Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible Infection - computer started running slow (and "stalling&

Started by briz_dad , May 22 2013 01:33 PM

  • This topic is locked This topic is locked

#1
briz_dad
Posted 22 May 2013 - 01:33 PM

briz_dad

    Member

  • Member
  • PipPipPip
  • 251 posts
Hello Support,

I believe it is possible that my computer has been infected and something is running in the background. Sites and programs are sometimes loading slowly - or bogging down.
  • iTunes stream to preview songs buffering a lot
  • normal, often visited web pages loading slowly
  • computer fan or hard-drive increasing noise - like it is getting "taxed"
  • i ran MS Security Essentials and nothing was found
  • i paused carbonite online back-up

Also, last night I accidentally hit one of "those" sites that one usually immediately regrets; horses, dogs, body parts - yes, it was an accident. Yes, I realize I've opened myself up to ridicule. :whistling:

I noticed things running slow earlier this week - like something unwanted is running in the background. And with last night's mishap, I thought I better check things out here. (It really was an accident.)

I do have a lot of things intended to be running in background; DropBox, GoToMeeting, etc. - however I've had them for quite some time and things ran smoothly. So I am suspect of something else recently getting involved in the mix...

By the way, a couple of months ago my IE got totally hosed - CSS doesn't render properly in it at all. It is not my primary browser so I wasn't that concerned at the time. (I don't think it ever really worked properly.)

And now for the OTL Log: (and thank you)

OTL logfile created on: 5/22/2013 12:13:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Greg\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.16 Gb Available Physical Memory | 64.58% Memory free
15.98 Gb Paging File | 12.73 Gb Available in Paging File | 79.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.22 Gb Total Space | 483.87 Gb Free Space | 52.64% Space Free | Partition Type: NTFS
Drive M: | 232.88 Gb Total Space | 82.37 Gb Free Space | 35.37% Space Free | Partition Type: NTFS
Drive V: | 1862.82 Gb Total Space | 618.28 Gb Free Space | 33.19% Space Free | Partition Type: NTFS
Drive W: | 465.76 Gb Total Space | 238.44 Gb Free Space | 51.19% Space Free | Partition Type: NTFS

Computer Name: GREGZ-PC | User Name: Greg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/22 12:13:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Greg\Desktop\OTL.exe
PRC - [2013/05/19 14:54:41 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/05/15 07:00:12 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
PRC - [2013/05/13 07:07:05 | 001,592,208 | ---- | M] () -- C:\Users\Greg\AppData\Local\Mikogo4\Viewer\Service\M4-Capture.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/08 03:17:22 | 000,642,664 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2013/04/26 19:03:56 | 000,169,312 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
PRC - [2013/03/22 06:07:18 | 000,093,072 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2013/03/12 00:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Greg\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/03/11 15:34:56 | 001,182,536 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2013/03/11 14:03:22 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2013/03/11 11:14:06 | 000,040,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\1133\g2mstart.exe
PRC - [2013/03/11 11:14:06 | 000,040,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\1133\g2mlauncher.exe
PRC - [2013/03/11 11:14:06 | 000,040,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\1133\g2mcomm.exe
PRC - [2013/02/05 16:18:22 | 001,065,480 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2013/01/29 21:05:44 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
PRC - [2012/12/07 18:26:56 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012/12/06 23:09:26 | 001,008,032 | ---- | M] () -- C:\Users\Greg\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe
PRC - [2012/09/10 17:31:52 | 000,376,176 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files (x86)\PIXELA\Transfer Utility\CameraMonitor.exe
PRC - [2012/08/18 18:53:54 | 000,679,936 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgr.exe
PRC - [2011/09/08 00:15:22 | 000,670,792 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
PRC - [2011/08/19 21:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/08/19 21:30:02 | 000,679,936 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QBDBMgrN.exe
PRC - [2010/11/17 08:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/03/03 18:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 18:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/09/13 00:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2009/09/13 00:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/19 14:54:22 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/05/15 20:59:33 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/05/15 20:59:15 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013/05/15 20:59:11 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/05/15 07:00:11 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
MOD - [2013/04/26 19:03:56 | 000,169,312 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
MOD - [2013/03/29 09:17:06 | 000,070,536 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll
MOD - [2013/03/11 15:33:28 | 000,269,128 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_regex-vc90-mt-p-1_33.dll
MOD - [2013/02/14 08:06:36 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/01/09 12:16:47 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll
MOD - [2013/01/09 12:14:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 12:13:47 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 12:13:33 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 12:13:30 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 12:13:26 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/09/10 17:31:54 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\PIXELA\Transfer Utility\pxl_m17n_tool.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/24 20:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 08:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/02/05 16:05:34 | 007,564,808 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/11/20 16:39:40 | 006,399,040 | ---- | M] (Carbonite, Inc.) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe -- (Carbonite-Mirror-Image-Svc)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 16:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/19 14:54:40 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/15 07:00:13 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/22 06:07:18 | 000,093,072 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2013/03/11 14:03:22 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2013/01/29 21:05:44 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe -- (HTCMonitorService)
SRV - [2012/12/07 18:26:56 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012/12/06 23:09:26 | 001,008,032 | ---- | M] () [Auto | Running] -- C:\Users\Greg\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe -- (M4-Service)
SRV - [2012/10/04 01:13:32 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/08 00:15:22 | 000,670,792 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011/08/19 21:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/08/19 21:30:58 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2011/08/19 21:30:02 | 000,679,936 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QBDBMgrN.exe -- (QuickBooksDB22)
SRV - [2011/07/31 12:41:53 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2010/11/25 03:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 03:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 18:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/07 19:27:50 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/14 13:43:22 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV:64bit: - [2011/12/14 13:43:22 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV:64bit: - [2011/12/14 13:43:22 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV:64bit: - [2011/12/14 13:43:22 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV:64bit: - [2011/12/14 13:43:22 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV:64bit: - [2011/09/07 23:42:38 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/17 23:58:44 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 02:42:36 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2011/02/14 02:42:30 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2011/02/14 02:42:28 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/17 15:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/03/19 01:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/12 12:23:16 | 000,242,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/03 17:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/27 18:45:06 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/11/02 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/09/08 19:13:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 17:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 17:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/07/13 17:06:40 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avcstrm.sys -- (AVCSTRM)
DRV:64bit: - [2009/07/13 17:06:39 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mstape.sys -- (MSTAPE)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://myapps.heart...foods.com:4100/
IE - HKCU\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:7.0.1
FF - prefs.js..browser.search.selectedEngine: "Blekko"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Greg\AppData\Local\Citrix\Plugins\92\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Greg\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Greg\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Greg\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Greg\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Greg\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/08/01 11:12:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/19 14:54:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/19 14:54:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/19 14:54:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/19 14:54:14 | 000,000,000 | ---D | M]

