Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible virus need help figuring it out

Started by el_jack , May 21 2013 06:13 PM

  • Please log in to reply

#1
el_jack
Posted 21 May 2013 - 06:13 PM

el_jack

    Member

  • Member
  • PipPipPip
  • 110 posts
Hello

I have been having trouble with my computer for over a month. It has started running slow. I know a little about computers so my first response was to run a scan. Norton did not find anything nor has malwarebytes. Since it found nothing my next guess was to check the hard drive then processor. I did both using their individual manufacture's diagnostic tools. Each one passed, so no problem with them. Now the problem is this my cpu is hitting at high levels. I looked at the task manager to see what is taking the most cpu resource and found two for the most part - ccsvchst.exe, iexplorer.exe.

The ccsvchst.exe is Norton and the other is for internet explorer. I have never had this type of problem before with my machine. On the internet I read iexplorer.exe could also be a virus. It shows up in the task manager twice at a time. Norton never gave me a problem before so I am figuring it is a conflict for cpu resource that's causing high cpu consumption.

also the OTL results (extra.txt) states I have errors. Could someone tell me how to go about fixing these errors.

All relevant help is welcomed

Thanks



OTL logfile created on: 5/21/2013 6:07:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.22 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 58.14% Memory free
8.04 Gb Paging File | 6.57 Gb Available in Paging File | 81.68% Paging File free
Paging file location(s): c:\pagefile.sys 4939 4939 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 399.95 Gb Free Space | 85.89% Space Free | Partition Type: NTFS
Drive E: | 3.72 Gb Total Space | 3.68 Gb Free Space | 98.79% Space Free | Partition Type: FAT32

Computer Name: EPC | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/21 18:07:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2013/05/20 18:38:02 | 000,813,448 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe
PRC - [2013/05/10 02:57:24 | 001,465,920 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/29 21:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/23 23:40:44 | 002,013,072 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 8\PdfPro8Hook.exe
PRC - [2012/10/23 23:40:08 | 000,135,056 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 8\PDFProFiltSrv.exe
PRC - [2012/10/10 21:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\20.2.0.19\ccsvchst.exe
PRC - [2012/05/18 13:40:18 | 000,029,592 | ---- | M] (Gladinet, INC) -- C:\Program Files\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe
PRC - [2012/05/18 13:08:10 | 000,145,304 | ---- | M] () -- C:\Program Files\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
PRC - [2011/03/09 16:20:28 | 000,192,512 | ---- | M] (Chicony Electronics Co., Ltd.) -- C:\Windows\System32\DVAPTray.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/08/24 20:54:18 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac7302\Monitor.exe
PRC - [2010/03/04 07:35:54 | 001,632,776 | ---- | M] (M-Audio) -- C:\Program Files\M-Audio\Oxygen\AudioDevMon.exe
PRC - [2009/10/02 13:53:54 | 000,643,592 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\System32\M-AudioTaskBarIcon.exe
PRC - [2009/02/18 18:31:56 | 000,294,912 | -H-- | M] (DeviceVM) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2003/12/01 14:38:16 | 000,892,928 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\iTouch.exe
PRC - [2003/11/14 12:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE


========== Modules (No Company Name) ==========

MOD - [2013/05/10 02:57:24 | 000,305,728 | ---- | M] () -- C:\Program Files\Adobe\Reader 10.0\Reader\sqlite.dll
MOD - [2013/04/04 05:32:22 | 000,016,288 | ---- | M] () -- C:\Program Files\Java\jre7\bin\jp2native.dll
MOD - [2013/04/04 05:32:16 | 000,196,512 | ---- | M] () -- C:\Program Files\Java\jre7\bin\jp2iexp.dll
MOD - [2012/07/27 15:51:34 | 006,549,432 | ---- | M] () -- C:\Program Files\Adobe\Reader 10.0\Reader\authplay.dll
MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Security Suite\Engine\20.2.0.19\wincfi39.dll


========== Services (SafeList) ==========

SRV - [2013/05/20 18:48:35 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/23 23:40:08 | 000,135,056 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PDF Professional 8\PDFProFiltSrv.exe -- (PDFProFiltSrv)
SRV - [2012/10/10 21:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe -- (N360)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/18 13:40:18 | 000,029,592 | ---- | M] (Gladinet, INC) [Auto | Running] -- C:\Program Files\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe -- (GladFileMonSvc)
SRV - [2010/05/13 14:22:10 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/04 07:35:54 | 001,632,776 | ---- | M] (M-Audio) [Auto | Running] -- C:\Program Files\M-Audio\Oxygen\AudioDevMon.exe -- (OxygenAudioDevMon)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/18 18:31:56 | 000,294,912 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\rootrepeal.sys -- (rootrepeal)
DRV - [2013/05/08 17:40:50 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130510.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/05/08 17:40:50 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130510.003\NAVENG.SYS -- (NAVENG)
DRV - [2013/04/12 18:53:06 | 001,000,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130502.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/04/03 17:06:46 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/02/09 12:34:04 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/02/09 12:11:23 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/02/08 18:12:44 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130509.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/10/08 20:00:02 | 000,586,400 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\1402000.013\srtsp.sys -- (SRTSP)
DRV - [2012/10/03 20:40:36 | 000,927,904 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1402000.013\symefa.sys -- (SymEFA)
DRV - [2012/10/03 20:40:20 | 000,368,288 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1402000.013\symds.sys -- (SymDS)
DRV - [2012/10/03 20:19:14 | 000,134,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1402000.013\ccsetx86.sys -- (ccSet_N360)
DRV - [2012/07/27 22:05:22 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1402000.013\ironx86.sys -- (SymIRON)
DRV - [2012/07/22 20:34:24 | 000,338,592 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1402000.013\symnets.sys -- (SymNetS)
DRV - [2012/05/25 00:36:56 | 000,032,888 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1402000.013\srtspx.sys -- (SRTSPX)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/08/24 20:54:21 | 000,457,472 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2010/05/20 15:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/03/23 02:17:06 | 001,812,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2010/03/04 07:35:52 | 000,112,136 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioOxygen.sys -- (OXYGEN)
DRV - [2010/02/28 18:26:02 | 000,006,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010/02/28 17:02:58 | 000,122,368 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2009/10/02 13:53:46 | 000,158,344 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK)
DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 19:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/06/26 18:36:26 | 000,023,696 | ---- | M] (Steinberg Media Technologies GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\synasusb.sys -- (synasusb)
DRV - [2008/02/29 10:13:48 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2003/11/07 04:50:00 | 000,070,798 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lmouflt2.sys -- (LMouFlt2)
DRV - [2003/11/07 04:50:00 | 000,037,884 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lhidusb.sys -- (LHidUsb)
DRV - [2003/11/07 04:50:00 | 000,025,502 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2003/11/07 04:50:00 | 000,014,092 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LCCFLTR.SYS -- (LCcfltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {82EB9201-24ED-43E8-87A7-436BCAE779C3}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{25B17962-A54C-487E-BCA0-8D1B468B9EDA}: "URL" = http://www.youtube.c...y={searchTerms}
IE - HKCU\..\SearchScopes\{82EB9201-24ED-43E8-87A7-436BCAE779C3}: "URL" = http://www.google.co...&rlz=1I7ADSA_en
IE - HKCU\..\SearchScopes\{F87C5D26-344E-4110-9665-3C1E8884F81E}: "URL" = http://search.yahoo....ei=utf-8&fr=ie8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;localhost


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files\Nuance\PDF Professional 8\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/02/09 12:12:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/05/21 17:28:34 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.youtube.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Flash Video Downloader = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkfikfcbnpfoicfjammigpnakpogebh\2.3.5_0\
CHR - Extension: Norton Identity Protection = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\
CHR - Extension: Gmail = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Professional 8\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No CLSID value found.
O2 - BHO: (Gaaiho PDF Conversion Toolbar Helper) - {C7DA0384-42AA-428c-B832-88AC343DE1A8} - C:\Program Files\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll (Zeon Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [DVAPTray] C:\Windows\System32\DVAPTray.exe (Chicony Electronics Co., Ltd.)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software LLC.)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [Logitech Utility] C:\Windows\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Nuance PDF Converter Professional 8-reminder] C:\Program Files\Nuance\PDF Professional 8\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PDF8 Registry Controller] C:\Program Files\Nuance\PDF Professional 8\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFProHook] C:\Program Files\Nuance\PDF Professional 8\pdfpro8hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8 - Extra context menu item: Open with Nuance PDF Converter 8 - C:\Program Files\Nuance\PDF Professional 8\cnvres_eng.dll (Nuance Communications, Inc.)
O8 - Extra context menu item: Open with PDF Professional 8 - C:\Program Files\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: microsoft.com ([oas.support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([support] http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.h...ads/sysinfo.cab (SysData Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergys...om/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC747D21-4BCD-4258-B8BF-C70D99F87C26}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D281B2AD-43F4-4F74-B2DF-8E5DF1EC7D49}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{16d92535-32ae-11e2-a8d4-0022159ad916}\Shell - "" = AutoRun
O33 - MountPoints2\{16d92535-32ae-11e2-a8d4-0022159ad916}\Shell\AutoRun\command - "" = G:\DVAP.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\DVAP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/20 19:05:43 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Intel
[2013/05/20 18:58:29 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intel Corporation
[2013/05/20 18:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\Intel Corporation
[2013/05/20 18:43:33 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Mozilla
[2013/05/20 15:12:45 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/04/28 01:36:13 | 000,000,000 | ---D | C] -- C:\Users\Eric\Documents\BSR Videos
[2013/04/28 01:36:12 | 000,000,000 | ---D | C] -- C:\Users\Eric\Documents\BSR Photos
[2013/04/28 01:35:32 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Bulents
[2013/04/28 01:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\BSR Screen Recorder 6
[2013/04/28 01:35:26 | 000,000,000 | ---D | C] -- C:\Users\Eric\Documents\BSR Projects
[2013/04/28 01:31:40 | 032,132,192 | ---- | C] (Bulent Baltacioglu - BSRSoft) -- C:\Users\Eric\Desktop\InstallBSRv6.exe
[2013/04/28 00:38:32 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\TechSmith
[2013/04/25 20:48:40 | 000,000,000 | ---D | C] -- C:\Windows\pss

========== Files - Modified Within 30 Days ==========

[2013/05/21 18:08:44 | 000,000,406 | -H-- | M] () -- C:\dvmexp.idx
[2013/05/21 18:06:55 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/21 18:06:55 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/21 17:49:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/21 17:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/21 17:43:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3934589312-3869621106-1268527806-1001UA.job
[2013/05/21 17:35:45 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/21 17:35:45 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/21 17:29:22 | 000,007,607 | ---- | M] () -- C:\Users\Eric\AppData\Local\resmon.resmoncfg
[2013/05/21 17:28:32 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/21 17:28:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/21 17:28:17 | 2589,810,688 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/21 13:35:08 | 000,000,045 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\mbam.context.scan
[2013/05/20 18:58:29 | 000,003,091 | ---- | M] () -- C:\Users\Eric\Desktop\Intel Processor Diagnostic Tool.lnk
[2013/05/20 18:56:56 | 005,705,728 | ---- | M] () -- C:\Users\Eric\Desktop\IPDT Installer 32Bit 1.48.0.0-19-10.exe
[2013/05/20 18:50:28 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3934589312-3869621106-1268527806-1001Core.job
[2013/05/20 18:36:17 | 000,443,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/28 01:35:33 | 000,002,059 | ---- | M] () -- C:\Users\Eric\Desktop\BSR Screen Recorder 6.lnk
[2013/04/28 01:35:32 | 000,692,224 | ---- | M] () -- C:\Windows\System32\bsrmgcv.dll
[2013/04/28 01:35:32 | 000,192,512 | ---- | M] () -- C:\Windows\System32\bsrmgps.dll
[2013/04/28 01:35:32 | 000,098,304 | ---- | M] () -- C:\Windows\System32\bsreffs.dll
[2013/04/28 01:35:32 | 000,090,112 | ---- | M] () -- C:\Windows\System32\bsrlback.dll
[2013/04/28 01:35:32 | 000,081,920 | ---- | M] () -- C:\Windows\System32\bsrgvas.dll
[2013/04/28 01:35:26 | 000,585,728 | ---- | M] () -- C:\Windows\System32\bsratswf.dll
[2013/04/28 01:35:26 | 000,147,456 | ---- | M] () -- C:\Windows\System32\bsratwmv.dll
[2013/04/28 01:32:13 | 032,132,192 | ---- | M] (Bulent Baltacioglu - BSRSoft) -- C:\Users\Eric\Desktop\InstallBSRv6.exe
[2013/04/27 21:12:17 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/23 17:19:22 | 528,242,444 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2013/05/21 13:35:08 | 000,000,045 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\mbam.context.scan
[2013/05/20 18:58:29 | 000,003,091 | ---- | C] () -- C:\Users\Eric\Desktop\Intel Processor Diagnostic Tool.lnk
[2013/05/20 18:56:56 | 005,705,728 | ---- | C] () -- C:\Users\Eric\Desktop\IPDT Installer 32Bit 1.48.0.0-19-10.exe
[2013/04/28 01:35:32 | 000,692,224 | ---- | C] () -- C:\Windows\System32\bsrmgcv.dll
[2013/04/28 01:35:32 | 000,192,512 | ---- | C] () -- C:\Windows\System32\bsrmgps.dll
[2013/04/28 01:35:32 | 000,098,304 | ---- | C] () -- C:\Windows\System32\bsreffs.dll
[2013/04/28 01:35:32 | 000,090,112 | ---- | C] () -- C:\Windows\System32\bsrlback.dll
[2013/04/28 01:35:32 | 000,081,920 | ---- | C] () -- C:\Windows\System32\bsrgvas.dll
[2013/04/28 01:35:32 | 000,002,059 | ---- | C] () -- C:\Users\Eric\Desktop\BSR Screen Recorder 6.lnk
[2013/04/28 01:35:26 | 000,585,728 | ---- | C] () -- C:\Windows\System32\bsratswf.dll
[2013/04/28 01:35:26 | 000,147,456 | ---- | C] () -- C:\Windows\System32\bsratwmv.dll
[2012/11/19 20:13:54 | 000,000,051 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\DVAP.set
[2012/11/19 20:13:41 | 009,979,392 | ---- | C] () -- C:\Windows\System32\DVAP_M.exe
[2012/11/19 20:13:41 | 000,155,648 | ---- | C] () -- C:\Windows\System32\DVAPfg.exe
[2012/11/19 20:13:11 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/03/28 05:01:19 | 002,236,020 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\downloader_install.exe
[2011/07/20 22:46:39 | 000,005,632 | ---- | C] () -- C:\Users\Eric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/05/18 16:07:58 | 000,001,940 | ---- | C] () -- C:\Users\Eric\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/05/04 13:57:14 | 000,002,475 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\SAS7_000.DAT
[2010/03/19 04:21:28 | 000,007,607 | ---- | C] () -- C:\Users\Eric\AppData\Local\resmon.resmoncfg
[2010/03/17 23:42:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/07/10 00:28:19 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Babylon
[2013/04/25 20:39:23 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Blueberry
[2013/01/02 16:36:08 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Canon
[2010/05/03 09:09:47 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/14 20:39:38 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Drumaxx
[2010/11/28 08:13:42 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\DSound
[2012/08/15 23:25:17 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Free Media Converter
[2011/08/11 19:38:05 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Fuze Box
[2012/01/10 23:04:58 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Image-Line
[2012/10/21 13:17:18 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\KompoZer
[2010/06/29 13:43:31 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Logia
[2011/07/25 23:33:47 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\LogSys
[2011/07/26 22:33:20 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Moyea
[2010/05/04 04:23:00 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Notepad++
[2012/10/19 16:55:56 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Nuance
[2010/04/30 19:35:30 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\OpenOffice.org
[2010/05/06 01:02:35 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Sawer
[2010/12/14 17:59:55 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\SynthMaker
[2012/11/30 13:36:01 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Waves Audio
[2012/04/28 13:01:23 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Windows Live Writer
[2012/10/19 16:55:00 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Zeon

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 633 bytes -> C:\Users\Eric\Documents\I would like to know more.eml:OECustomProperty
@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:AEC0AC81
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:F35A93AD

< End of report >






OTL Extras logfile created on: 5/21/2013 6:07:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.22 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 58.14% Memory free
8.04 Gb Paging File | 6.57 Gb Available in Paging File | 81.68% Paging File free
Paging file location(s): c:\pagefile.sys 4939 4939 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 399.95 Gb Free Space | 85.89% Space Free | Partition Type: NTFS
Drive E: | 3.72 Gb Total Space | 3.68 Gb Free Space | 98.79% Space Free | Partition Type: FAT32

Computer Name: EPC | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig" = 0
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0032597E-2C41-4703-8782-8CF010426DBC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{05C675CF-59FC-4482-8563-937ABA9EF8CB}" = rport=139 | protocol=6 | dir=out | app=system |
"{2A431E05-09BE-41C0-AA23-1AC18512AEB7}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{40BFB4D4-FC82-424C-A9A7-C5805F16BAFD}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4C3FC955-67F0-4505-B297-FE3AA234D0A5}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{4C4A4423-A9CB-40E7-B1AE-6656AAB71D79}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4E45F9FE-4BF9-4B17-AEA5-3A1CB6E1968E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{60A5A1AE-CECB-4FE1-9D48-D30694EAA629}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6353D4C8-2216-425B-9597-C1AC286B351D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{67EE0B44-AC2D-4BEE-8CDF-CEBB972E0AF2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{69B3562B-DF65-4CA9-8BAE-44ACE02739A1}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6DA3FA28-EE74-4791-955B-85D28E1D2205}" = rport=10243 | protocol=6 | dir=out | app=system |
"{72CC50E8-3ADC-4B4F-B6F0-66C73271A61B}" = lport=139 | protocol=6 | dir=in | app=system |
"{81A3AFDC-BD60-4B74-86E2-A4DCFBB83C90}" = rport=445 | protocol=6 | dir=out | app=system |
"{842CA812-30C3-48D4-9821-5D9A3F987CBE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{8E5C5007-B63B-4E12-9EFC-7AEF7AF5C2CB}" = lport=445 | protocol=6 | dir=in | app=system |
"{909B45FC-7800-4258-B104-A2EF003A3891}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9542D25E-BD86-4CEA-B91F-16B8F67B90CA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{9675CDDA-3499-4A57-9719-C1FC6CB87305}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{97649D1A-3EA1-48E1-92A4-A84825E20E47}" = rport=138 | protocol=17 | dir=out | app=system |
"{9BE78474-85F0-4670-91B3-4A2B314E32B2}" = rport=137 | protocol=17 | dir=out | app=system |
"{9EB0A11A-81F3-40A1-81DB-5387DC3ED962}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9FF0BDC3-DB00-4904-B863-81A7B2502061}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA98C742-FF2F-4810-B0C5-931867DD5E73}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{B14C534F-4ACA-4C81-BFE6-DEA395318478}" = lport=137 | protocol=17 | dir=in | app=system |
"{B90DA289-E57E-4642-A09B-7F5231CA6CB5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BB632834-8DFE-4409-9C42-A314CA760A83}" = lport=138 | protocol=17 | dir=in | app=system |
"{D115DA09-4015-4A5D-9521-3154F3AA7170}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D53998A7-B827-4266-89C9-751599DDC258}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FE72A704-D49C-48E6-8F63-52B123B55A17}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C3F8407-806D-4EBA-B884-484F5FCE4667}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{127DF936-68CD-4A2B-810D-CD4FAB4D0B4F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{15F9C962-311E-4CA9-9BB9-AFCD8FB27DBD}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1BDDB1F2-2D84-4827-B4F9-911D07F0BF75}" = protocol=17 | dir=in | app=c:\program files\nuance\nuance cloud connector\wosvsssvr.exe |
"{27780614-1D77-4111-81E2-5E994CE07EFC}" = protocol=17 | dir=in | app=c:\program files\nuance\nuance cloud connector\wosvsssvrxp32.exe |
"{40A6438A-9BD2-4C5C-80C9-554B286584B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{47AC4451-9C4F-4981-8F24-DA7C02F963FB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{588EE708-C842-481C-95EF-2DB636C517BD}" = protocol=6 | dir=out | app=system |
"{5D52BD51-4841-4CD7-895C-7118178F803E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5FF47859-4820-4C11-9A91-C04D5E55D154}" = protocol=1 | dir=out | [email protected],-28544 |
"{5FFA94FC-F65B-439B-8067-F1EBB44B0EDC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{65CC5086-2584-4037-9A1C-D3607647A3A1}" = protocol=6 | dir=in | app=c:\program files\nuance\nuance cloud connector\wosvsssvr.exe |
"{6C281EFF-5015-4A16-82E4-E9D4C3EC09CF}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{6DF138BD-30B0-4054-8ACA-70F7C5D64BB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{74A878D2-70BD-4862-AA1D-234011C7F3E2}" = protocol=58 | dir=out | [email protected],-28546 |
"{754CB63E-C8F2-4EB8-9B3F-3F80E722D1BF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7A15481D-7B50-47AC-8F4D-8BA39B4FF053}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{83749837-8822-4A66-8497-5A1154B9E6F9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8ABAC1C9-81CB-4657-8C82-0ECDD686C83A}" = protocol=6 | dir=in | app=c:\program files\nuance\nuance cloud connector\wosvsssvrxp32.exe |
"{952F1DD4-23E2-4150-9FF8-7B9F9AFADDB7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{9C56C898-213B-4485-850C-C11C6AC1B83F}" = protocol=6 | dir=in | app=c:\program files\nuance\nuance cloud connector\wosvsssvr2003.exe |
"{9F98C0BD-ED35-44A6-A2B3-B254981AC326}" = protocol=1 | dir=in | [email protected],-28543 |
"{B67260AC-523E-4944-B5F2-3E31CB6AA836}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B72F5AA5-BC3A-4CF3-93B3-2B2921C4A103}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{BE75650E-17F5-41C5-9AB4-A5043D030A44}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BE79CD46-4111-4176-991C-BFFDF0639C9B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C1F8AC37-8935-422B-A439-53714ED76DED}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C55825A0-492D-41D2-A32B-DF7395BE2F74}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{C6C8AFFE-35BC-492F-ACAB-09A3CF2229EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D0EB1153-D5C2-40BC-9E3D-08A66267DDA0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D1E51541-8081-4E44-8935-74AA193C7957}" = protocol=6 | dir=in | app=c:\program files\nuance\nuance cloud connector\gladinetclient.exe |
"{DCBF06D8-012B-4362-9C63-9B89D9966107}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DCE07C0A-7F61-44D5-A08F-4E315AD7D896}" = protocol=17 | dir=in | app=c:\program files\nuance\nuance cloud connector\gladinetclient.exe |
"{EC448D2B-BD86-4ED7-A3EF-915BC2F61751}" = protocol=17 | dir=in | app=c:\program files\nuance\nuance cloud connector\wosvsssvr2003.exe |
"{F58BC590-58DB-48A6-9063-2A69416BA06D}" = protocol=58 | dir=in | [email protected],-28545 |
"{F7842940-4800-464C-9C59-F5BBCA4B24B5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0351BD86-CC1A-400F-B70D-D8D858E0D5A3}" = Nuance PDF Converter Professional 8
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0E2FA8AF-841F-4D8F-90F7-848C94961BCD}" = M-Audio Oxygen Driver 1.3.0 (x86)
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{118071AB-6572-4FAD-A1FD-67264C994350}" = e-Sword
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX510_series" = Canon MX510 series MP Drivers
"{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}" = ISO Recorder
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{155CE000-DDE8-4EFA-B38C-71788FAE65AF}" = Intel Processor Diagnostic Tool
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D7A7AFA-5F17-4C5B-9C86-DE840E2E5EB7}" = Toshiba Camileo Uploader
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22443966-38F8-8A4D-AA16-0FBFA246881F}" = Acrobat.com
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A1B43F9-48D2-4B86-B792-0A4FC4163005}" = Gaaiho Collaboration
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42086A11-2D66-4D4F-A78A-4762D425E836}" = Nuance Cloud Connector
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{4C2CEEBA-A5EB-496E-B24D-C26D93157EB7}" = DSound GT Player Express
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{513148E7-B7A1-48B2-B518-668701E546F5}" = LightScribe System Software 1.14.19.1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D38959D-2B4D-8AB0-FD1B-27C324E78DB0}" = RichFLV
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{66B6D13A-9CC1-417D-B6F2-58AA539D1033}" = Nero 7 Essentials
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CDA228D-9F04-4223-823A-BFF5970C96E9}" = ArcSoft MediaImpression HD Edition
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{82C476D6-6B62-4E9C-A7C7-82AFB58A0A7D}" = e-Sword Macros for Word 2010
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91000001-C561-4E32-99EB-3C5AD3683A70}" = Waves Complete V9r6
"{91B9368F-6C6F-3DB5-9CBA-6CAD56035B26}" = Google Talk Plugin
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{994B2E8D-B4E5-4724-A2A7-E130D351CE73}" = M-Audio FastTrack Driver 6.0.2 (x86)
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A0FE0292-D3BE-3447-80F2-72E032A54875}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ARP2600 V2_is1" = ARP2600 V2 2.0
"ASIO4ALL" = ASIO4ALL
"Bleep VSTi" = Bleep VSTi
"BSRScreenRecorder6" = BSR Screen Recorder 6
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"de.benz.RichFLV.A73E9F89A0F07611DDC8DCF9F06D33E089C383B6.1" = RichFLV
"Drumaxx" = Drumaxx
"DX10" = DX10
"eLicenser Control" = eLicenser Control
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow v1.1.3425 [2010-05-08]
"FL Studio 10" = FL Studio 10
"FL Studio 9" = FL Studio 9
"Hardcore" = Hardcore
"HDMI" = Intel® Graphics Media Accelerator Driver
"IL Download Manager" = IL Download Manager
"LAGARITH" = Lagarith lossless video codec (Remove Only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"MixPad" = MixPad
"N360" = Norton Security Suite
"Notepad++" = Notepad++
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PhotoPad" = PhotoPad Image Editor
"PoiZone" = PoiZone
"Sakura" = Sakura
"Sawer" = Sawer
"Sonigen Modular_is1" = Sonigen Modular version
"The Ancient Hebrew Lexicon of the Bible e-Sword Module" = The Ancient Hebrew Lexicon of the Bible e-Sword Module
"The Scriptures_is1" = The Scriptures
"Toxic Biohazard" = Toxic Biohazard
"TVWiz" = Intel® TV Wizard
"VideoPad" = VideoPad Video Editor
"WavePad" = WavePad Sound Editor
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.10 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/29/2013 10:18:04 PM | Computer Name = EPC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "G:\SystemLook_x64.exe". Dependent
Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/29/2013 10:20:10 PM | Computer Name = EPC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "G:\SystemLook_x64.exe". Dependent
Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/1/2013 3:12:22 PM | Computer Name = EPC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Program Files\Microsoft
Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/2/2013 8:43:43 PM | Computer Name = EPC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Program Files\Microsoft
Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/3/2013 4:46:02 PM | Computer Name = EPC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Program Files\Microsoft
Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/6/2013 12:03:46 AM | Computer Name = EPC | Source = Application Hang | ID = 1002
Description = The program FL.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1240 Start Time:
01ce4a0c3f07c32a Termination Time: 60000 Application Path: C:\Program Files\Image-Line\FL
Studio 10\FL.exe Report Id: be91b0f3-b601-11e2-87e2-0022159ad916

Error - 5/7/2013 2:00:37 PM | Computer Name = EPC | Source = Application Error | ID = 1000
Description = Faulting application name: FL.exe, version: 0.0.0.0, time stamp: 0x4d3574e7
Faulting
module name: ss2wav.dll, version: 0.0.0.0, time stamp: 0x392d9b20 Exception code:
0xc0000005 Fault offset: 0x0000b6a2 Faulting process id: 0x13a4 Faulting application
start time: 0x01ce4b4aebec987f Faulting application path: C:\Program Files\Image-Line\FL
Studio 10\FL.exe Faulting module path: C:\Program Files\Image-Line\FL Studio 10\ss2wav.dll
Report
Id: 052a61ad-b740-11e2-a158-0022159ad916

Error - 5/8/2013 10:00:32 PM | Computer Name = EPC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Program Files\Microsoft
Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/21/2013 2:24:01 PM | Computer Name = EPC | Source = Application Error | ID = 1000
Description = Faulting application name: RegistryController.exe, version: 8.0.12523.2141,
time stamp: 0x5086fbd0 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015,
time stamp: 0x50b83b16 Exception code: 0xc0020001 Fault offset: 0x0000812f Faulting
process id: 0x9b4 Faulting application start time: 0x01ce565055ca95e1 Faulting application
path: C:\Program Files\Nuance\PDF Professional 8\RegistryController.exe Faulting
module path: C:\Windows\system32\KERNELBASE.dll Report Id: 9b99f4d1-c243-11e2-a021-0022159ad916

Error - 5/21/2013 7:05:57 PM | Computer Name = EPC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "E:\SystemLook_x64.exe". Dependent
Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 5/20/2013 10:13:13 PM | Computer Name = EPC | Source = DCOM | ID = 10016
Description =

Error - 5/21/2013 7:48:10 AM | Computer Name = EPC | Source = DCOM | ID = 10016
Description =

Error - 5/21/2013 11:32:47 AM | Computer Name = EPC | Source = DCOM | ID = 10016
Description =

Error - 5/21/2013 2:24:29 PM | Computer Name = EPC | Source = DCOM | ID = 10016
Description =

Error - 5/21/2013 2:31:01 PM | Computer Name = EPC | Source = DCOM | ID = 10016
Description =

Error - 5/21/2013 6:29:31 PM | Computer Name = EPC | Source = DCOM | ID = 10016
Description =

Error - 5/21/2013 7:06:18 PM | Computer Name = EPC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 5/21/2013 7:06:19 PM | Computer Name = EPC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 5/21/2013 7:06:19 PM | Computer Name = EPC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 5/21/2013 7:06:20 PM | Computer Name = EPC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.


< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP