktop\ComboFix.exe
Deleted : C:\Users\Beth\Desktop\dds.txt
Deleted : C:\Users\Beth\Desktop\JRT.txt
Deleted : C:\Users\Beth\Downloads\adwcleaner_3.302.exe
Deleted : C:\Users\Beth\Downloads\dds.scr
Deleted : C:\Users\Beth\Downloads\SecurityCheck.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #179 [Windows Backup | 07/26/2014 16:43:55]
Deleted : RP #180 [Installed TouchFreeze | 07/26/2014 18:03:07]
Deleted : RP #181 [Windows Update | 07/26/2014 20:19:45]
Deleted : RP #182 [Installed HP Support Assistant | 07/27/2014 22:58:25]
Deleted : RP #183 [Windows Modules Installer | 07/27/2014 23:04:32]
Deleted : RP #184 [Windows Modules Installer | 07/27/2014 23:06:46]
Deleted : RP #185 [Windows Backup | 07/28/2014 02:00:11]
Deleted : RP #186 [Windows Update | 07/29/2014 02:54:17]
Deleted : RP #187 [Installed Adobe Reader XI. | 07/29/2014 06:19:59]
Deleted : RP #188 [Windows Update | 08/01/2014 19:49:14]
Deleted : RP #189 [Removed Java(TM) 6 Update 24 (64-bit) | 08/02/2014 02:47:10]
Deleted : RP #190 [Windows Update | 08/05/2014 13:51:08]
Deleted : RP #191 [Windows Backup | 08/05/2014 13:55:14]

New restore point created !

########## - EOF - ##########

2
Evreything seems to be working well and even has sped up a bit in processing.
There was a mention of 'clean up' that needed to be done. Is this the case?

3
Whoo! That was easy and it seemed to do the trick.  It will now navigate away from MSN!  :-)

4
That is correct.  IE 11 launches fine, MSN loads and I can even navigate within MSN and view their articles. Typing in a website in the address bar and using bookmarks does nothing.

5
Yay! Restarted the computer and the message did not come up.  When using mozilla everything works perfectly, no re-directs.  However, when I use explorer it just stays on my homepage (msn). It acts like it is thinking and going to whatever website I type in, but then does nothing. 

So close to having everything back to normal.  :-)

6
Oh whoops sorry about the double log in names.  Here is the log from Combofix.  Should I re-enable my anti-virus?

ComboFix 14-08-05.01 - Beth 08/05/2014  12:56:29.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7658.5684 [GMT -7:00]
Running from: c:\users\Beth\Desktop\ComboFix.exe
AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Beth\AppData\Local\Microsoft\Windows\Temporary Internet Files\{104C0D93-65FE-4D89-8109-BF2B9A03777B}.xps
c:\users\Beth\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B3CA935E-5BAB-4AF2-AC2D-E972AC9116B1}.xps
c:\users\Beth\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BCA6940F-D136-484A-9446-1792935849E7}.xps
c:\users\Beth\AppData\Local\Temp\_ir_sf_temp_0\npCouponPrinter.dll
c:\users\Beth\AppData\Local\Temp\_ir_sf_temp_0\npMozCouponPrinter.dll
c:\users\Beth\AppData\Local\Temp\{0B3BB2F3-69E1-4B35-8A6B-2D201CC6D4CE}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{0B65A6D8-FFF1-4D29-AC68-496EA040359E}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{0C7DCCB0-8CEB-4BFE-90A5-69979E2F3F18}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{10822F7E-B57A-414F-8825-3403C4F283F6}\_isres_0x0409.dll
c:\users\Beth\AppData\Local\Temp\{10822F7E-B57A-414F-8825-3403C4F283F6}\ISBEW64.exe
c:\users\Beth\AppData\Local\Temp\{10822F7E-B57A-414F-8825-3403C4F283F6}\ISRT.dll
c:\users\Beth\AppData\Local\Temp\{116B11E8-2CE7-4AA6-B331-0F57BDEAB964}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{17D5E7FD-61F2-4C24-B1F0-A5FD77AEE1E7}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{1DD51E6C-F178-4329-9B89-FEAAB3B2FFA3}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{28D01CE7-510A-4CAF-A76C-4D99F6CB4971}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{2A11DFBE-B6CA-4B91-A89C-C22B4407F9A0}\ISBEW64.exe
c:\users\Beth\AppData\Local\Temp\{2DA62F9E-804B-4468-97A8-DB47954E917A}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{32C6BCD2-25C0-45CF-BFB0-8F52527D81FC}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{39047D05-BFE5-4E3D-BB17-C660C460155E}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{3C764D06-AD03-4190-9726-06E50CCB14C1}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{3EEBB8FB-83E0-4AB3-922C-F682ADC3C57D}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{43945532-06CB-4D5C-AB1C-1B5C61B0037C}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{43B6C4AD-B407-44B0-9397-FBBFD9D06225}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{4486077A-1C3E-4BE5-BFDD-33C1431D87CA}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{4F1285FC-9E86-4D25-A59D-F7F39FC22763}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{59C26343-147B-416C-84D6-BC9335DAE355}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{5C007AD2-1D3E-4D7C-BDBE-3AB946CFB544}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{5C25E035-0658-4243-9AB8-EA8E2401F702}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{5D6427AC-AAF3-497C-AF89-349A27D85088}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{5F280D48-A080-430B-B8CA-8F1F6A3A3156}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{64966A42-C9AF-4177-9624-4FB4FBEC6C34}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{667A2F2B-C501-436F-96AA-421CBF8785AC}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{68909AA9-4F42-495E-8542-7CE8C8FA4597}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{694E5B55-D572-4D19-A6C4-FD9B924669AF}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{72BDE036-2B41-4300-AE99-4ACF0A2BA2C6}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{73147EC1-B1F3-44C8-9465-D6F5F030C1F5}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{7D2E701C-638B-45AC-9DA7-E196E4EF7DCE}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{7F99B06B-05F8-421D-BB45-F8EB02E923F8}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{80F5C4AC-9206-448E-A92D-7B257B5BFF8D}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{814C8FE6-A7C9-4A9C-824E-C32A1498FB96}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{840FA8B1-E997-49CB-9028-812D3F565259}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{89FF0DB4-45B7-48D5-A295-231A6F622E33}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{8FB98C5D-D581-4EBF-8310-3A458B6ED767}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{91F7668D-66F0-46A2-85A8-84E422BA3223}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{9B09BB59-351A-44AB-8BCA-D3C407B560CC}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{9C41A294-A6D9-4F0A-9993-132D421C1AC9}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{A56E691E-91F4-49FE-B535-30032A3D9009}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{A7170019-D42C-4A99-B458-0A27F7C9DD6B}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{B158D18E-F6C9-4E8A-920A-D8283F9A2FD2}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{BF60CCB6-29C2-4D33-A391-7094E6F9A84D}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{C7240724-ADB4-4A49-AC73-8C2ED636F80B}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{C81956B2-2F83-4448-8FF6-8EA3B917B346}\ISBEW64.exe
c:\users\Beth\AppData\Local\Temp\{CA2637ED-197D-4C58-9045-C5F33B776FF6}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{CBAC0054-0A59-49BE-9393-BA5933A401D5}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{D088F4EC-7791-4FE4-8A5B-B71B39A2FE64}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{D3BC8CA3-472C-4913-AA72-2044F52B759C}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{D408BFE9-242E-4B51-B085-D2E3E6D86126}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{E27B67B5-F29A-4972-AE58-83B3AF8D433D}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{E7BEB7CE-5326-4946-8563-1C598ECF7792}\ISBEW64.exe
c:\users\Beth\AppData\Local\Temp\{EAEE32E3-A996-4C77-AB99-0ADCA515F2D6}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{EB7E4C8F-D2BA-4713-9CBA-AB8ECD944B12}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}\adobe_oobelib.dll
c:\users\Beth\AppData\Local\Temp\{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}\asneu.dll
c:\users\Beth\AppData\Local\Temp\{FA3075A7-63AC-40EF-9694-1E51A7CBCB4F}\fpb.tmp
c:\users\Beth\AppData\Local\Temp\8BCB.dir\InstallFlashPlayer.exe
c:\users\Beth\AppData\Local\Temp\Ceement\src\setup.exe
c:\users\Beth\AppData\Local\Temp\dcomtmp\Restart.exe
c:\users\Beth\AppData\Local\Temp\F47C.dir\InstallFlashPlayer.exe
c:\users\Beth\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll
c:\users\Beth\AppData\Local\Temp\Jgl_Rt\jesterrun0.dll
c:\users\Beth\AppData\Local\Temp\jrt\CHOICE.DAT
c:\users\Beth\AppData\Local\Temp\jrt\CUT.DAT
c:\users\Beth\AppData\Local\Temp\jrt\erunt\ERDNT.E_E
c:\users\Beth\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
c:\users\Beth\AppData\Local\Temp\jrt\NIRCMD.DAT
c:\users\Beth\AppData\Local\Temp\jrt\SED.DAT
c:\users\Beth\AppData\Local\Temp\jrt\SHORTCUT.DAT
c:\users\Beth\AppData\Local\Temp\jrt\WGET.DAT
c:\users\Beth\AppData\Local\Temp\NOD4BF3.tmp
c:\users\Beth\AppData\Local\Temp\ose00000.exe
c:\users\Beth\AppData\Local\Temp\processcheck.exe
c:\users\Beth\AppData\Local\Temp\Quarantine.exe
c:\users\Beth\AppData\Local\Temp\RarSFX0\SecurityCheck\Objlist.exe
c:\users\Beth\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\cmdinfo.exe
c:\users\Beth\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\nircmdc.exe
c:\users\Beth\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\sed.exe
c:\users\Beth\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\swreg.exe
c:\users\Beth\AppData\Local\Temp\RarSFX0\SecurityCheck\runprocesses.exe
c:\users\Beth\AppData\Local\Temp\RarSFX0\SecurityCheck\uninstalllist.exe
c:\users\Beth\AppData\Local\Temp\readSTILog.dll
c:\users\Beth\AppData\Local\Temp\Resource.exe
c:\users\Beth\AppData\Local\Temp\SetACL.exe
c:\users\Beth\AppData\Local\Temp\SP54004.exe
c:\users\Beth\AppData\Local\Temp\sp54373.exe
c:\users\Beth\AppData\Local\Temp\sp54620.exe
c:\users\Beth\AppData\Local\Temp\SP54630.exe
c:\users\Beth\AppData\Local\Temp\SP54714.exe
c:\users\Beth\AppData\Local\Temp\SP54945.exe
c:\users\Beth\AppData\Local\Temp\SP54995.exe
c:\users\Beth\AppData\Local\Temp\SP54996.exe
c:\users\Beth\AppData\Local\Temp\SP55086.exe
c:\users\Beth\AppData\Local\Temp\SP55151.exe
c:\users\Beth\AppData\Local\Temp\SP55152.exe
c:\users\Beth\AppData\Local\Temp\SP55377.exe
c:\users\Beth\AppData\Local\Temp\SP56099.exe
c:\users\Beth\AppData\Local\Temp\SP56221.exe
c:\users\Beth\AppData\Local\Temp\SP57232.exe
c:\users\Beth\AppData\Local\Temp\SP57398.exe
c:\users\Beth\AppData\Local\Temp\SP57698.exe
c:\users\Beth\AppData\Local\Temp\SP58131.exe
c:\users\Beth\AppData\Local\Temp\sp58915.exe
c:\users\Beth\AppData\Local\Temp\SP58986.exe
c:\users\Beth\AppData\Local\Temp\sp64126.exe
c:\users\Beth\AppData\Local\Temp\TempFolder.aaa\dirapi.dll
c:\users\Beth\AppData\Local\Temp\TempFolder.aaa\iml32.dll
c:\users\Beth\AppData\Local\Temp\TempFolder.aaa\msvcrt.dll
c:\users\Beth\AppData\Local\Temp\TempFolder.aaa\proj.dll
c:\users\Beth\AppData\Local\Temp\TempFolder.aaa\xtras\budapi.x32
c:\users\Beth\AppData\Local\Temp\TempFolder.aaa\xtras\DirectSound.x32
c:\users\Beth\AppData\Local\Temp\TempFolder.aaa\xtras\Font Xtra.x32
c:\users\Beth\AppData\Local\Temp\TempFolder.aaa\xtras\INetURL.x32
c:\users\Beth\AppData\Local\Temp\TempFolder.aaa\xtras\MacroMix.x32
c:\users\Beth\AppData\Local\Temp\TempFolder.aaa\xtras\Mix Services.x32
c:\users\Beth\AppData\Local\Temp\TempFolder.aaa\xtras\MpegAdvance.x32
c:\users\Beth\AppData\Local\Temp\TempFolder.aaa\xtras\Netfile.x32
c:\users\Beth\AppData\Local\Temp\TempFolder.aaa\xtras\Netlingo.x32
c:\users\Beth\AppData\Local\Temp\TempFolder.aaa\xtras\PNG Import Export.x32
c:\users\Beth\AppData\Local\Temp\TempFolder.aaa\xtras\Sound Control.x32
c:\users\Beth\AppData\Local\Temp\TempFolder.aaa\xtras\Swadcmpr.x32
c:\users\Beth\AppData\Local\Temp\TempFolder.aaa\xtras\Text Asset.x32
c:\users\Beth\AppData\Local\Temp\TempFolder.aaa\xtras\TextXtra.x32
c:\users\Beth\AppData\Local\Temp\UninstallHPSA.exe
c:\users\Beth\AppData\Local\Temp\UninstallHPTCA.exe
c:\users\Beth\AppData\Local\Temp\VistaTools64.dll
c:\users\Beth\AppData\Local\Temp\VSD4C3C.tmp\setup_sfx_full.exe
c:\users\Beth\AppData\Local\Temp\x64\HPWarrantyIDDll.dll
c:\users\Beth\AppData\Local\Temp\x86\HPWarrantyIDDll.dll
c:\users\Beth\AppData\Local\Temp\YouCam\Tutorial\youcam-tutorial.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-05 to 2014-08-05  )))))))))))))))))))))))))))))))
.
.
2014-08-05 20:20 . 2014-08-05 20:20   --------   d-----w-   c:\users\Default\AppData\Local\temp
2014-08-05 20:13 . 2014-08-05 20:13   75888   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D4D6AA8-E888-4804-A065-0A18F9A9071C}\offreg.dll
2014-08-05 14:40 . 2014-08-05 14:40   --------   d-----w-   c:\windows\ERUNT
2014-08-05 13:52 . 2014-07-02 03:09   10924376   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D4D6AA8-E888-4804-A065-0A18F9A9071C}\mpengine.dll
2014-08-02 03:52 . 2014-08-05 15:29   --------   d-----w-   C:\AdwCleaner
2014-08-02 02:52 . 2014-08-02 02:53   122584   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-02 02:51 . 2014-08-02 02:51   --------   d-----w-   c:\program files (x86)\Malwarebytes Anti-Malware
2014-08-02 02:51 . 2014-08-02 02:51   --------   d-----w-   c:\programdata\Malwarebytes
2014-08-02 02:51 . 2014-05-12 14:26   63704   ----a-w-   c:\windows\system32\drivers\mwac.sys
2014-08-02 02:51 . 2014-05-12 14:26   91352   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2014-08-02 02:51 . 2014-05-12 14:25   25816   ----a-w-   c:\windows\system32\drivers\mbam.sys
2014-07-28 01:49 . 2014-07-28 01:49   --------   d-sh--w-   c:\users\Beth\AppData\Local\EmieUserList
2014-07-28 01:49 . 2014-07-28 01:49   --------   d-sh--w-   c:\users\Beth\AppData\Local\EmieSiteList
2014-07-27 22:57 . 2014-07-27 22:57   --------   d-----w-   c:\programdata\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-07-26 20:34 . 2014-07-26 20:34   --------   d-----w-   c:\windows\Migration
2014-07-26 18:02 . 2014-07-26 18:04   --------   d-----w-   c:\users\Beth\AppData\Local\Programs
2014-07-26 17:21 . 2014-07-26 17:21   --------   d-s---w-   c:\windows\system32\CompatTel
2014-07-26 16:52 . 2014-07-26 16:52   --------   d-----w-   c:\program files (x86)\Common Files\Java
2014-07-26 16:51 . 2014-07-26 16:51   98216   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-10 22:09 . 2014-03-26 14:44   2002432   ----a-w-   c:\windows\system32\msxml6.dll
2014-07-10 22:08 . 2014-04-05 02:47   1903552   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2014-07-10 22:08 . 2014-04-05 02:47   288192   ----a-w-   c:\windows\system32\drivers\FWPKCLNT.SYS
2014-07-10 22:08 . 2014-06-30 02:09   519168   ----a-w-   c:\windows\system32\aepdu.dll
2014-07-10 22:08 . 2014-06-30 02:04   424448   ----a-w-   c:\windows\system32\aeinv.dll
2014-07-10 22:08 . 2014-06-18 01:10   3157504   ----a-w-   c:\windows\system32\win32k.sys
2014-07-10 22:08 . 2014-06-18 02:19   449024   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-07-10 22:08 . 2014-06-18 01:51   646144   ----a-w-   c:\windows\SysWow64\osk.exe
2014-07-10 22:08 . 2014-06-18 02:18   692736   ----a-w-   c:\windows\system32\osk.exe
2014-07-10 22:06 . 2014-02-04 02:35   190912   ----a-w-   c:\windows\system32\drivers\storport.sys
2014-07-10 22:05 . 2014-03-04 09:44   1163264   ----a-w-   c:\windows\system32\kernel32.dll
2014-07-10 22:05 . 2014-03-04 09:44   362496   ----a-w-   c:\windows\system32\wow64win.dll
2014-07-10 22:05 . 2014-03-04 09:44   243712   ----a-w-   c:\windows\system32\wow64.dll
2014-07-10 22:05 . 2014-03-04 09:44   16384   ----a-w-   c:\windows\system32\ntvdm64.dll
2014-07-10 22:05 . 2014-03-04 09:16   25600   ----a-w-   c:\windows\SysWow64\setup16.exe
2014-07-10 22:05 . 2014-03-04 09:44   13312   ----a-w-   c:\windows\system32\wow64cpu.dll
2014-07-10 22:05 . 2014-03-04 09:17   14336   ----a-w-   c:\windows\SysWow64\ntvdm64.dll
2014-07-10 22:05 . 2014-03-04 09:16   5120   ----a-w-   c:\windows\SysWow64\wow32.dll
2014-07-10 22:05 . 2014-03-04 08:09   7680   ----a-w-   c:\windows\SysWow64\instnm.exe
2014-07-10 22:05 . 2014-03-04 08:09   2048   ----a-w-   c:\windows\SysWow64\user.exe
2014-07-10 21:41 . 2013-05-10 04:30   167424   ----a-w-   c:\program files\Windows Media Player\wmplayer.exe
2014-07-10 21:41 . 2013-05-10 03:48   164864   ----a-w-   c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-07-10 21:41 . 2013-05-10 05:56   12625920   ----a-w-   c:\windows\system32\wmploc.DLL
2014-07-10 21:41 . 2013-05-10 04:56   12625408   ----a-w-   c:\windows\SysWow64\wmploc.DLL
2014-07-10 21:41 . 2013-05-10 05:56   14631424   ----a-w-   c:\windows\system32\wmp.dll
2014-07-10 21:38 . 2013-10-15 01:00   28368   ----a-w-   c:\windows\system32\IEUDINIT.EXE
2014-07-10 21:29 . 2014-01-24 02:37   1684928   ----a-w-   c:\windows\system32\drivers\ntfs.sys
2014-07-10 21:26 . 2014-06-05 14:45   1460736   ----a-w-   c:\windows\system32\lsasrv.dll
2014-07-10 21:26 . 2014-04-12 02:22   95680   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2014-07-10 21:26 . 2014-04-12 02:22   155072   ----a-w-   c:\windows\system32\drivers\ksecpkg.sys
2014-07-10 21:26 . 2014-04-12 02:19   136192   ----a-w-   c:\windows\system32\sspicli.dll
2014-07-10 21:26 . 2014-04-12 02:19   31232   ----a-w-   c:\windows\system32\lsass.exe
2014-07-10 21:26 . 2014-06-05 14:26   22016   ----a-w-   c:\windows\SysWow64\secur32.dll
2014-07-10 21:26 . 2014-06-05 14:25   96768   ----a-w-   c:\windows\SysWow64\sspicli.dll
2014-07-10 21:26 . 2014-04-12 02:19   29184   ----a-w-   c:\windows\system32\sspisrv.dll
2014-07-10 21:26 . 2014-04-12 02:19   28160   ----a-w-   c:\windows\system32\secur32.dll
2014-07-10 21:21 . 2014-07-10 21:21   --------   d-----w-   c:\program files (x86)\Common Files\Skype
2014-07-10 21:21 . 2014-07-10 21:21   --------   d-----r-   c:\program files (x86)\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-10 21:33 . 2012-04-08 22:24   699056   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-10 21:33 . 2011-12-28 02:37   71344   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-27 00:40 . 2011-12-22 03:30   96441528   ----a-w-   c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCShowServer"="c:\users\Beth\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-04-02 351888]
"TouchFreeze"="c:\users\Beth\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe" [2012-07-25 40960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-02 336384]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-01-25 75048]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-09-13 103992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
.
c:\users\Beth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/08/08 21:34;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

R2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe

R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys

S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe

S2 Agent;VPDAgent;c:\windows\VPDAgent_x64.exe;c:\windows\VPDAgent_x64.exe

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe

S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

S2 Neat Startup Service;Neat Startup Service;c:\program files (x86)\Neat\exec\NeatStartupService.exe;c:\program files (x86)\Neat\exec\NeatStartupService.exe

S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys

S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys

S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys

S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys

.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 21:33]
.
2014-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-30 03:35]
.
2014-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-30 03:35]
.
2014-08-05 c:\windows\Tasks\HPCeeScheduleForBeth.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-11-06 1425408]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1 205.171.2.25
DPF: {D0659405-AD2E-4195-B67E-8B3AC42D763E} - hxxps://qbo.intuit.com/c28/v60.147/qboax11.cab
FF - ProfilePath - c:\users\Beth\AppData\Roaming\Mozilla\Firefox\Profiles\ojzwz85n.default\
FF - prefs.js: browser.search.selectedEngine - Twitter
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Elzl - c:\windows\SysWOW64\btpanui6.dll
Wow6432Node-HKLM-Run-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
HKLM_Wow6432Node-ActiveSetup-Neat ADF Scanner 2008 - reg copy HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008 HKCU\Software\The Neat Company\Neat ADF Scanner 2008
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Coupon Printer for Windows5.0.0.3 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-Trusted Software Assistant_is1 - c:\program files (x86)\File Type Assistant\unins000.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-05  13:25:24
ComboFix-quarantined-files.txt  2014-08-05 20:25
.
Pre-Run: 653,746,446,336 bytes free
Post-Run: 654,668,820,480 bytes free
.
- - End Of File - - BCF6FF8AA6AB2E5E00747203B0AB57A8
A36C5E4F47E84449FF07ED3517B43A31

7
username Pavilion dv7 is also me (PetzWay). I was using internet explorer for the last post and that is the username it put up. When using Mozilla Petzway shows. Just wanted to let you know it is the same person.  Thanks again.

8
Things seem to be working...here are the logs.


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/1/2014
Scan Time: 7:53:15 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.01.06
Rootkit Database: v2014.08.01.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Beth

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 299962
Time Elapsed: 29 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



# AdwCleaner v3.302 - Report created 01/08/2014 at 21:20:58
# Updated 30/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Beth - BETH-HP
# Running from : C:\Users\Beth\Downloads\adwcleaner_3.302.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\File Type Assistant
Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Found : C:\ProgramData\AlawarWrapper
Folder Found : C:\ProgramData\Ask
Folder Found : C:\Users\Beth\AppData\Local\FileTypeAssistant
Folder Found : C:\Users\Public\Documents\AlawarWrapper

***** [ Scheduled Tasks ] *****

Task Found : ProgramUpdateCheck

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Beth\AppData\Roaming\Mozilla\Firefox\Profiles\ojzwz85n.default\prefs.js ]

Line Found : user_pref("browser.search.order.1", "Ask.com");

*************************

AdwCleaner[R0].txt - [3851 octets] - [01/08/2014 20:54:19]
AdwCleaner[R1].txt - [3679 octets] - [01/08/2014 21:20:58]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [3739 octets] ##########

9
Analysis and Malware Removal / When googling it sends me to bogus site
« on: August 01, 2014, 09:17:17 PM »
Whenever I Google something it sends me to bogus site.  Also, when in Microsoft Word typing a black dos type screen popped up and it read 'scanning' and then disappeared quickly.   At the beginning of the year I looked for a software (don't remember the name) to scan the computer.  It found Win32/Ponmocop.AA trojan and Virtool:Win32/Obfuscator.AFX that it could/would not delete.  Also, used Windows Defenders that was on my laptop and it didn't do anything.

Any help is appreciated!


Checkup log


 Results of screen317's Security Check version 0.99.86 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
Trend Micro Titanium   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Java 7 Update 65 
 Adobe Reader XI 
 Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent````````[/u] 
 Trend Micro AMSP coreServiceShell.exe 
 Trend Micro UniClient UiFrmWrk uiWatchDog.exe
 Trend Micro AMSP coreFrameworkHost.exe 
 Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 8%
````````````````````End of Log``````````````````````[/u]


DDS log

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.65.2
Run by Beth at 14:44:59 on 2014-08-01
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7658.5724 [GMT -7:00]
.
AV: Trend Micro Titanium *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\VPDAgent_x64.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Users\Beth\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
C:\Users\Beth\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\Beth\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = C:\Windows\System32\userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe -autorun
uRun: [PCShowServer] "C:\Users\Beth\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
uRun: [Elzl] rundll32 "C:\Windows\SysWOW64\btpanui6.dll",lrtcxmceb
uRun: [TouchFreeze] C:\Users\Beth\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Beth\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {D0659405-AD2E-4195-B67E-8B3AC42D763E} - hxxps://qbo.intuit.com/c28/v60.147/qboax11.cab
TCP: NameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{456CBEFC-7D26-4A8E-A3CC-8193651A8F82} : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{456CBEFC-7D26-4A8E-A3CC-8193651A8F82}\36574616C6F6675627 : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{68CFE6E0-C064-4F85-A5D9-7E58AFFEDE1A} : DHCPNameServer = 172.168.11.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL ""
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: Send To Neat - reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Beth\AppData\Roaming\Mozilla\Firefox\Profiles\ojzwz85n.default\
FF - prefs.js: browser.search.selectedEngine - Twitter
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Beth\AppData\Local\DIRECTV Player\npPCShowPlugin.dll
FF - plugin: C:\Users\Beth\AppData\Local\DIRECTV Player\npPlayerPlugin.dll
FF - plugin: C:\Users\Beth\AppData\Roaming\CATALI~1\npBcsKtTcHW.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-4-15 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-4-15 40064]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-2-3 55856]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-11-6 89600]
R2 Agent;VPDAgent;C:\Windows\VPDAgent_x64.exe [2012-10-25 148480]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-2 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-2 365568]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-2-3 256336]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-4-25 31000]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-11-6 2413056]
R2 Neat Startup Service;Neat Startup Service;C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [2012-12-7 6144]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2012-2-3 67664]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-3-17 87168]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-11-15 46136]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-3-17 188544]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-9-13 1098296]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-11-15 1582144]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-11-15 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-15 428136]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-11-15 47232]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/08/08 21:34:28;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-1-25 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-17 265544]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-26 111616]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-21 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-08-01 19:50:40   10924376   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CBDD6370-CAEF-43D8-B943-AD42A9455AE5}\mpengine.dll
2014-07-28 01:49:14   --------   d-sh--w-   C:\Users\Beth\AppData\Local\EmieUserList
2014-07-28 01:49:14   --------   d-sh--w-   C:\Users\Beth\AppData\Local\EmieSiteList
2014-07-27 22:57:44   --------   d-----w-   C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-07-26 20:34:32   --------   d-----w-   C:\Windows\Migration
2014-07-26 18:03:47   46704   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-07-26 18:03:45   822384   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll
2014-07-26 18:03:45   10594416   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\icudt52.dll
2014-07-26 18:03:45   1022576   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\icuin52.dll
2014-07-26 18:02:54   --------   d-----w-   C:\Users\Beth\AppData\Local\Programs
2014-07-26 17:21:40   --------   d-s---w-   C:\Windows\System32\CompatTel
2014-07-26 16:51:59   98216   ----a-w-   C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-11 04:56:39   --------   d-----w-   C:\Users\Beth\AppData\Local\{C3F4CE2B-9802-4D06-BCDD-17966F79660F}
2014-07-10 22:08:46   288192   ----a-w-   C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-07-10 22:08:46   1903552   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
2014-07-10 22:08:31   519168   ----a-w-   C:\Windows\System32\aepdu.dll
2014-07-10 22:08:31   424448   ----a-w-   C:\Windows\System32\aeinv.dll
2014-07-10 22:08:03   3157504   ----a-w-   C:\Windows\System32\win32k.sys
2014-07-10 22:08:01   646144   ----a-w-   C:\Windows\SysWow64\osk.exe
2014-07-10 22:08:01   449024   ----a-w-   C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-07-10 22:08:00   692736   ----a-w-   C:\Windows\System32\osk.exe
2014-07-10 22:06:47   27584   ----a-w-   C:\Windows\System32\drivers\Diskdump.sys
2014-07-10 22:05:39   362496   ----a-w-   C:\Windows\System32\wow64win.dll
2014-07-10 22:05:39   25600   ----a-w-   C:\Windows\SysWow64\setup16.exe
2014-07-10 22:05:39   243712   ----a-w-   C:\Windows\System32\wow64.dll
2014-07-10 22:05:39   16384   ----a-w-   C:\Windows\System32\ntvdm64.dll
2014-07-10 22:05:38   14336   ----a-w-   C:\Windows\SysWow64\ntvdm64.dll
2014-07-10 22:05:38   13312   ----a-w-   C:\Windows\System32\wow64cpu.dll
2014-07-10 22:05:37   7680   ----a-w-   C:\Windows\SysWow64\instnm.exe
2014-07-10 22:05:37   5120   ----a-w-   C:\Windows\SysWow64\wow32.dll
2014-07-10 22:05:37   2048   ----a-w-   C:\Windows\SysWow64\user.exe
2014-07-10 21:41:13   167424   ----a-w-   C:\Program Files\Windows Media Player\wmplayer.exe
2014-07-10 21:41:13   164864   ----a-w-   C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-07-10 21:41:12   12625920   ----a-w-   C:\Windows\System32\wmploc.DLL
2014-07-10 21:41:11   12625408   ----a-w-   C:\Windows\SysWow64\wmploc.DLL
2014-07-10 21:29:20   1684928   ----a-w-   C:\Windows\System32\drivers\ntfs.sys
2014-07-10 21:26:09   1460736   ----a-w-   C:\Windows\System32\lsasrv.dll
2014-07-10 21:26:07   95680   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2014-07-10 21:26:07   31232   ----a-w-   C:\Windows\System32\lsass.exe
2014-07-10 21:26:07   155072   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2014-07-10 21:26:07   136192   ----a-w-   C:\Windows\System32\sspicli.dll
2014-07-10 21:26:06   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
2014-07-10 21:26:06   29184   ----a-w-   C:\Windows\System32\sspisrv.dll
2014-07-10 21:26:06   28160   ----a-w-   C:\Windows\System32\secur32.dll
2014-07-10 21:26:06   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2014-07-10 21:21:44   --------   d-----r-   C:\Program Files (x86)\Skype
.
==================== Find3M  ====================
.
2014-07-10 21:33:29   71344   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-10 21:33:29   699056   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-10 21:31:17   194048   ----a-w-   C:\Windows\SysWow64\elshyph.dll
2014-07-10 21:31:08   235008   ----a-w-   C:\Windows\System32\elshyph.dll
2014-07-10 21:31:07   71680   ----a-w-   C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-07-10 21:31:07   645120   ----a-w-   C:\Windows\SysWow64\jsIntl.dll
2014-07-10 21:31:07   182272   ----a-w-   C:\Windows\SysWow64\msls31.dll
2014-07-10 21:31:05   62464   ----a-w-   C:\Windows\SysWow64\tdc.ocx
2014-07-10 21:31:05   337408   ----a-w-   C:\Windows\SysWow64\html.iec
2014-07-10 21:31:03   24576   ----a-w-   C:\Windows\SysWow64\licmgr10.dll
2014-07-10 21:31:02   151552   ----a-w-   C:\Windows\SysWow64\iexpress.exe
2014-07-10 21:31:02   139264   ----a-w-   C:\Windows\SysWow64\wextract.exe
2014-07-10 21:31:00   36352   ----a-w-   C:\Windows\SysWow64\imgutil.dll
2014-07-10 21:31:00   13312   ----a-w-   C:\Windows\SysWow64\mshta.exe
2014-06-19 01:06:55   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2014-06-19 01:06:24   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57   548352   ----a-w-   C:\Windows\System32\vbscript.dll
2014-06-19 00:42:49   66048   ----a-w-   C:\Windows\System32\iesetup.dll
2014-06-19 00:41:52   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16   83968   ----a-w-   C:\Windows\System32\MshtmlDac.dll
2014-06-19 00:24:30   139264   ----a-w-   C:\Windows\System32\ieUnatt.exe
2014-06-19 00:24:12   111616   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2014-06-19 00:23:53   752640   ----a-w-   C:\Windows\System32\jscript9diag.dll
2014-06-19 00:14:28   940032   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04   38400   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38   5721088   ----a-w-   C:\Windows\System32\jscript9.dll
2014-06-18 23:38:40   455168   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2014-06-18 23:37:23   61952   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2014-06-18 23:36:35   51200   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55   62464   ----a-w-   C:\Windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45   1249280   ----a-w-   C:\Windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07   2040832   ----a-w-   C:\Windows\System32\inetcpl.cpl
2014-06-18 23:23:27   112128   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40   592896   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10   32256   ----a-w-   C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27   2266112   ----a-w-   C:\Windows\System32\wininet.dll
2014-06-18 22:52:18   4254720   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2014-06-18 22:46:23   1068032   ----a-w-   C:\Windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59   1964544   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59   1791488   ----a-w-   C:\Windows\SysWow64\wininet.dll
2014-06-06 10:10:34   624128   ----a-w-   C:\Windows\System32\qedit.dll
2014-06-06 09:44:17   509440   ----a-w-   C:\Windows\SysWow64\qedit.dll
2014-05-30 08:08:52   210944   ----a-w-   C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49   86528   ----a-w-   C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47   340992   ----a-w-   C:\Windows\System32\schannel.dll
2014-05-30 08:08:41   314880   ----a-w-   C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41   307200   ----a-w-   C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36   728064   ----a-w-   C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31   22016   ----a-w-   C:\Windows\System32\credssp.dll
2014-05-30 07:52:51   172032   ----a-w-   C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49   65536   ----a-w-   C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45   247808   ----a-w-   C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41   220160   ----a-w-   C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40   259584   ----a-w-   C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36   550912   ----a-w-   C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30   17408   ----a-w-   C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52   497152   ----a-w-   C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 14:45:45.68 ===============


Attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/20/2011 5:52:05 PM
System Uptime: 8/1/2014 1:04:07 PM (1 hours ago)
.
Motherboard: Hewlett-Packard |  | 180B
Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics | Socket FS1 | 1400/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 681 GiB total, 608.954 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 1.898 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP178: 7/26/2014 9:39:36 AM - Windows Update
RP179: 7/26/2014 9:43:55 AM - Windows Backup
RP180: 7/26/2014 11:03:07 AM - Installed TouchFreeze
RP181: 7/26/2014 1:19:45 PM - Windows Update
RP182: 7/27/2014 3:58:25 PM - Installed HP Support Assistant
RP183: 7/27/2014 4:04:32 PM - Windows Modules Installer
RP184: 7/27/2014 4:06:46 PM - Windows Modules Installer
RP185: 7/27/2014 7:00:11 PM - Windows Backup
RP186: 7/28/2014 7:54:17 PM - Windows Update
RP187: 7/28/2014 11:19:59 PM - Installed Adobe Reader XI.
RP188: 8/1/2014 12:49:14 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Flash Player 14 ActiveX
Adobe Photoshop Elements 10
Adobe Photoshop.com Inspiration Browser
Adobe Reader XI (11.0.07)
Adobe Shockwave Player 11.5
Adorable Pets Screensaver
Agatha Christie - Peril at End House
AMD APP SDK Runtime
AMD Fuel
AMD System Monitor
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
AuthenTec TrueAPI
Bejeweled 2 Deluxe
Bejeweled 3
Blackhawk Striker 2
Blasterball 3
Bonjour
Bounce Symphony
Breathtaking Water Scenes
Build-a-lot 2
Cake Mania
Catalina Savings Printer
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Coupon Printer for Windows
CyberLink PowerDVD 10
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
DIRECTV Player
Dora's World Adventure
Elements 10 Organizer
Energy Star Digital Logo
ESU for Microsoft Windows 7
Evernote v. 4.2.2
Farm Frenzy
FATE - The Traitor Soul
ffdshow [rev 2527] [2008-12-19]
File Type Assistant
Google Toolbar for Internet Explorer
Google Update Helper
Hewlett-Packard ACLM.NET v1.2.2.3
Hidden Mysteries Buckingham Palace
Hidden Mysteries Civil War
HP 3D DriveGuard
HP Auto
HP Client Services
HP Connection Manager
HP Customer Experience Enhancements
HP Documentation
HP DVB-T TV Tuner 8.0.64.43
HP Games
HP MovieStore
HP On Screen Display
HP Power Manager
HP Product Detection
HP Quick Launch
HP Setup
HP Setup Manager
HP SimplePass 2011
HP Software Framework
HP Support Assistant
IDT Audio
iTunes
Java 7 Update 65
Java Auto Updater
Java(TM) 6 Update 24 (64-bit)
Junk Mail filter update
Kitten Antics Screensaver
Lake Scenes
Living Marine Aquarium 2
Living Rainforest ScreenSaver
Mah Jong Medley
Mahjong Mysteries - Ancient Egypt
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft IntelliType Pro 8.2
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Moonlight Lake
Mozilla Firefox 30.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyLogoMaker 3.0
Mystery P.I. - Stolen in San Francisco
Namco All-Stars PAC-MAN
Neat
Neat ADF Scanner 2008 Driver
Neat ADF Scanner Driver
Neat Core Files
Neat Mobile Scanner (Silver) Driver
Neat Mobile Scanner 2008 Driver
Neat Mobile Scanner Driver
Ocean Life Screensaver
Ocean Views Screensaver
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
PSE10 STI Installer
Puppy Love
QuickTime
Ralink RT5390 802.11b/g/n WiFi Adapter
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Recovery Manager
Roses Screensaver
RoxioNow Player
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2767915) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Send To Neat
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype™ 6.11
Slingo Supreme
Sweet Kittens Screensaver
Synaptics TouchPad Driver
TouchFreeze
Trend Micro Titanium
Trend Micro™ Titanium™
TURBOFloorPlan3D Home & Landscape Deluxe
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition
Update Installer for WildTangent Games App
Validity WBF DDK
Virtual Villagers 4 - The Tree of Life
Vivitar Experience Image Manager
Water Flowers Screensaver
Wheel of Fortune 2
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WMV9/VC-1 Video Playback
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
8/1/2014 12:30:02 PM, Error: Service Control Manager [7034]  - The TrueSuiteService service terminated unexpectedly.  It has done this 1 time(s).
8/1/2014 1:42:37 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
7/27/2014 4:20:00 PM, Error: Service Control Manager [7031]  - The Windows Event Log service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/27/2014 4:20:00 PM, Error: Service Control Manager [7031]  - The Windows Audio service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/27/2014 4:20:00 PM, Error: Service Control Manager [7031]  - The TCP/IP NetBIOS Helper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
7/27/2014 4:20:00 PM, Error: Service Control Manager [7031]  - The Security Center service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/27/2014 4:20:00 PM, Error: Service Control Manager [7031]  - The DHCP Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/27/2014 3:57:28 PM, Error: Service Control Manager [7000]  - The HP Support Assistant Service service failed to start due to the following error:  The system cannot find the file specified.
7/27/2014 3:51:46 PM, Error: Service Control Manager [7031]  - The HP Support Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/26/2014 9:52:09 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition.
7/26/2014 9:52:02 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition.
7/26/2014 9:49:41 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft .NET Framework 4 on Windows Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 x64 (KB2931365).
.
==== End Of File ===========================

Pages: [1]