[2012/12/26 12:50:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Extensions
[2012/12/26 12:50:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/10/18 01:43:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\b2gge9n1.default\extensions
[2013/05/11 18:04:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Greg\extensions
[2013/02/25 08:06:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Greg\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/10/25 22:40:02 | 000,000,000 | ---D | M] (Adobe BrowserLab for Firebug) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Greg\extensions\[email protected]
[2011/07/31 16:47:21 | 001,107,122 | ---- | M] () (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\b2gge9n1.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}.xpi
[2013/05/11 18:04:15 | 002,167,422 | ---- | M] () (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Greg\extensions\[email protected]
[2013/05/05 18:46:43 | 001,360,435 | ---- | M] () (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Greg\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2011/10/29 22:14:39 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Greg\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013/05/19 14:54:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/19 14:54:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/13 00:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2009/09/13 00:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2009/09/13 00:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2009/09/13 00:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2009/09/13 00:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2009/09/13 00:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2011/12/16 14:14:50 | 000,002,067 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\blekkotb.xml
[2012/10/18 01:40:53 | 000,002,191 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://blekkosearch....=homepage&v=1_2
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Greg\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Musicnotes (Enabled) = C:\Program Files (x86)\Musicnotes\npmusicn.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files (x86)\Musicnotes\npsibelius.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: Angry Birds = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\

O1 HOSTS File: ([2012/01/11 14:16:52 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [GoToMeeting] C:\Program Files (x86)\Citrix\GoToMeeting\1133\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKCU..\Run: [SPMTray] {pf}\\PC Speed Maximizer\\SPMTray.exe File not found
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" File not found
O4 - Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Greg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: hearthsidefoods.com ([myapps] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C2ED62BE-4FF5-4FAF-9274-3BA328DCA35C} https://timetracking...eTrackingV2.ocx (TimeTrackingV2.UserControl1)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6A52C51-4B8F-48B3-96E8-040BD304BA85}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb6 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb6 {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/15 16:18:57 | 000,000,000 | ---D | M] - M:\Automatically Add to iTunes -- [ NTFS ]
O33 - MountPoints2\{26715ef0-5fc7-11e1-8571-b8ac6fffc319}\Shell - "" = AutoRun
O33 - MountPoints2\{26715ef0-5fc7-11e1-8571-b8ac6fffc319}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
O33 - MountPoints2\{bc2ad1fe-7c65-11e2-9c49-b8ac6fffc319}\Shell - "" = AutoRun
O33 - MountPoints2\{bc2ad1fe-7c65-11e2-9c49-b8ac6fffc319}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{e2af61f1-9dfc-11e2-bb86-b8ac6fffc319}\Shell - "" = AutoRun
O33 - MountPoints2\{e2af61f1-9dfc-11e2-bb86-b8ac6fffc319}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/22 12:13:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Greg\Desktop\OTL.exe
[2013/05/22 12:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/05/22 12:06:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/05/22 12:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/05/22 12:06:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/05/22 12:06:27 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/05/22 12:04:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/05/22 07:18:53 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{74F0F912-D8FB-405E-AB59-F2AEE077AE7D}
[2013/05/21 11:34:13 | 000,424,368 | ---- | C] (WinZip Computing) -- C:\Users\Greg\Desktop\WinZip175.exe
[2013/05/21 11:33:40 | 000,454,224 | ---- | C] (InstallX, LLC) -- C:\Users\Greg\Desktop\BitZipper2013TrialSetupEn.exe
[2013/05/21 07:31:34 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{6A83C666-A1F7-441B-B162-B37060C621D3}
[2013/05/20 08:05:52 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{E9F9BCCB-577A-4364-BCA4-F97B5FD66847}
[2013/05/19 14:54:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/05/19 11:18:37 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{08BEDE3C-7E1B-46F0-981F-AA1DCCAEF2B1}
[2013/05/18 20:56:01 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{35CFCF66-48B8-450F-915D-0C22E3B77E93}
[2013/05/18 08:54:15 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{B4237769-CFE8-4F59-9962-8025F16CEEA7}
[2013/05/17 07:07:28 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{C9CA6B1B-65D3-4B10-B86B-3A0FE7BE5E1E}
[2013/05/15 20:57:24 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{464C5D97-F8FE-4502-BE85-9468EA2FB370}
[2013/05/15 09:59:06 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\WP MultiSite Video
[2013/05/15 06:24:54 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{A8DEE00B-1574-4587-A4FC-2B158B55F5DF}
[2013/05/14 06:42:02 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{6B3A79F8-5077-42EF-A726-0846089ECC05}
[2013/05/13 07:09:11 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{54908E35-A0BB-40F9-A831-357244CBEE0F}
[2013/05/12 11:26:37 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{9E2ECB54-0272-489D-A783-81A0E3953011}
[2013/05/10 07:04:01 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{8F443851-76FC-44D3-911D-3CAC65E7CD1F}
[2013/05/09 07:15:41 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{F78F418C-5871-4A1F-A121-08B046471079}
[2013/05/08 08:02:08 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{6D815058-7366-4CC8-ADB6-9AE614EB8537}
[2013/05/07 07:10:29 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{08317D26-DFF8-4571-9274-D6396C32BAD3}
[2013/05/06 07:05:23 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{3FAE07CB-6B06-42AF-809F-078C1C7F6E10}
[2013/05/05 07:39:08 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{F5A63FE0-4902-423E-B3B8-A3340384E657}
[2013/05/04 19:19:05 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{81E21093-6A6E-4D6F-8B37-9EDF562B98A8}
[2013/05/03 07:39:26 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{D9BCD4C6-012C-4C86-B3ED-8B09438BA10E}
[2013/05/02 07:27:08 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{A1D9E039-400E-4015-82E3-7CAD543126BE}
[2013/05/01 07:36:40 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{94BC144E-B313-4846-A02F-7B648BDC5644}
[2013/04/30 07:09:08 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{3DF31BFC-D2F7-4622-9F87-3A80CAB1E025}
[2013/04/29 07:23:31 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{C945FB02-348B-4A32-B522-835C3D08B0F6}
[2013/04/28 12:59:47 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{24CBC3AF-046E-4145-AF0C-DE4B3FD27649}
[2013/04/26 08:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/04/26 08:37:57 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{BB0A7B95-234C-42F8-8618-42DD5F451CE2}
[2013/04/25 08:57:09 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{C84197B3-6F77-4117-AD55-9D31A66564BD}
[2013/04/24 20:56:41 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{2A06B779-D8D8-449C-B37C-BB133B582893}
[2013/04/24 06:55:10 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{ADFB112E-BBF8-4039-9CDF-CA811D0AB267}
[2013/04/23 07:21:28 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{FF1BA73D-D122-4FF5-A4B1-C2F1BB4312C5}
[1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/22 12:13:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Greg\Desktop\OTL.exe
[2013/05/22 12:07:04 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/22 12:05:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2555938017-3406744035-1318244989-1001UA.job
[2013/05/22 12:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/22 11:38:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/22 10:21:58 | 000,001,456 | ---- | M] () -- C:\Users\Greg\AppData\Local\Adobe Save for Web 12.0 Prefs
[2013/05/22 07:53:17 | 000,000,000 | ---- | M] () -- C:\Users\Greg\cvdm.pid
[2013/05/22 07:25:54 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/22 07:25:54 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/22 07:17:54 | 010,297,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/22 07:17:36 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/22 07:16:48 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013/05/22 07:16:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/22 07:16:19 | 2140,344,319 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/21 23:05:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2555938017-3406744035-1318244989-1001Core.job
[2013/05/21 11:34:20 | 000,424,368 | ---- | M] (WinZip Computing) -- C:\Users\Greg\Desktop\WinZip175.exe
[2013/05/21 11:33:44 | 000,454,224 | ---- | M] (InstallX, LLC) -- C:\Users\Greg\Desktop\BitZipper2013TrialSetupEn.exe
[2013/05/20 17:54:00 | 002,300,672 | ---- | M] () -- C:\Users\Greg\Desktop\HELVETICA - ULTIMATE FAMILY FONTS -steevo-be-thy-name-2011-©.rar
[2013/05/20 08:10:33 | 000,783,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/20 08:10:33 | 000,663,222 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/20 08:10:33 | 000,122,090 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/13 15:23:30 | 001,329,646 | ---- | M] () -- C:\Users\Greg\Desktop\130513_CEERT-2012-Annual-Report.pdf
[2013/05/09 07:13:46 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013/05/06 08:23:25 | 969,281,103 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2013/05/22 12:07:04 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/20 17:54:00 | 002,300,672 | ---- | C] () -- C:\Users\Greg\Desktop\HELVETICA - ULTIMATE FAMILY FONTS -steevo-be-thy-name-2011-©.rar
[2013/05/13 15:23:30 | 001,329,646 | ---- | C] () -- C:\Users\Greg\Desktop\130513_CEERT-2012-Annual-Report.pdf
[2013/05/01 07:59:25 | 000,000,000 | ---- | C] () -- C:\Users\Greg\cvdm.pid
[2012/11/11 14:59:18 | 000,013,196 | ---- | C] () -- C:\Users\Greg\cvdm.err
[2012/07/19 06:04:33 | 000,007,168 | ---- | C] () -- C:\Users\Greg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/16 15:52:11 | 000,156,160 | ---- | C] () -- C:\Windows\SysWow64\WS_ContextMenu.dll
[2011/12/12 00:17:18 | 000,000,132 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/10/17 07:23:39 | 000,000,132 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/09/13 12:49:42 | 000,000,600 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\winscp.rnd
[2011/08/05 14:53:32 | 000,000,600 | ---- | C] () -- C:\Users\Greg\AppData\Local\PUTTY.RND
[2011/08/03 14:16:15 | 000,060,304 | ---- | C] () -- C:\Users\Greg\g2mdlhlpx.exe
[2011/08/01 23:59:23 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011/08/01 23:59:23 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011/08/01 20:43:37 | 000,007,604 | ---- | C] () -- C:\Users\Greg\AppData\Local\Resmon.ResmonCfg
[2011/08/01 13:55:29 | 000,001,456 | ---- | C] () -- C:\Users\Greg\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/08/01 12:10:30 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/08/01 12:10:30 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/08/01 12:10:30 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/08/01 12:10:29 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/08/01 12:10:29 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/08/01 12:10:29 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/08/01 12:10:29 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/08/01 12:10:29 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/08/01 12:10:29 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/08/01 12:10:29 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/08/01 12:10:29 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/08/01 12:10:29 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/08/01 12:10:29 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/08/01 12:10:28 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/08/01 12:10:28 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/08/01 12:10:27 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/08/01 12:08:46 | 000,000,084 | ---- | C] () -- C:\Windows\EPSPRX595.ini
[2011/08/01 01:01:29 | 000,000,036 | -H-- | C] () -- C:\Windows\SysWow64\f9t.dat
[2011/08/01 00:33:24 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/07/31 12:41:47 | 000,103,784 | ---- | C] () -- C:\Users\Greg\GoToAssistDownloadHelper.exe
[2011/06/29 10:18:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/29 08:30:14 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011/06/29 08:30:14 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011/06/29 08:30:14 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011/06/29 08:30:09 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/06/29 08:30:09 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/08/17 11:04:09 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Amazon
[2012/01/11 05:27:31 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\BitTorrent
[2011/08/08 07:36:47 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/03 14:32:50 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2012/02/16 13:44:38 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2011/07/31 16:52:21 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\DigitalJuice
[2013/05/22 10:23:31 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Dropbox
[2011/09/17 10:28:56 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\EPSON
[2013/05/22 11:35:44 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\FileZilla
[2012/06/04 23:29:59 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\HeidiSQL
[2013/02/28 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\HTC
[2013/02/28 17:40:50 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\HTC Sync
[2012/11/29 17:58:21 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\ICAClient
[2011/10/19 13:57:45 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Juniper Networks
[2011/08/01 12:16:56 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Leadertech
[2012/03/04 09:37:07 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Magic Set Editor
[2012/07/14 07:01:48 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Musicnotes
[2013/05/01 08:03:43 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Outlook
[2012/07/08 16:28:20 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\PACE Anti-Piracy
[2011/08/01 09:01:48 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\PCDr
[2012/11/29 07:51:51 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Publish Providers
[2013/05/20 14:18:29 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Sony
[2011/07/31 17:01:27 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Sony Creative Software
[2012/01/23 04:09:35 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Sony Creative Software Inc
[2012/07/27 06:59:13 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Stamps.com Internet Postage
[2011/08/02 23:35:28 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Subversion
[2011/11/30 03:14:49 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Titler
[2012/12/26 12:50:56 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\TomTom
[2012/11/19 12:46:19 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\VASST
[2012/07/17 11:44:30 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\webex
[2012/01/01 18:08:50 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Windows Live Writer
[2012/03/16 15:52:21 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Wondershare Video Converter Pro
[2012/03/16 14:50:34 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Wondershare Video Converter Ultimate
[2012/09/30 09:00:33 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Wrike
[2012/07/25 11:36:59 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\YouSendIt

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Nutloaf
Posted 23 May 2013 - 06:18 AM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello briz_dad

My name is Nutloaf, and I will be helping you with your malware issues.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.

Please take time to read all instructions and fixes thoroughly.
  • I would advise printing any instructions for easy reference. Also, some of the fixes may require you to boot in Safe mode and access to the GeeksToGo website will be unavailable.
  • Any fixes provided by myself are for this log file only and cannot be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened if you still require assitance.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.

Finally
Removing malware is a complicated multiple step process, please stay with me until I have declared your system clean.


Sorry to hear you're having problems. Lets try to sort it out. The OTL log that was produced was 1 of 2 logs. I need to see the other log Extras.txt this will be saved in the same location as OTL.

I see 2 issues with Internet Explorer. The hompage is set to hearthsidefoods.com is this your choice?
The second is the CSS issue this may be down to HELVETICA not rendering properly in IE.

Please continue with the following:

OTL Fix
Open OTL then Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
[2011/08/01 01:01:29 | 000,000,036 | -H-- | C] () -- C:\Windows\SysWow64\f9t.dat

:COMMANDS
[emptytemp]

  • Then click Run Fix
  • Click O.K to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste Fix Log into your next reply.

Run ADWcleaner
  • Using this link Download ADWcleaner and save to Desktop.
  • Double click ADWcleaner and select Search
  • The search will complete and a log produced I do not need to see this log.
  • Back to ADWcleaner and click Delete and O.K to remove malware.
  • A reboot will be asked for click O.K
  • On reboot a log is produced. I need to see this log

Security Check
Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Things I want to see in your next post.
  • OTL fix log.
  • ADWcleaner log.
  • Checkup.txt.
  • Extras log from the first scan you did.

  • 0

#3
briz_dad
Posted 23 May 2013 - 11:10 AM

briz_dad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Windows\SysWOW64\f9t.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Greg
->Temp folder emptied: 875633413 bytes
->Temporary Internet Files folder emptied: 758222566 bytes
->Java cache emptied: 155858803 bytes
->FireFox cache emptied: 511077197 bytes
->Google Chrome cache emptied: 357778434 bytes
->Flash cache emptied: 104337 bytes

User: Public

User: QBDataServiceUser22
->Temp folder emptied: 774656 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 503548455 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50461 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 194530129491 bytes

Total Files Cleaned = 188,535.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05232013_083052

Files\Folders moved on Reboot...
File\Folder C:\Users\Greg\AppData\Local\Temp\OICE_42D69647-9AC0-4415-B251-953E917850C1.0\E190705A. not found!
C:\Users\Greg\AppData\Local\Temp\CitrixLogs\gotomeeting\1133\G2MOutlookAddin.log moved successfully.
C:\Users\Greg\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3A84C55D-DAFA-4762-8A09-2FB4DBF630D8}.tmp not found!
File\Folder C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6DAF5BCF-34EC-4D03-BD60-D7B4CFD6236E}.tmp not found!
File\Folder C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{728C29B8-FA3B-4475-AD1C-EF01111381C7}.tmp not found!
File\Folder C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{91036628-169E-4C7D-ACC4-EFB348789479}.tmp not found!
File\Folder C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{BEB7B14B-D5BD-4A07-B029-6F79CA49D4B0}.tmp not found!
File\Folder C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{DC53AE94-91F1-4527-BB09-3C06DD404B50}.tmp not found!
File\Folder C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\XA69I52T\Video Three Descriptions and SEO tags 091412. not found!
C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#4
briz_dad
Posted 23 May 2013 - 11:11 AM

briz_dad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
# AdwCleaner v2.301 - Logfile created 05/23/2013 at 10:03:10
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Greg - GREGZ-PC
# Boot Mode : Normal
# Running from : C:\Users\Greg\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Tarma Installer

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\b2gge9n1.default\prefs.js

C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\b2gge9n1.default\user.js ... Deleted !

Deleted : user_pref("browser.search.selectedEngine", "Blekko");

File : C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Greg\prefs.js

C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Greg\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "blekko");
Deleted : user_pref("browser.search.order.1", "blekko");

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2055] : homepage = "hxxp://blekkosearch.mystart.com/blekko_soc/?source=f06b8e24&toolbarid=blekkotb_sa5&u[...]

*************************

AdwCleaner[R1].txt - [2088 octets] - [23/05/2013 10:02:45]
AdwCleaner[S1].txt - [2195 octets] - [23/05/2013 10:03:10]

########## EOF - C:\AdwCleaner[S1].txt - [2255 octets] ##########
  • 0

#5
briz_dad
Posted 23 May 2013 - 11:19 AM

briz_dad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Results of screen317's Security Check version 0.99.64
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 21
Adobe Flash Player 11.7.700.202
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox (21.0)
Google Chrome 26.0.1410.43
Google Chrome 26.0.1410.64
Google Chrome Plugins...
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
  • 0

#6
briz_dad
Posted 23 May 2013 - 11:20 AM

briz_dad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
OTL Extras logfile created on: 5/22/2013 12:13:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Greg\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.16 Gb Available Physical Memory | 64.58% Memory free
15.98 Gb Paging File | 12.73 Gb Available in Paging File | 79.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.22 Gb Total Space | 483.87 Gb Free Space | 52.64% Space Free | Partition Type: NTFS
Drive M: | 232.88 Gb Total Space | 82.37 Gb Free Space | 35.37% Space Free | Partition Type: NTFS
Drive V: | 1862.82 Gb Total Space | 618.28 Gb Free Space | 33.19% Space Free | Partition Type: NTFS
Drive W: | 465.76 Gb Total Space | 238.44 Gb Free Space | 51.19% Space Free | Partition Type: NTFS

Computer Name: GREGZ-PC | User Name: Greg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022A6E64-070B-4C0C-9C52-E28E7F413DF2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{1D495CA6-EE65-4C55-9B33-0B249B80A67E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{203D10FF-99C3-436D-83FB-796285322E9C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{374DE139-FCD7-4E72-8B9C-30CC3F96C6F1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3C649E9F-57CD-4820-A374-E3C48E50DB53}" = rport=138 | protocol=17 | dir=out | app=system |
"{40EE1A10-454C-45A7-A05F-B5C8E9062CE7}" = lport=137 | protocol=17 | dir=in | app=system |
"{4E94F9AB-42DB-4692-8B09-1BC60705C173}" = rport=137 | protocol=17 | dir=out | app=system |
"{557869B5-CF9B-4178-B050-D1C4DB55B42F}" = lport=138 | protocol=17 | dir=in | app=system |
"{6683E8F1-1F32-4573-A64F-E4331B424135}" = lport=139 | protocol=6 | dir=in | app=system |
"{6C2CC718-AD5F-4659-B3F1-78CCE9AC80B6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{73CBCB15-7F5D-4593-A384-1308616529C2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8202217A-8AFF-4E79-8680-46C205C7F2A4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{82F5BD01-F016-4C12-8CE2-AE1FBA79646A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8694E6E3-8ABE-485A-81EB-600BC228E275}" = rport=445 | protocol=6 | dir=out | app=system |
"{8AB57677-972A-4D8E-A6B2-E2A0CC46989F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D2B27C2-1838-4323-8BF5-7690591F3AED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B57801B6-AF41-4466-9A62-9473BDC40F1D}" = lport=445 | protocol=6 | dir=in | app=system |
"{B8321020-D960-4AFD-A29B-0FC8A250B245}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{BC9B20D3-56E1-43D2-8295-76FD25D5B81D}" = rport=139 | protocol=6 | dir=out | app=system |
"{C1C0F7DC-6EE8-48FA-B963-88D0BDD9AA48}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{CF250514-B09B-41BE-941B-8D4F40A22574}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D007AAB6-414D-440D-A2B8-533FBB96AA31}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D138FB3A-1254-4688-B8E1-85EEEE853C24}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D4359934-E777-447C-813C-042160D35DB7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D60D80AC-4C06-4D81-91B6-3EBC7DBE5C10}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DFF466F1-B09A-4ED7-83E0-268C5EF331CE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E83E4439-368D-4388-9D3C-E0C13B97FCAA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F3197746-6FAE-4779-862C-09A1C06C716F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BCC3F00-4B8C-42C8-9BC8-641EBF56848A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{0CA309B7-F42B-4698-9FFA-E4D8A5A5D7AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0DC130F4-81F7-46CA-B3E5-742D7A3FD683}" = protocol=6 | dir=out | app=system |
"{0FD93F1E-60A7-4DCF-8518-3DBE6B10A992}" = protocol=1 | dir=in | [email protected],-28543 |
"{11AA2EA8-A601-4F92-9DFE-203D178AFE74}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{157930B8-7B45-4DA2-A30C-3D9F2777A4AF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{16AB02E3-F8AE-47C7-B3DD-3E832F53634D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{25D61BF3-1B75-4332-926D-6666EC6683A7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2ACBC111-A340-4D62-925C-30818DEADABE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life\hl.exe |
"{2FC2CC8C-EC48-452F-BB36-4BE96A097390}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{31A0C06E-A64C-4822-9165-330FF889DF0C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{34D1CE21-C8E8-4339-B588-90B61788DE91}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{38C3377E-9CB4-4916-A96C-995D357ACF8C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4723BEC3-A0FD-4281-AFCE-9C42E4C325BB}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{4ED55E17-05E1-4D00-AE1D-891C69443F2D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{50B4817A-03B0-4CCB-BAFF-16F9EBDFDFCF}" = protocol=17 | dir=in | app=c:\users\greg\appdata\roaming\dropbox\bin\dropbox.exe |
"{5158BEE4-DD07-4521-9B08-5A03CB183065}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{52979610-7B1D-4AAB-B27C-3A7B443E2BFC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{6569F75F-5677-481C-BB95-EB06FF7E793A}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{6BD2BA71-5510-454E-A27A-A83AE75C2E49}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6D78DCE1-0EDF-468B-8995-BD1C9C586D68}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life\hl.exe |
"{6FB94BE9-E914-45E5-93C4-133FB3D77F18}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{730B4735-9334-4875-BAF4-6EE6267C29A5}" = protocol=1 | dir=out | [email protected],-28544 |
"{82F2B303-A651-4C98-A01D-9AE9A3FF743D}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{8665800A-2EAF-4851-AEA7-0C4934EACB7F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{87A52622-7FBE-454A-8A4B-CC80C9ACBB01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{89595BBC-3647-4A30-8A1B-59B95ACF1D4B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{92504040-9277-43F6-A112-87FC35896261}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{967C5946-A4D9-47B2-9D2B-70502777D7C4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{A23CCD0E-2982-48C2-A8A9-0FBBAEFA3DA1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A4AD8155-7A74-43B1-B6DB-32D0C9747EC9}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{B4CF0262-5E45-44A4-927E-D466F6D1CEF5}" = dir=in | app=c:\program files (x86)\htc\htc sync manager\htcsyncmanager.exe |
"{B723B57E-9D8A-4857-945A-C6920621E734}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{BE08771D-6166-42D9-AF27-B5CFCE96464E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CBC4C5B1-EA17-4F37-96DE-CF8F3BA15B7E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CDF93D07-2F2E-451D-985A-CE4AC993D6B4}" = protocol=58 | dir=in | [email protected],-28545 |
"{D620FF5A-BCDB-4F47-A2B3-66D950C55D7D}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D7C86B50-5128-400A-B5C0-722845E0B9B5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DE5997D5-A2DF-4861-BA76-BDCDA87E68D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DEBCF8CA-416F-477D-B76B-D6A9FD0CA69C}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{E1009501-EB63-457B-9F5A-7F8AB3C05E7E}" = dir=in | app=c:\program files (x86)\htc\htc sync manager\htcsyncmanager.exe |
"{E2DDBEF2-0E5A-46A7-975F-7834C0F3CFB8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E58FDA7C-6B3E-452C-9681-57124C8AE297}" = protocol=6 | dir=in | app=c:\users\greg\appdata\roaming\dropbox\bin\dropbox.exe |
"{E8F5E978-7042-4811-A9C0-4A90A726606B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E9EB09B3-3468-45DB-82F4-B1B79AC524AA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F2C648E3-99B4-46C3-BF07-7B38BC729535}" = dir=in | app=c:\program files (x86)\htc\htc sync manager\htcsyncmanager.exe |
"{F6EC7272-6990-4B33-A7DF-4240D37E5C5C}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{F819F9DC-4D77-47BD-8F1F-AD2F630ECEA2}" = protocol=58 | dir=out | [email protected],-28546 |
"TCP Query User{097B554A-9F3D-4D23-A626-E4E2AA933CB5}C:\joget-v3-enterprise\jdk1.6.0\bin\java.exe" = protocol=6 | dir=in | app=c:\joget-v3-enterprise\jdk1.6.0\bin\java.exe |
"TCP Query User{241F81CA-734F-46DC-BC36-12C0497BEDE4}C:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe |
"TCP Query User{37E355CC-727B-4D2E-A4A1-31CC259EC19D}C:\program files (x86)\adobe\adobe flash cs5\flash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash cs5\flash.exe |
"TCP Query User{3C8BB928-DE38-4500-82D7-DC6E850D013A}C:\program files (x86)\adobe\adobe edge preview\edge.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe edge preview\edge.exe |
"TCP Query User{3F227DFC-ED57-4D04-833B-8999B622E4EC}C:\program files (x86)\sony\vegas pro 9.0\vegsrv90.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\vegas pro 9.0\vegsrv90.exe |
"TCP Query User{4DEDD564-1223-40CD-ADB8-CD5C612E0A45}C:\users\greg\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\greg\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{4ED9368C-8EF6-445D-8049-DDDB42C914F4}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{7F20C0FA-E544-412F-93DC-649967DCEF32}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |
"TCP Query User{843FA88D-8E5B-49B3-8070-1270BCEC5267}C:\users\greg\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\greg\appdata\roaming\spotify\spotify.exe |
"TCP Query User{960106B4-49DE-4F17-9E14-42B0D8988F53}C:\joget-v3-beta\jdk1.6.0\bin\java.exe" = protocol=6 | dir=in | app=c:\joget-v3-beta\jdk1.6.0\bin\java.exe |
"TCP Query User{BF752E39-901A-40A5-9976-6790FD5A1EA6}C:\joget-v3-beta\mysql-5.0.22-win32\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=c:\joget-v3-beta\mysql-5.0.22-win32\bin\mysqld-nt.exe |
"TCP Query User{C6C04ADE-4F7F-4A50-9644-3089D058744B}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |
"TCP Query User{CDB39A87-6C4E-4DC1-AD58-FDCEBCCC79BB}C:\program files (x86)\adobe\adobe contribute cs5\app\contribute.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe contribute cs5\app\contribute.exe |
"TCP Query User{D224D6E2-1F2D-46B7-B087-183330C75F8E}C:\joget-v3-enterprise\mysql-5.0.22-win32\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=c:\joget-v3-enterprise\mysql-5.0.22-win32\bin\mysqld-nt.exe |
"TCP Query User{E99A3D1A-29FA-4AA4-8992-47EFADF1BEC8}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{20547D2C-226B-4ACB-84E3-0E7A3B6D7ADD}C:\program files (x86)\adobe\adobe edge preview\edge.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe edge preview\edge.exe |
"UDP Query User{61148D95-75EE-4AB4-97C5-A577CF22647D}C:\program files (x86)\adobe\adobe flash cs5\flash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash cs5\flash.exe |
"UDP Query User{74E2D560-9641-4613-A085-665DA0342C5B}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |
"UDP Query User{761DB8EB-00AF-4C13-8E1C-C6E0131B8035}C:\joget-v3-enterprise\jdk1.6.0\bin\java.exe" = protocol=17 | dir=in | app=c:\joget-v3-enterprise\jdk1.6.0\bin\java.exe |
"UDP Query User{76EB5A36-FEC5-4E35-AFED-E8B2F9DDD03A}C:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe |
"UDP Query User{8B256526-F733-49E6-BAEA-314D4B3E5B54}C:\program files (x86)\adobe\adobe contribute cs5\app\contribute.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe contribute cs5\app\contribute.exe |
"UDP Query User{99E13119-A31E-4CD7-A741-5941267FACD1}C:\users\greg\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\greg\appdata\roaming\spotify\spotify.exe |
"UDP Query User{9D1F1BE5-289A-43D8-8A9C-2CD34C34C8EF}C:\joget-v3-enterprise\mysql-5.0.22-win32\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=c:\joget-v3-enterprise\mysql-5.0.22-win32\bin\mysqld-nt.exe |
"UDP Query User{A3B7D8BE-36E3-40DB-8985-09DEDAC7D9E5}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{AB8A5F4C-FAA3-402F-B320-3A7C825F0B30}C:\program files (x86)\sony\vegas pro 9.0\vegsrv90.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\vegas pro 9.0\vegsrv90.exe |
"UDP Query User{AC8C324C-8CE2-4F99-8CBC-770CE17583FC}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{AEC70572-9105-40AE-81CD-157B200D72FD}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |
"UDP Query User{BE81B814-0C40-4B7D-B434-2520A936EBE6}C:\joget-v3-beta\jdk1.6.0\bin\java.exe" = protocol=17 | dir=in | app=c:\joget-v3-beta\jdk1.6.0\bin\java.exe |
"UDP Query User{E163F8EF-06EF-4F76-B501-C944728729C1}C:\joget-v3-beta\mysql-5.0.22-win32\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=c:\joget-v3-beta\mysql-5.0.22-win32\bin\mysqld-nt.exe |
"UDP Query User{EFEBFBE1-225E-4794-BBE0-0A059A919D46}C:\users\greg\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\greg\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1B918A92-A0BC-4B34-B2EF-AD427332732D}" = Microsoft SQL Server Management Studio Express
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java™ 6 Update 29 (64-bit)
"{29AFE1B0-26A4-11E1-BFD4-F04DA23A5C58}" = MSVCRT Redists
"{2DFD8316-9EF1-3210-908C-4CB61961C1AC}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{331F3940-4093-11E1-9565-F04DA23A5C58}" = MSVCRT Redists
"{43EBA222-8DF7-11E1-862B-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{49F6DFDE-8DF7-11E1-9E5F-F04DA23A5C58}" = MSVCRT Redists
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E3D4FFE-9614-4E58-9DE2-F9A036EAD491}" = ATI Catalyst Install Manager
"{7C8B25EE-665F-49B8-B839-29E06900A543}" = Carbonite Mirror Image (64-bit)
"{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes
"{83CB95E0-5518-AAC2-9B63-1FDBB4D51263}" = ATI AVIVO64 Codecs
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AAA8780-1D35-11E2-A3A6-F04DA23A5C58}" = MSVCRT Redists
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{A1188CD2-9C9F-11E2-B88F-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A528BDDE-9C9F-11E2-9F0C-F04DA23A5C58}" = MSVCRT Redists
"{AB085680-FE98-11E1-A232-F04DA23A5C58}" = MSVCRT Redists
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B2DCF07D-0F89-4818-8B41-50DABC1A310D}" = TortoiseSVN 1.7.12.24070 (64 bit)
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{C99B5E76-3EA1-9943-F394-1E9F9EC8B28C}" = ccc-utility64
"{D4761C4F-5ED9-11E1-9202-F04DA23A5C58}" = MSVCRT Redists
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE51C8DE-03A7-11E1-88F8-F04DA23A5C58}" = MSVCRT Redists
"Dell Support Center" = Dell Support Center
"EPSON Printer and Utilities" = EPSON Printer Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B043A05-B07C-9307-8CC8-0C72BC8895E2}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0E659C1D-7686-4322-A501-58E3FEB4E743}" = Adobe After Effects CS5
"{0ECE15AC-CB68-40EC-B70D-1B220717844C}" = Transfer Utility
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{12EAE4F0-8770-451C-B4AD-76B569678973}" = QuickTime MPEG2
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16D6AA4F-959B-306B-0747-CFBEFCC7A0DE}" = CCC Help Greek
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C1473A1-1A26-4C8F-9548-A52D03066CE7}" = Catalyst Control Center - Branding
"{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus Photo RX595 Series Scanner Driver Update
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}" = QuickBooks Pro 2012
"{22076B10-37D9-7B32-AB5D-3F97D9E87E15}" = CCC Help Turkish
"{22813428-038B-8C98-5AF8-22B7EF1B6284}" = CCC Help Spanish
"{25E202D1-D8E7-46AF-B4B0-157D9993A93E}" = QuickBooks
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2BDCCC79-2352-1CD6-80D0-1E1948FEF262}" = CCC Help Italian
"{2D162142-12F7-4419-577C-7BB3204F799F}" = CCC Help Chinese Standard
"{2D78D82C-44F4-4C2C-84C0-DE4F4221C5E9}_is1" = Remove Color Matting 1.0
"{2F4FB074-80B6-118F-42AD-27B6F275D884}" = CCC Help Chinese Traditional
"{3167CC62-C775-4E47-92C1-73EBB845751A}" = QuickBooks
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36DB05B6-721B-4001-87EA-7AC42E3BB0F6}" = Sony Cinescore Plug-In 1.0
"{374EBC77-5E23-0B63-0B65-136AEFF98C1D}" = CCC Help Danish
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C631966-387E-4054-85D9-BBFFABE32BD8}" = QuickBooks Pro 2013
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{400F29A3-58E9-4848-5BE1-01919F891D44}" = CCC Help Swedish
"{4067FB80-133F-11E2-AFA8-1040F3E7010F}" = Noise Reduction Plug-In 2.0
"{4132505E-133F-11E2-8AB9-1040F3E7010F}" = MSVCRT Redists
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4AEA9A23-D627-4699-8A0F-FC474308C2E6}" = Sony Sound Forge 9.0
"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
"{5002C5B1-B688-474A-AB3A-9B65DBD38FF9}" = HTC Sync Manager
"{521F829A-CBDD-4525-A94C-05D4650E9F71}" = DVD Architect Pro 5.0
"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{640EAE56-81A2-49D4-9B8C-00DA3C0031AF}_is1" = Juicer 3.89d
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFA3415-7B6A-EF20-225A-B1DC627BBAC5}" = CCC Help Korean
"{6D49994F-2E35-4932-B9ED-D2F4EEBF91A2}" = QuickBooks Pro Timer
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{81C3E664-CA21-3C4B-312F-54DEB08EF1A5}" = Catalyst Control Center InstallProxy
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8279F213-ECD0-4C36-A8EC-670FC16218E3}" = CCC Help Dutch
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{847EACF0-DFD4-11E0-A83A-F04DA23A5C58}" = DVD Architect Pro 5.2
"{84DCF701-6F86-11E1-82E0-005056C00008}" = DVD Architect Pro 5.2
"{874790EE-DFD4-11E0-973A-F04DA23A5C58}" = MSVCRT Redists
"{8987E170-6F86-11E1-B530-005056C00008}" = MSVCRT Redists
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2010 Primary Interop Assemblies
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91B9368F-6C6F-3DB5-9CBA-6CAD56035B26}" = Google Talk Plugin
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9622AE32-1EE6-4EB6-A86F-B3346A34BAE0}" = Sony Cinescore 1.0
"{9842650A-98C5-A238-AC65-189F80285EBD}" = CCC Help Czech
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F41678D-3934-EBBA-F85C-E1A97DB84407}" = CCC Help Thai
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_955" = Adobe Acrobat 9.5.5 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI
"{ADDD9902-3576-7071-1196-24E37F15BB52}" = Catalyst Control Center Localization All
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{AF660B83-51E8-48CD-B5C0-92CEC4FAD962}" = Calibrated{Q} XD
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA0006CC-FB7D-6358-BF24-3394D509AB9C}" = CCC Help Japanese
"{CA04E3AD-FFAC-0EE9-3605-E9665EC05BF7}" = CCC Help Finnish
"{CAD11AD0-1B89-4DE0-B050-F4B0488B2A60}" = Stamps.com Address Book Support for Intuit QuickBooks 2004-2011
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCAE8CA3-5C96-FBF2-BD0F-27D4644217D3}" = CCC Help Portuguese
"{CDC08463-9303-4BF1-BF8C-E1A2ECEE3248}" = Adobe Creative Suite 5 Web Premium
"{CE4C9170-F517-42EB-A5CB-F16DE610315A}" = Stamps.com Application Support for Microsoft Outlook 2000-2010
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D61C1058-EDC7-48D0-85B2-B322BE385059}" = Stamps.com Address Book Support for Microsoft Outlook 97-2010
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAD4DE93-9438-4823-AE5E-93A1BE846FE0}" = Stamps.com Application Support for Microsoft Word 2000-2010
"{DC10C616-22E5-40AD-A3EA-3E7A957ECDC7}" = Movie Magic Screenwriter 6
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0C8AC08-1B2C-AD87-E4CE-9C0A2618807E}" = CCC Help English
"{E0E531A2-17C1-11E2-984D-1040F3E7010F}" = DVD Architect Pro 6.0
"{E3384961-17C1-11E2-9062-1040F3E7010F}" = MSVCRT Redists
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E4F3A636-92E3-86C4-FA1E-19BC06CBB037}" = CCC Help German
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5F6575A-7567-9230-2BE0-615A46E5721B}" = CCC Help Russian
"{E9656E99-F59E-F377-DC5F-477047CA4FCF}" = CCC Help French
"{EC5F4C1B-F838-4CB7-8561-8F809296428B}" = TomTom HOME
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16B7D69-784E-C12E-D42B-A1D69A38B752}" = CCC Help Hungarian
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F6C5F1A1-F459-498F-A50A-EE6C80799D3B}" = Cinescore Studio 1.0
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB85D440-98E6-B361-1727-DFD81F366943}" = ccc-core-static
"{FC4AAC27-3775-E69E-6DBB-381425D79A94}" = CCC Help Norwegian
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"BitTorrent" = BitTorrent
"Carbonite Backup" = Carbonite
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"Debut" = Debut Video Capture Software
"DVDFab 8 Qt_is1" = DVDFab 8.1.3.2 (31/10/2011) Qt
"EP Scheduling" = EP Scheduling
"EPSON Scanner" = EPSON Scan
"ExpressBurn" = Express Burn
"FileZilla Client" = FileZilla Client 3.7.0.1
"FLAC" = FLAC 1.2.1b (remove only)
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist Corporate
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Juniper Network Connect 7.1.0" = Juniper Networks Network Connect 7.1.0
"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client Activex Control
"Magic Set Editor 2_is1" = Magic Set Editor 2.0.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.5
"Musicnotes Player_is1" = Musicnotes Player V1.31.6 and Viewer V1.19.0
"NewBlue Titler Pro for Windows" = NewBlue Titler Pro for Windows
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Prism" = Prism Video File Converter
"Silent Package Run-Time Sample" = EPSON RX595 User's Guide
"SpiceMASTER 2.5 TFX for Vegas" = SpiceMASTER 2.5 TFX for Vegas
"Stamps.com" = Stamps.com
"Stamps.com support for Intuit QuickBooks 2004-2011" = Stamps.com support for Intuit QuickBooks 2004-2011
"Stamps.com support for Microsoft Outlook 2000-2010" = Stamps.com support for Microsoft Outlook 2000-2010
"Stamps.com support for Microsoft Outlook 97-2010" = Stamps.com support for Microsoft Outlook 97-2010
"Stamps.com support for Microsoft Word 2000-2010" = Stamps.com support for Microsoft Word 2000-2010
"VASST Cinema Looks Vol.1" = VASST Cinema Looks Vol.1
"VASST TitleStrip Vol.1" = VASST TitleStrip Vol.1
"VASST Ultimate S Pro" = VASST Ultimate S Pro 4.1.8
"VASST US4 Xtras" = VASST US4 Xtras 4.1.0
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.4
"Wondershare Video Converter Pro_is1" = Wondershare Video Converter Pro(Build 5.1.2.1)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 5.5.0.1133
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"jwdesigner-3.0-SNAPSHOT" = jwdesigner-3.0-SNAPSHOT
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/21/2013 6:07:32 PM | Computer Name = Gregz-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 5/21/2013 8:14:24 PM | Computer Name = Gregz-PC | Source = VSS | ID = 12310
Description =

Error - 5/21/2013 8:14:24 PM | Computer Name = Gregz-PC | Source = VSS | ID = 12298
Description =

Error - 5/22/2013 10:18:23 AM | Computer Name = Gregz-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/22/2013 2:58:08 PM | Computer Name = Gregz-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 5/22/2013 2:58:08 PM | Computer Name = Gregz-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 5/22/2013 3:06:00 PM | Computer Name = Gregz-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 5/22/2013 3:06:00 PM | Computer Name = Gregz-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 5/22/2013 3:07:05 PM | Computer Name = Gregz-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 5/22/2013 3:07:05 PM | Computer Name = Gregz-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ Dell Events ]
Error - 9/19/2011 12:25:02 AM | Computer Name = Gregz-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/19/2011 8:58:04 AM | Computer Name = Gregz-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/19/2011 8:58:04 AM | Computer Name = Gregz-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/19/2011 1:18:45 PM | Computer Name = Gregz-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/19/2011 1:18:45 PM | Computer Name = Gregz-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/19/2011 8:49:10 PM | Computer Name = Gregz-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/19/2011 8:49:10 PM | Computer Name = Gregz-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/20/2011 10:07:48 AM | Computer Name = Gregz-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/20/2011 10:07:48 AM | Computer Name = Gregz-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/20/2011 11:00:42 AM | Computer Name = Gregz-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ Media Center Events ]
Error - 5/17/2013 11:14:18 AM | Computer Name = Gregz-PC | Source = MCUpdate | ID = 0
Description = 8:14:18 AM - Failed to retrieve SportsV2 (Error: The request failed
with HTTP status 403: Forbidden.)

Error - 5/17/2013 11:14:21 AM | Computer Name = Gregz-PC | Source = MCUpdate | ID = 0
Description = 8:14:18 AM - Failed to retrieve Broadband (Error: The request failed
with HTTP status 403: Forbidden.)

Error - 5/17/2013 12:14:23 PM | Computer Name = Gregz-PC | Source = MCUpdate | ID = 0
Description = 9:14:23 AM - Failed to retrieve Directory (Error: The request failed
with HTTP status 403: Forbidden.)

Error - 5/17/2013 12:14:23 PM | Computer Name = Gregz-PC | Source = MCUpdate | ID = 0
Description = 9:14:23 AM - Failed to retrieve MCEClientUX (Error: The request failed
with HTTP status 403: Forbidden.)

Error - 5/17/2013 12:14:24 PM | Computer Name = Gregz-PC | Source = MCUpdate | ID = 0
Description = 9:14:23 AM - Failed to retrieve SportsV2 (Error: The request failed
with HTTP status 403: Forbidden.)

Error - 5/17/2013 12:14:25 PM | Computer Name = Gregz-PC | Source = MCUpdate | ID = 0
Description = 9:14:24 AM - Failed to retrieve Broadband (Error: The request failed
with HTTP status 403: Forbidden.)

Error - 5/17/2013 1:19:19 PM | Computer Name = Gregz-PC | Source = MCUpdate | ID = 0
Description = 10:19:19 AM - Failed to retrieve Directory (Error: The request failed
with HTTP status 403: Forbidden.)

Error - 5/17/2013 1:19:19 PM | Computer Name = Gregz-PC | Source = MCUpdate | ID = 0
Description = 10:19:19 AM - Failed to retrieve MCEClientUX (Error: The request failed
with HTTP status 403: Forbidden.)

Error - 5/17/2013 1:19:20 PM | Computer Name = Gregz-PC | Source = MCUpdate | ID = 0
Description = 10:19:20 AM - Failed to retrieve SportsV2 (Error: The request failed
with HTTP status 403: Forbidden.)

Error - 5/17/2013 1:19:21 PM | Computer Name = Gregz-PC | Source = MCUpdate | ID = 0
Description = 10:19:20 AM - Failed to retrieve Broadband (Error: The request failed
with HTTP status 403: Forbidden.)

[ System Events ]
Error - 5/20/2013 12:56:11 AM | Computer Name = Gregz-PC | Source = DCOM | ID = 10010
Description =

Error - 5/20/2013 5:39:49 PM | Computer Name = Gregz-PC | Source = DCOM | ID = 10010
Description =

Error - 5/20/2013 8:48:46 PM | Computer Name = Gregz-PC | Source = DCOM | ID = 10010
Description =

Error - 5/21/2013 2:44:28 AM | Computer Name = Gregz-PC | Source = DCOM | ID = 10010
Description =

Error - 5/21/2013 2:45:14 AM | Computer Name = Gregz-PC | Source = Service Control Manager | ID = 7043
Description = The Group Policy Client service did not shut down properly after receiving
a preshutdown control.

Error - 5/21/2013 12:51:38 PM | Computer Name = Gregz-PC | Source = DCOM | ID = 10010
Description =

Error - 5/21/2013 6:07:58 PM | Computer Name = Gregz-PC | Source = DCOM | ID = 10009
Description =

Error - 5/21/2013 8:14:34 PM | Computer Name = Gregz-PC | Source = volsnap | ID = 393224
Description = The flush and hold writes operation on volume C: timed out while waiting
for a release writes command.

Error - 5/21/2013 10:54:31 PM | Computer Name = Gregz-PC | Source = DCOM | ID = 10009
Description =

Error - 5/22/2013 10:16:33 AM | Computer Name = Gregz-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:20:09 AM on ?5/?22/?2013 was unexpected.


< End of report >
  • 0

#7
briz_dad
Posted 23 May 2013 - 11:22 AM

briz_dad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
All items below now completed... I really appreciate your time with this! :thumbsup:
  • OTL fix log.
  • ADWcleaner log.
  • Checkup.txt.
  • Extras log from the first scan you did

  • 0

#8
Nutloaf
Posted 23 May 2013 - 11:49 AM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Thanks for those, I will look over these and get back to you a bit later with what to do next :thumbsup:
  • 0

#9
Nutloaf
Posted 23 May 2013 - 12:56 PM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello again briz_dad, Who fan eh? I saw them after Kieth Moon but before John Entwistle died in the 80's awesome gig 4hrs long!! On with the PC :)

OTL cleaned a lot of temporary files and ADW cleared some nasties, so thats good.

You have Security Essentials installed, but I don't see it as a running process have you disabled this? If so Enable and update.

This article at Adobe forum may be of interest to you regarding a compatibility issue with Windows 7 and Acrobat9.0\Designer. 8.2

I want you to run 3 scans to check for any lurking Malware but before that a warning I'm afraid.

P2P WARNING
The following programs are installed on your machine:
  • BitTorrent
Cease all P2P programs and downloads until declared clean. Although the program itself is legal, many of the torrent files infringe copyright laws, contain spyware and viruses which can have a detromental effect on your system. If you have downloaded any programs they may cause you problems and conflicts such as leaking memory. We strongly advise that you uninstall all P2P programs.

RUN MALWAREBYTES
  • Open Malwarebytes select the Updates Tab - Select Check for Updates then O.K
  • Once complete click Scanner Tab - Perform quick scan
  • The scan will take a few minutes. Once complete click O.K and Show Results
  • Make sure anything found is checked and click Remove Selected
  • A reboot may be needed please proceed if asked.
  • If reboot was needed the log is automatically saved by MBAM and can be viewed by clicking the Logs tab then Open log I need to see this.

ESET SCAN
Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

OTL SCAN
  • Right click the OTL icon and select Run as Administrator.
  • Make sure the following boxes are checked:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Purity Check
  • Copy and paste the following into Custom Scans\Fixes box without the word Quote.

    dir C:\ /S /A:L /C

  • Now Click Run Scan
  • An OTL log will be produced Copy and Paste in your next reply.[/b]


Things I want to see in your next post.
  • Malwarebytes Log
  • ESET Log
  • OTL Log
  • I also want to now how the computer is running now.

  • 0

#10
briz_dad
Posted 23 May 2013 - 01:33 PM

briz_dad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Hello Nutloaf,

OK - i think it will be a few hours before I get back to this.

FYI,
Greg
  • 0

Advertisements

#11
Nutloaf
Posted 23 May 2013 - 01:34 PM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
No problem and no rush, enjoy :thumbsup:
  • 0

#12
briz_dad
Posted 24 May 2013 - 08:39 AM

briz_dad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
You have Security Essentials installed, but I don't see it as a running process have you disabled this? If so Enable and update.
Security Essentials is always running - I see it active in the toolbar and it is up-to-date.

BitTorrent
I only use this for a very tightly monitored site: http://www.dimeadozen.org

I'm doing the other items now...

~ greg
  • 0

#13
briz_dad
Posted 24 May 2013 - 08:40 AM

briz_dad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

Things I want to see in your next post.

  • Malwarebytes Log


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.24.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Greg :: GREGZ-PC [administrator]

5/24/2013 7:30:15 AM
mbam-log-2013-05-24 (07-30-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243738
Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#14
briz_dad
Posted 24 May 2013 - 08:55 AM

briz_dad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.


AH! I just noticed your advice above - I'll need to continue this evening before going to bed so that I can leave the computer alone.

(And, yes, I'm a big WHO fan. I never saw them when Keith was alive either. I do have a great story about seeing them in Oakland, California... it will have to wait. I need to get some work done. :bashhead:)

By the way, things are loading and running much smoother - I still want to complete this process.

As always...

:notworthy:
  • 0

#15
Nutloaf
Posted 24 May 2013 - 09:27 AM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
We will tell our Who stories at the end Posted Image

I will wait for you to post the other logs. Thanks for sticking with me Greg Posted Image
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP